[Webkit-unassigned] [Bug 12107] Security Regression: Plugins load remote javascript in embedded page's context
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Jan 4 08:13:41 PST 2007
http://bugs.webkit.org/show_bug.cgi?id=12107
------- Comment #8 from ddkilzer at webkit.org 2007-01-04 08:13 PDT -------
(In reply to comment #7)
> Unfortunately, I'm not sure if it's possible for WebKit to "know" where the
> plug-in content came from since the QuickTime plugin is responsible for loading
> the content. As Landon notes in his MOAB #3 blog entry, he had to patch
> QuickTime plug-in's nNPN_GetURL() method to do the check.
On second thought, if the plug-in is well-behaved (e.g., it doesn't implement
its own URL loader internally), a taint-checking flag (say
HasLoadedExternalResources) could be set whenever the plug-in requests a
resource outside of the original domain/hostname. This flag could then be
checked before executing any JavaScript from the plug-in.
--
Configure bugmail: http://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the webkit-unassigned
mailing list