Closed
Bug 11729
Opened 25 years ago
Closed 21 years ago
security for event capture
Categories
(Core :: DOM: Core & HTML, defect, P3)
Tracking
()
VERIFIED
DUPLICATE
of bug 180762
Future
People
(Reporter: norrisboyd, Assigned: security-bugs)
Details
(Keywords: dom0)
Subject: Re: event capture Date: Wed, 11 Aug 1999 17:46:07 -0700 From: joki@netscape.com (Tom Pixley) Organization: Netscape Communications To: Norris Boyd <norris@netscape.com> No, the event model is in fact nearly the same. We still need to worry about handling of events outside their domain. The problem is lessened somewhat in that we don't pass events all the way up through framesets. If you get a chance you can check out the Event Model section of the DOM Level 2 draft linked off of http://w3c.org/dom -tom Norris Boyd wrote: > > In 5.x, do we still need to worry about event capture and security, or > is the event model sufficiently different that it's not a concern? > > --Norris
Reporter | ||
Updated•25 years ago
|
Status: NEW → ASSIGNED
Reporter | ||
Updated•25 years ago
|
Target Milestone: M13
Reporter | ||
Updated•25 years ago
|
Whiteboard: Help wanted: joki could help here
Reporter | ||
Updated•25 years ago
|
Summary: security for event capture → [Feature] security for event capture
Reporter | ||
Updated•25 years ago
|
Target Milestone: M13 → M14
Reporter | ||
Updated•25 years ago
|
Whiteboard: Help wanted: joki could help here
Target Milestone: M14 → M15
Reporter | ||
Comment 1•25 years ago
|
||
Push security review tasks off until M16.
Target Milestone: M15 → M16
Reporter | ||
Updated•24 years ago
|
Summary: [Feature] security for event capture → security for event capture
Target Milestone: M16 → M17
Assignee | ||
Comment 2•24 years ago
|
||
Bulk reassigning most of norris's bugs to mstoltz.
Assignee: norris → mstoltz
Status: ASSIGNED → NEW
Assignee | ||
Comment 3•24 years ago
|
||
This is related to some open exploits involving event capture...need to take a more general look at this mechanism to make sure we're handling security the right way.
Status: NEW → ASSIGNED
Assignee | ||
Comment 4•24 years ago
|
||
This bug is a placeholder for me. joki is checking in a patch which prevents cross-domain event capture using event handlers. There may still be vulnerabilities involving bubbling.
Group: netscapeconfidential?
Assignee | ||
Updated•24 years ago
|
Target Milestone: M17 → Future
Assignee | ||
Comment 5•24 years ago
|
||
Future.
Assignee | ||
Updated•24 years ago
|
Group: netscapeconfidential?
Assignee | ||
Comment 6•21 years ago
|
||
*** This bug has been marked as a duplicate of 180762 ***
Status: ASSIGNED → RESOLVED
Closed: 21 years ago
Resolution: --- → DUPLICATE
Updated•19 years ago
|
Status: RESOLVED → VERIFIED
You need to log in
before you can comment on or make changes to this bug.
Description
•