W3C home > Mailing lists > Public > public-script-coord@w3.org > January to March 2016

[Bug 29369] New: perform a security check needs to be passed a property name and type

From: <bugzilla@jessica.w3.org>
Date: Tue, 12 Jan 2016 15:26:39 +0000
To: public-script-coord@w3.org
Message-ID: <bug-29369-3890@http.www.w3.org/Bugs/Public/>
https://www.w3.org/Bugs/Public/show_bug.cgi?id=29369

            Bug ID: 29369
           Summary: perform a security check needs to be passed a property
                    name and type
           Product: WebAppsWG
           Version: unspecified
          Hardware: PC
                OS: All
            Status: NEW
          Severity: normal
          Priority: P2
         Component: WebIDL
          Assignee: cam@mcc.id.au
          Reporter: annevk@annevk.nl
        QA Contact: public-webapps-bugzilla@w3.org
                CC: mike@w3.org, public-script-coord@w3.org
  Target Milestone: ---

https://heycam.github.io/webidl/#es-security

[[
 perform a security check 
]]

Without a property name and type (getter/setter/method) I cannot safelist
certain properties that need to bypass this check. See

https://github.com/annevk/html-cross-origin-objects/issues/16#issuecomment-170851038
http://logs.glob.uno/?c=content#c350175

for context.

This would be used to compare against the [[crossOriginProperties]] slot of
Location and Window objects so some of their properties get to bypass the
security check. See
https://github.com/annevk/html-cross-origin-objects/blob/master/Location.md for
the tentative design of that slot on Location objects.

Would be great if we could resolve this somewhat quickly as this is in some
sense blocking the cross-origin work I'm trying to do for HTML.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
Received on Tuesday, 12 January 2016 15:26:46 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:14:24 UTC