[webkit-reviews] review requested: [Bug 28951] QtWebKit fix insecure default for LocalContentCanAccessRemoteUrls : [Attachment 38992] Patch to correct behaviour
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Sep 3 08:39:17 PDT 2009
Richard Moore <rich at kde.org> has asked for review:
Bug 28951: QtWebKit fix insecure default for LocalContentCanAccessRemoteUrls
https://bugs.webkit.org/show_bug.cgi?id=28951
Attachment 38992: Patch to correct behaviour
https://bugs.webkit.org/attachment.cgi?id=38992&action=review
------- Additional Comments from Richard Moore <rich at kde.org>
QtWebKit uses an unsafe default that allows local content to access arbitrary
URLs. Similar issues in other browsers have recently led to a spate of
vulnerabilities. This issue was discussed in the context of web kit in the
following email thread:
https://lists.webkit.org/pipermail/webkit-dev/2009-August/009557.html
More information about the webkit-reviews
mailing list