JS security and enumerating a Window
Koos Vriezen
koos.vriezen at xs4all.nl
Fri Oct 25 18:16:31 BST 2002
On Fri, 25 Oct 2002, Dirk Mueller wrote:
> On Fre, 25 Okt 2002, David Faure wrote:
>
> > > Shouldn't JS throw a security exception like above (adding a SecurityError
> > > in kjs/object.h as well).
> > Sounds good to me. Big change to kjs_window.cpp, but should be rather safe.
>
> doesn't this mean that JS execution will stop?
>
> this is rather dangerous that late in the release cycle.. we might trigger
> an additional security check somewhere that throws an exception and aborts
> the script although it shouldn't..
It shouldn't allow enumerating declared JS variables either.
Koos
More information about the kfm-devel
mailing list