[Bug 22346] Security: When invoking a method, getter, or setter on an object using the property descriptor of another, we need to do a security check from bugzilla@jessica.w3.org on 2013-08-02 (public-webapps-bugzilla@w3.org from August 2013)

From: <bugzilla@jessica.w3.org>
Date: Fri, 02 Aug 2013 01:12:08 +0000
To: public-webapps-bugzilla@w3.org
Message-ID: <bug-22346-2532-dWooddji94@http.www.w3.org/Bugs/Public/>

https://www.w3.org/Bugs/Public/show_bug.cgi?id=22346

Cameron McCormack <cam@mcc.id.au> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|---                         |FIXED

--- Comment #9 from Cameron McCormack <cam@mcc.id.au> ---
OK, I've added a term "perform a security check" that takes as input the
platform object you're using, and the ECMAScript global environment associated
with the Function object that you're calling (be it for an operation, attribute
getter/setter, etc.).  Let me know if you need something different.

I didn't add a "secure object" term; I figure you can do that check yourself in
your "perform a security check" definition.

http://dev.w3.org/cvsweb/2006/webapi/WebIDL/Overview.xml.diff?r1=1.650;r2=1.651;f=h
http://dev.w3.org/cvsweb/2006/webapi/WebIDL/v1.xml.diff?r1=1.90;r2=1.91;f=h

http://dev.w3.org/2006/webapi/WebIDL/#es-security
http://dev.w3.org/2006/webapi/WebIDL/#dfn-perform-a-security-check
http://dev.w3.org/2006/webapi/WebIDL/#dfn-attribute-getter etc.

-- 
You are receiving this mail because:
You are the QA Contact for the bug.

Received on Friday, 2 August 2013 01:12:10 UTC