id	summary	reporter	owner	description	type	status	priority	milestone	component	version	resolution	keywords	cc	launchpad_bug
821	A script in a file viewed through the WUI can obtain the file's read cap	davidsarah		"http://allmydata.org/trac/tahoe/ticket/98#comment:22

A script (such as JavaScript) in an [X]HTML file viewed through the WUI can obtain the read cap for that file. For an immutable file, this is not much of a problem because the script can read the contents of the file anyway. However, for a mutable file, it can also read any future version, which is a violation of the Principle of Least Authority."	defect	new	major	undecided	code-frontend-web	1.5.0		newcaps security	david-sarah@…