[Bug 28778] New: Should probably perform security checks on arguments too, not just this values from bugzilla@jessica.w3.org on 2015-06-08 (public-webapps-bugzilla@w3.org from June 2015)

From: <bugzilla@jessica.w3.org>
Date: Mon, 08 Jun 2015 02:11:04 +0000
To: public-webapps-bugzilla@w3.org
Message-ID: <bug-28778-2532@http.www.w3.org/Bugs/Public/>

https://www.w3.org/Bugs/Public/show_bug.cgi?id=28778

            Bug ID: 28778
           Summary: Should probably perform security checks on arguments
                    too, not just this values
           Product: WebAppsWG
           Version: unspecified
          Hardware: PC
                OS: All
            Status: NEW
          Severity: normal
          Priority: P2
         Component: WebIDL
          Assignee: cam@mcc.id.au
          Reporter: bzbarsky@mit.edu
        QA Contact: public-webapps-bugzilla@w3.org
                CC: mike@w3.org, public-script-coord@w3.org

Otherwise any API that takes a Window or EventTarget argument and operates on
it without a security check is a security hole.  It's simpler to just do the
security check in the IDL layer, imo.

-- 
You are receiving this mail because:
You are the QA Contact for the bug.

Received on Monday, 8 June 2015 02:11:13 UTC