[Webkit-unassigned] [Bug 16523] Calling window.open("", "foo") allows arbitrary scripting by any domain
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Dec 21 09:51:38 PST 2007
http://bugs.webkit.org/show_bug.cgi?id=16523
------- Comment #11 from ddkilzer at webkit.org 2007-12-21 09:51 PDT -------
(In reply to comment #10)
> (In reply to comment #3)
> > Is there some mechanism for reporting these issues privately? Mozilla has a
> > check box that hides security sensitive bugs from the public...
>
> Note that the security box must be checked on the create-a-new-bug page
> (assuming it's there), otherwise email is sent to the webkit-unassigned list
> with all the details when the bug is created.
Actually, the bug needs to be assigned as well, otherwise email still goes to
webkit-unassigned for all to read.
--
Configure bugmail: http://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the webkit-unassigned
mailing list