[Webkit-unassigned] [Bug 15100] XMLHttpRequest::urlMatchesDocumentDomain raises error if port information does not match exactly

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue Aug 28 20:55:23 PDT 2007


mjs at apple.com changed:

           What    |Removed                     |Added
  Attachment #16149|review?                     |review-
               Flag|                            |

------- Comment #11 from mjs at apple.com  2007-08-28 20:55 PDT -------
(From update of attachment 16149)
I think we should match Mozilla and IE on this. Some technicalities about the
current patch:

1) All these steps are done twice:

+    int document_port = documentURL.port();
+    if (document_port == 0) {
+        if(documentURL.protocol().lower() == "http")
+            document_port = 80;
+        if(documentURL.protocol().lower() == "https")
+            document_port = 443;
+    }

It would be nice to factor this work out into a common function, especially so
we can reuse it anywhere that an XSS same origin check is needed. Also, I'd
suggest adding the default port for "ftp". And finally, we probably need to
eventually add a way to ask the network layer for the default ports for various

r- for these technicalities. I will gladly r+ a version that improves these
things. I also asked Sam Weinig to look at this, to see if we can apply the
same fix to scripting checks.

Configure bugmail: http://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

More information about the webkit-unassigned mailing list