W3C home > Mailing lists > Public > whatwg@whatwg.org > January 2013

Re: [whatwg] Location object identity and navigation behavior

From: Bobby Holley <bobbyholley@gmail.com>
Date: Mon, 7 Jan 2013 23:17:37 -0800
Message-ID: <CAKBxTc+uHRoZVpKHZu3urJqL3=nhfJizeBzWNC5RZe_Roq=tyA@mail.gmail.com>
To: Ian Hickson <ian@hixie.ch>
Cc: whatwg <whatwg@lists.whatwg.org>
On Mon, Jan 7, 2013 at 8:05 PM, Ian Hickson <ian@hixie.ch> wrote:

> On Mon, 7 Jan 2013, Bobby Holley wrote:
> >
> > Aside from concerns about stack introspection, the main downside of this
> > approach is that it's a blacklist, rather than a whitelist (like our
> > other security code), so we'll have to be extra careful when
> > implementing anything new on Location. Please keep that in mind when
> > updating the spec. ;-)
> Can you elaborate on what is a blacklist?

In the sense that we have to implement it as explicit per-method checks in
C++. Our regular security model is an object-capability system enforced
with wrappers across scope boundaries (using a whitelist), which, as
previously discussed, doesn't jive with the current spec for Location. So
if something new is ever added to nsLocation, we're going to need to
remember to add a security check.

Received on Tuesday, 8 January 2013 07:18:21 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 16:59:52 UTC