On Sun, Mar 9, 2008 at 12:11 PM, Michael Daumling <[EMAIL PROTECTED]> wrote: > I agree that file and line information is not really sensitive > information.
I disagree: we have existing bugs in Mozilla about the security impact of exposing filename information to unprivileged callers. It's likely that we'll be able to solve them without removing all filename information, but it's certainly not always that case that the obvious option (full file path) is trivially safe. Spec text that encouraged this behaviour would need to be clear about possible risks, I think, even if it's ultimately left to the implementation. Mike _______________________________________________ Es4-discuss mailing list Es4-discuss@mozilla.org https://mail.mozilla.org/listinfo/es4-discuss
