[webkit-reviews] review requested: [Bug 15313] Same-origin check wrong when document.domain set : [Attachment 17002] Update for SecurityOrigin class

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Fri Nov 2 15:18:36 PDT 2007

Adam Barth <hk9565 at gmail.com> has asked  for review:
Bug 15313: Same-origin check wrong when document.domain set

Attachment 17002: Update for SecurityOrigin class

------- Additional Comments from Adam Barth <hk9565 at gmail.com>
The new SecurityOrigin::allowAccessFrom function has the same bugs that
Window::isSafeScript used to.  Attached is an updated patch.  I haven't
investigated whether there is still an issue with empty frames.

Also, the name of the new function is very confusing.  "allowsAccessFrom"
sounds like the parameter going to act on the object, but the function is
written (and called) in the reverse sense, i.e. "allowAccessTo".  This only
really matters for the "file" test (the others are symmetric):

if (m_protocol == "file")
    return true;

Getting this backwards would allow web sites to read your local file system
(for example, /etc/passwd).

More information about the webkit-reviews mailing list