[Webkit-unassigned] [Bug 15100] XMLHttpRequest::urlMatchesDocumentDomain raises error if port information does not match exactly

[bugzilla-daemon at webkit.org]

http://bugs.webkit.org/show_bug.cgi?id=15100


mjs at apple.com changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
  Attachment #16149|review?                     |review-
               Flag|                            |




------- Comment #11 from mjs at apple.com  2007-08-28 20:55 PDT -------
(From update of attachment 16149)
I think we should match Mozilla and IE on this. Some technicalities about the
current patch:

1) All these steps are done twice:

+    int document_port = documentURL.port();
+    
+    if (document_port == 0) {
+        if(documentURL.protocol().lower() == "http")
+            document_port = 80;
+        if(documentURL.protocol().lower() == "https")
+            document_port = 443;
+    }

It would be nice to factor this work out into a common function, especially so
we can reuse it anywhere that an XSS same origin check is needed. Also, I'd
suggest adding the default port for "ftp". And finally, we probably need to
eventually add a way to ask the network layer for the default ports for various
protocols.

r- for these technicalities. I will gladly r+ a version that improves these
things. I also asked Sam Weinig to look at this, to see if we can apply the
same fix to scripting checks.


-- 
Configure bugmail: http://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.