[Webkit-unassigned] [Bug 12107] New: Security Regression: Plugins load remote javascript in embedded page's context
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Jan 3 18:03:34 PST 2007
http://bugs.webkit.org/show_bug.cgi?id=12107
Summary: Security Regression: Plugins load remote javascript in
embedded page's context
Product: WebKit
Version: 420+ (nightly)
Platform: Macintosh
URL: http://landonf.bikemonkey.org/static/moab-
tests/hreftrack.html
OS/Version: Mac OS X 10.4
Status: NEW
Keywords: Regression
Severity: Blocker
Priority: P1
Component: Plug-ins
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: webkit-bugs at gentlyusedunderwear.com
Look at http://landonf.bikemonkey.org/static/moab-tests/hreftrack.html it shows
a dialog on ToT that has the header of "http://landonf.bikemonkey.org" However,
the plugin is loading a movie from gnucitizen. The dialog should say
http://www.gnucitizen.org/ as the header.
This is NOT a QuickTime bug, this is a WebKit bug as WebKit (well,
JavaScriptCore) runs the JavaScript from the plugin.
--
Configure bugmail: http://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the webkit-unassigned
mailing list