mismatch between "perform a security check" in html spec and blink |
|||
Issue descriptionhttps://html.spec.whatwg.org/multipage/browsers.html#integration-with-idl says that for non-cross origin objects, we have to do a security check nevertheless (step 2). This should only trigger for same origin objects that aren't same origin-domain. Currently, we do that implicitly in V8WrapperInstantiationScope::securityCheck when creating wrappers, however, we don't do that in general (for pre-existing wrappers).
,
Apr 12 2017
FYI a change to the test to no longer separately test assert_throws(null, ...): https://github.com/w3c/web-platform-tests/pull/5528
,
Apr 12 2018
This issue has been Available for over a year. If it's no longer important or seems unlikely to be fixed, please consider closing it out. If it is important, please re-triage the issue. Sorry for the inconvenience if the bug really should have been left as Available. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Apr 13 2018
We still don't have a good idea about how to handle this, but this is definitely an issue that we should take care of. |
|||
►
Sign in to add a comment |
|||
Comment 1 by peria@chromium.org
, Mar 2 2017Status: Available (was: Untriaged)