28778 – Should probably perform security checks on arguments too, not just this values

This is an archived snapshot of W3C's public bugzilla bug tracker, decommissioned in April 2019. Please see the home page for more details.

Bug 28778 - Should probably perform security checks on arguments too, not just this values

Summary: Should probably perform security checks on arguments too, not just this values

Status:	NEW

Alias:	None

Product:	WebAppsWG
Classification:	Unclassified
Component:	WebIDL (show other bugs)
Version:	unspecified
Hardware:	PC All

Importance:	P2 normal
Target Milestone:	---
Assignee:	Cameron McCormack
QA Contact:	public-webapps-bugzilla

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2015-06-08 02:11 UTC by Boris Zbarsky
Modified:	2015-06-08 02:11 UTC (History)
CC List:	2 users (show)

See Also:

Attachments

Description Boris Zbarsky 2015-06-08 02:11:04 UTC

Otherwise any API that takes a Window or EventTarget argument and operates on it without a security check is a security hole.  It's simpler to just do the security check in the IDL layer, imo.

Format For Printing
- XML
- Clone This Bug
- Top of page