[webkit-reviews] review requested: [Bug 15313] Same-origin check
wrong when document.domain set : [Attachment 17002] Update
for SecurityOrigin class
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Nov 2 15:18:36 PDT 2007
Adam Barth <hk9565 at gmail.com> has asked for review:
Bug 15313: Same-origin check wrong when document.domain set
http://bugs.webkit.org/show_bug.cgi?id=15313
Attachment 17002: Update for SecurityOrigin class
http://bugs.webkit.org/attachment.cgi?id=17002&action=edit
------- Additional Comments from Adam Barth <hk9565 at gmail.com>
The new SecurityOrigin::allowAccessFrom function has the same bugs that
Window::isSafeScript used to. Attached is an updated patch. I haven't
investigated whether there is still an issue with empty frames.
Also, the name of the new function is very confusing. "allowsAccessFrom"
sounds like the parameter going to act on the object, but the function is
written (and called) in the reverse sense, i.e. "allowAccessTo". This only
really matters for the "file" test (the others are symmetric):
if (m_protocol == "file")
return true;
Getting this backwards would allow web sites to read your local file system
(for example, /etc/passwd).
More information about the webkit-reviews
mailing list