Closed
Bug 11729
Opened 25 years ago
Closed 21 years ago
security for event capture
Categories
(Core :: DOM: Core & HTML, defect, P3)
Tracking
()
VERIFIED
DUPLICATE
of bug 180762
Future
People
(Reporter: norrisboyd, Assigned: security-bugs)
Details
(Keywords: dom0)
Subject:
Re: event capture
Date:
Wed, 11 Aug 1999 17:46:07 -0700
From:
joki@netscape.com (Tom Pixley)
Organization:
Netscape Communications
To:
Norris Boyd <norris@netscape.com>
No, the event model is in fact nearly the same. We still need to worry
about handling of events outside their domain. The problem is lessened
somewhat in that we don't pass events all the way up through framesets.
If you get a chance you can check out the Event Model section of the DOM
Level 2 draft linked off of http://w3c.org/dom
-tom
Norris Boyd wrote:
>
> In 5.x, do we still need to worry about event capture and security, or
> is the event model sufficiently different that it's not a concern?
>
> --Norris
|
Reporter | |
Updated•25 years ago
|
Status: NEW → ASSIGNED
|
|
Reporter | |
Updated•25 years ago
|
Target Milestone: M13
|
|
Reporter | |
Updated•25 years ago
|
Whiteboard: Help wanted: joki could help here
|
|
Reporter | |
Updated•25 years ago
|
Summary: security for event capture → [Feature] security for event capture
|
|
Reporter | |
Updated•25 years ago
|
Target Milestone: M13 → M14
|
|
Reporter | |
Updated•25 years ago
|
Whiteboard: Help wanted: joki could help here
Target Milestone: M14 → M15
|
|
Reporter | |
Comment 1•25 years ago
|
||
Push security review tasks off until M16.
Target Milestone: M15 → M16
|
|
Reporter | |
Updated•24 years ago
|
Summary: [Feature] security for event capture → security for event capture
Target Milestone: M16 → M17
|
Assignee | |
Comment 2•24 years ago
|
||
Bulk reassigning most of norris's bugs to mstoltz.
Assignee: norris → mstoltz
Status: ASSIGNED → NEW
|
|
Assignee | |
Comment 3•24 years ago
|
||
This is related to some open exploits involving event capture...need to take a more general look at this mechanism to make sure we're handling security the right way.
Status: NEW → ASSIGNED
|
|
Assignee | |
Comment 4•24 years ago
|
||
This bug is a placeholder for me. joki is checking in a patch which prevents cross-domain event capture using event handlers. There may still be vulnerabilities involving bubbling.
Group: netscapeconfidential?
|
|
Assignee | |
Updated•24 years ago
|
Target Milestone: M17 → Future
|
|
Assignee | |
Comment 5•24 years ago
|
||
Future.
|
|
Assignee | |
Updated•24 years ago
|
Group: netscapeconfidential?
|
|
Assignee | |
Comment 6•21 years ago
|
||
*** This bug has been marked as a duplicate of 180762 ***
Status: ASSIGNED → RESOLVED
Closed: 21 years ago
Resolution: --- → DUPLICATE
|
||
Updated•19 years ago
|
Status: RESOLVED → VERIFIED
You need to log in
before you can comment on or make changes to this bug.
Description
•