[Bug 22346] Security: Check origins when invoking a method, getter, or setter on an object using the property descriptor of another from bugzilla@jessica.w3.org on 2016-01-19 (public-script-coord@w3.org from January to March 2016)

From: <bugzilla@jessica.w3.org>
Date: Tue, 19 Jan 2016 05:30:27 +0000
To: public-script-coord@w3.org
Message-ID: <bug-22346-3890-pBSHXiYWrF@http.www.w3.org/Bugs/Public/>

https://www.w3.org/Bugs/Public/show_bug.cgi?id=22346

--- Comment #15 from Boris Zbarsky <bzbarsky@mit.edu> ---
IDL needs to have a concept of WindowProxy, which it doesn't right now. 
There's some rambling but relevant discussion in bug 27128.

The right behavior, imo, is for methods/getters/setters that expect a Window or
some interface Window inherits from (in practice just EventTarget) to extract
the underlying Window from a WindowProxy "this" before performing the security
check bits.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

Received on Tuesday, 19 January 2016 05:30:37 UTC