W3C home > Mailing lists > Public > public-script-coord@w3.org > January to March 2016

[Bug 22346] Security: Check origins when invoking a method, getter, or setter on an object using the property descriptor of another

From: <bugzilla@jessica.w3.org>
Date: Tue, 19 Jan 2016 05:30:27 +0000
To: public-script-coord@w3.org
Message-ID: <bug-22346-3890-pBSHXiYWrF@http.www.w3.org/Bugs/Public/>
https://www.w3.org/Bugs/Public/show_bug.cgi?id=22346

--- Comment #15 from Boris Zbarsky <bzbarsky@mit.edu> ---
IDL needs to have a concept of WindowProxy, which it doesn't right now. 
There's some rambling but relevant discussion in bug 27128.

The right behavior, imo, is for methods/getters/setters that expect a Window or
some interface Window inherits from (in practice just EventTarget) to extract
the underlying Window from a WindowProxy "this" before performing the security
check bits.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
Received on Tuesday, 19 January 2016 05:30:37 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:14:24 UTC