[Webkit-unassigned] [Bug 14100] Feature Request: please implement overriding of blocked network ports
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Jul 6 02:21:02 PDT 2007
http://bugs.webkit.org/show_bug.cgi?id=14100
------- Comment #5 from mjs at apple.com 2007-07-06 02:21 PDT -------
The original restriction was made to prevent web sites from doing
cross-protocol attacks, where sometimes an http request might look like a
request from some different protocol. I think it's probably safe to allow odd
ports for the main document, though. It's pretty hard to use that as an attack.
And if the main document comes off of a weird port, subresources could come
from the same host+port.
I'd have to look at the original security bug that spawned this to make sure.
--
Configure bugmail: http://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the webkit-unassigned
mailing list