a question or recommendations on error-handling

w3ctag / security-questionnaire

A security/privacy review questionnaire for W3C specs

https://w3ctag.github.io/security-questionnaire/

Creative Commons Zero v1.0 Universal

25 stars 34 forks source link

a question or recommendations on error-handling #137

Closed npdoty closed 4 months ago

npdoty commented 2 years ago

Does the spec determine how invalid documents or errors are handled?

Some security risks can arise from undefined or inconsistent behavior with invalid markup. And failure modes in the error cases could lead to availability problems, or downstream security impacts (buffer overflows, etc.).

pes10k commented 2 years ago

This issue doesn't relate to errors, but is an example of how "more specifically defining how a proposal integrates with the Web platform is important to address privacy risks"

https://github.com/w3c/IFT/issues/51

pes10k commented 2 years ago

@npdoty when you have a chance, can you see if https://github.com/w3ctag/security-questionnaire/pull/140 looks good?