[webkit-reviews] review requested: [Bug 31098] [XSSAuditor] Allow scripts and plug-ins from the same origin : [Attachment 42721] Patch with test case
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Sun Nov 8 15:26:54 PST 2009
Daniel Bates <dbates at webkit.org> has asked for review:
Bug 31098: [XSSAuditor] Allow scripts and plug-ins from the same origin
https://bugs.webkit.org/show_bug.cgi?id=31098
Attachment 42721: Patch with test case
https://bugs.webkit.org/attachment.cgi?id=42721&action=review
------- Additional Comments from Daniel Bates <dbates at webkit.org>
Since XSSAuditor::canLoadExternalScriptFromSrc, XSSAuditor::canLoadObject, and
XSSAuditor::canSetBaseElementURL should all allow same-origin loads, I defined
a new method XSSAuditor::isSameOriginResource, as opposed to inlining the
same-origin check.
More information about the webkit-reviews
mailing list