[Webkit-unassigned] [Bug 16523] Calling window.open("", "foo") allows arbitrary scripting by any domain
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Dec 20 16:54:11 PST 2007
http://bugs.webkit.org/show_bug.cgi?id=16523
------- Comment #7 from webkit at collinjackson.com 2007-12-20 16:54 PDT -------
We thought about adding an allowsAccessFrom check to
WindowProtoFuncOpen::callAsFunction, but unfortunately this breaks compatiblity
with both Internet Explorer and Firefox, which allow
window.open("http://someothersite.com").open("http://yetanothersite.com").
--
Configure bugmail: http://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the webkit-unassigned
mailing list