[webauthn] ScopedCredentialDescriptor can contain BufferSources that are processed async from Boris Zbarsky via GitHub on 2016-11-04 (public-webauthn@w3.org from November 2016)

From: Boris Zbarsky via GitHub <sysbot+gh@w3.org>
Date: Fri, 04 Nov 2016 21:08:38 +0000
To: public-webauthn@w3.org
Message-ID: <issues.opened-187438721-1478293716-sysbot+gh@w3.org>

bzbarsky has just created a new issue for 
https://github.com/w3c/webauthn:

== ScopedCredentialDescriptor can contain BufferSources that are 
processed async ==
In 
https://w3c.github.io/webauthn/#dom-webauthentication-makecredential 
step 10, the excludeList member of _options_ is asynchronously passed 
to authenticatorMakeCredential operations.  This member is a sequence 
of ScopedCredentialDescriptor which are required to have a 
BufferSource id.  At this point, that buffer source may be being 
modified concurrently by script, so reading anything from it is 
unsafe.

Presumably somewhere in here there should be a snapshot taken.

Please view or discuss this issue at 
https://github.com/w3c/webauthn/issues/276 using your GitHub account

Received on Friday, 4 November 2016 21:08:44 UTC