document-policy icon indicating copy to clipboard operation
document-policy copied to clipboard

Published 20 hours ago verified publisher icon WICG

Feature proposal: Disable named access on `window`

Open tomayac opened this issue 4 years ago • 1 comments

While for quick hacks the named access on window behavior is a feature, in more complex applications this behavior introduces subtle bugs that are hard to detect. Could maybe Document Policy save us, asks Paul Irish?

tomayac avatar Apr 29 '21 06:04 tomayac

Any security issues arising from this are known as “DOM clobbering”: https://portswigger.net/web-security/dom-based/dom-clobbering

mathiasbynens avatar Apr 29 '21 06:04 mathiasbynens