ES4 draft: Error classes

Mike Shaver mike.shaver at gmail.com
Sun Mar 9 10:42:48 PDT 2008


On Sun, Mar 9, 2008 at 12:11 PM, Michael Daumling <mdaeumli at adobe.com> wrote:
> I agree that file and line information is not really sensitive
>  information.

I disagree: we have existing bugs in Mozilla about the security impact
of exposing filename information to unprivileged callers.  It's likely
that we'll be able to solve them without removing all filename
information, but it's certainly not always that case that the obvious
option (full file path) is trivially safe.  Spec text that encouraged
this behaviour would need to be clear about possible risks, I think,
even if it's ultimately left to the implementation.

Mike



More information about the Es4-discuss mailing list