[whatwg] Need to define same-origin policy for WebIDL operations/getters/setters
Cameron McCormack
cam at mcc.id.au
Mon Jan 7 15:20:20 PST 2013
On 16/12/12 9:34 PM, David Bruant wrote:
> WebIDL needs to embed in some way the notion of origin to enable
> throwing for security reasons in the right places.
>
> One idea would be to add an [OriginAware] extended attribute:
> * On operations (like in Boris case), an origin check would be performed
> before calling the core of the operation
Why would this need to be on specific operations and not just be
enforced on every operation? Is it that we want to avoid the overhead
of origin checking if we know that calling the operation does not leak
information? Or it it that only a limited set of objects is exposed
cross origin anyway, so we only need to check those?
> * On attributes, both the getter and setter would throw if "this" is not
> of the right origin.
> * On interfaces, it would apply to everything (might be necessary for
> Window and Document)
For the actual wording of the check, we could either have a "security
check" that is performed at the right time in #es-operations etc. and
which HTML defines to do the origin checking, or we can make Web IDL
aware of origins itself, and then HTML would define what origin
different objects come from.
More information about the whatwg
mailing list