Uploaded image for project: 'FHIR Specification Feedback'
  1. FHIR Specification Feedback
  2. FHIR-32205

Inputs as code should not be executed

    XMLWordPrintableJSON

    Details

    • Type: Change Request
    • Status: Applied (View Workflow)
    • Priority: Highest
    • Resolution: Persuasive
    • Specification:
      SMART on FHIR (FHIR)
    • Raised in Version:
      2.0.0
    • Work Group:
      FHIR Infrastructure
    • Outstanding Negatives:
      STU
    • Related Page(s):
      Overview
    • Related Section(s):
      1.2.1
    • Grouping:
    • Resolution Description:
      Hide

      Update: An app SHALL NOT execute any inputs it receives as code.

      To read: An app SHALL NOT execute untrusted user-supplied inputs as code.

      Show
      Update: An app SHALL NOT execute any inputs it receives as code. To read: An app SHALL NOT execute untrusted user-supplied inputs as code.
    • Resolution Vote:
      Gino Canessa/Yunwei Wang: 13-0-0
    • Change Category:
      Clarification
    • Change Impact:
      Non-substantive

      Description

      • An app SHALL NOT execute any inputs it receives as code.

      This sentence is unclear. It could be read that an app is not allowed to execute any code it receives. This makes modern webapps impossible. Please clarify

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              carl-anderson-msft Carl Anderson
              Reporter:
              bvdh Bas van den Heuvel
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Vote Date: