[Webkit-unassigned] [Bug 14819] ports & protocols are expected to match in cross frame scripting along with domains.
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Jul 30 18:02:59 PDT 2007
http://bugs.webkit.org/show_bug.cgi?id=14819
------- Comment #3 from j at apple.com 2007-07-30 18:02 PDT -------
(In reply to comment #1)
> Sam just fixed this bug. Setting domain explicitly in both documents enables
> access between them.
>
A typical scenario for an SAP install is to have one Portal host
(lal.corp.apple.com:50000 for example) which loads content from many other
hosts into various iframes using different ports (lore.corp.apple.com:8000 and
mire.apple.com:51000, for example). This achieved via domian-relaxing
javascript in each of the frames, per IE domain-relaxing rules.
Now that ports are being checked, won't the new port checking deny cross-frame
scripting requests? If so, that is a big problem for SAP installs and a
restriction that IE and Firefox don't currently have. Protocol I think should
be compared, but not the ports, for reason stated above. Please advise.
--
Configure bugmail: http://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the webkit-unassigned
mailing list