[webkit-reviews] review denied: [Bug 37392] Run the SVG <img> rendering context in a unique origin as a defense in depth measure : [Attachment 53058] Simple defense-in-depth patch.
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Sat Apr 10 16:51:56 PDT 2010
Adam Barth <abarth at webkit.org> has denied Chris Evans <scarybeasts at gmail.com>'s
request for review:
Bug 37392: Run the SVG <img> rendering context in a unique origin as a defense
in depth measure
https://bugs.webkit.org/show_bug.cgi?id=37392
Attachment 53058: Simple defense-in-depth patch.
https://bugs.webkit.org/attachment.cgi?id=53058&action=review
------- Additional Comments from Adam Barth <abarth at webkit.org>
That method on FrameLoader is very sketchy. Can't we operate on the
SecurityOrigin directly? That won't be overridden in any funny ways.
More information about the webkit-reviews
mailing list