This is an archived snapshot of W3C's public bugzilla bug tracker, decommissioned in April 2019. Please see the home page for more details.

Bug 29369 - perform a security check needs to be passed a property name and type
Summary: perform a security check needs to be passed a property name and type
Status: RESOLVED FIXED
Alias: None
Product: WebAppsWG
Classification: Unclassified
Component: WebIDL (show other bugs)
Version: unspecified
Hardware: PC All
: P2 normal
Target Milestone: ---
Assignee: Cameron McCormack
QA Contact: public-webapps-bugzilla
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2016-01-12 15:26 UTC by Anne
Modified: 2016-01-13 07:05 UTC (History)
2 users (show)

See Also:

Attachments

Description Anne 2016-01-12 15:26:39 UTC 
https://heycam.github.io/webidl/#es-security

[[
 perform a security check 
]]

Without a property name and type (getter/setter/method) I cannot safelist certain properties that need to bypass this check. See

https://github.com/annevk/html-cross-origin-objects/issues/16#issuecomment-170851038
http://logs.glob.uno/?c=content#c350175

for context.

This would be used to compare against the [[crossOriginProperties]] slot of Location and Window objects so some of their properties get to bypass the security check. See https://github.com/annevk/html-cross-origin-objects/blob/master/Location.md for the tentative design of that slot on Location objects.

Would be great if we could resolve this somewhat quickly as this is in some sense blocking the cross-origin work I'm trying to do for HTML.