Subscribe should not return an integer

[djensen47]

Returning an int allows for unsubscribe forgeries. Let's say my app has an ad network and a malicious ad gets onto the network, that ad could potentially brute force unsubscribe.

A better solution would be to return an object. Even better would be for that object to have the unsubscribe call itself.

[tripzero]

Returning an object that had the unsubscribe method on it sounds reasonable.

Of course, you could also reduce the possibility of a malicious unsubscribe
by returning a significantly large random integer. You could use web
crypto to generate the random number to take advantage of hardware
randomization.

On Wed, Jan 6, 2016, 2:30 PM Dave Jensen notifications@github.com wrote:

Returning an int allows for unsubscribe forgeries. Let's say my app has an
ad network and a malicious ad gets onto the network, that ad could
potentially brute force unsubscribe.

A better solution would be to return an object. Even better would be for
that object to have the unsubscribe call itself.

—
Reply to this email directly or view it on GitHub
#76.

[tobie]

The security argument is moot the minute you're allowing third party code to execute within the same origin.

[tguild]

Old issue for WebIDL