- From: <bugzilla@jessica.w3.org>
- Date: Mon, 08 Jun 2015 02:11:04 +0000
- To: public-script-coord@w3.org
https://www.w3.org/Bugs/Public/show_bug.cgi?id=28778 Bug ID: 28778 Summary: Should probably perform security checks on arguments too, not just this values Product: WebAppsWG Version: unspecified Hardware: PC OS: All Status: NEW Severity: normal Priority: P2 Component: WebIDL Assignee: cam@mcc.id.au Reporter: bzbarsky@mit.edu QA Contact: public-webapps-bugzilla@w3.org CC: mike@w3.org, public-script-coord@w3.org Otherwise any API that takes a Window or EventTarget argument and operates on it without a security check is a security hole. It's simpler to just do the security check in the IDL layer, imo. -- You are receiving this mail because: You are on the CC list for the bug.
Received on Monday, 8 June 2015 02:11:12 UTC