Re: [w3c/browser-payment-api] Security hole in payment API when a constructor from a no longer active document is invoked (#361)

Active document check:
https://github.com/whatwg/html/pull/2160

Always invoking "allowed to use":
https://github.com/w3c/browser-payment-api/pull/383

Tests:
https://github.com/w3c/web-platform-tests/pull/4309

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3c/browser-payment-api/issues/361#issuecomment-267337263

Received on Thursday, 15 December 2016 14:16:11 UTC