[webkit-reviews] review granted: [Bug 185681] Cross-Origin-Options: deny/allow-postmessage should prevent getting navigated by cross-origin scripts : [Attachment 340526] Patch

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Thu May 17 10:21:33 PDT 2018


Geoffrey Garen <ggaren at apple.com> has granted Chris Dumez <cdumez at apple.com>'s
request for review:
Bug 185681: Cross-Origin-Options: deny/allow-postmessage should prevent getting
navigated by cross-origin scripts
https://bugs.webkit.org/show_bug.cgi?id=185681

Attachment 340526: Patch

https://bugs.webkit.org/attachment.cgi?id=340526&action=review




--- Comment #3 from Geoffrey Garen <ggaren at apple.com> ---
Comment on attachment 340526
  --> https://bugs.webkit.org/attachment.cgi?id=340526
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=340526&action=review

r=me

> Source/WebCore/ChangeLog:9
> +	   Update our canNavigation() implementation [1] to take into account
the Cross-Origin-Options header.

canNavigate

> Source/WebCore/ChangeLog:15
> +	   possible to trigger a "targetted" navigation via <a target="foo"> or
open(url, "foo").

targeted


More information about the webkit-reviews mailing list