id	summary	reporter	owner	description	type	status	priority	milestone	component	version	resolution	keywords	cc	launchpad_bug
821	A script in a file viewed through the WUI can obtain the file's read cap	davidsarah	davidsarah	"http://allmydata.org/trac/tahoe/ticket/98#comment:22

A script (such as JavaScript) in an [X]HTML file viewed through the WUI can obtain the read cap for that file. For an immutable file, this is not much of a problem because the script can read the contents of the file anyway. However, for a mutable file, it can also read any future version, which is a violation of the Principle of Least Authority."	defect	assigned	major	soon	code-frontend-web	1.5.0		newcaps newurls confidentiality capleak websec