[Webkit-unassigned] [Bug 15936] Overly permissive frame navigation allows password theft
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Nov 28 17:26:44 PST 2007
http://bugs.webkit.org/show_bug.cgi?id=15936
------- Comment #6 from webkit at collinjackson.com 2007-11-28 17:26 PDT -------
Created an attachment (id=17584)
--> (http://bugs.webkit.org/attachment.cgi?id=17584&action=view)
Updates the frame navigation policy to match Internet Explorer 7 (single
window)
We did some more exhaustive testing of frame navigation in Internet Explorer 7
and wrote a patch to update WebKit to match IE7.
Here is a test framework that we created: http://w3sim.com/frames/
Here are the results on IE7: http://w3sim.com/frames/screenshots/ie7-single.png
Here are the results on the nightly WebKit:
http://w3sim.com/frames/screenshots/webkit-2007-11-27-single.png
Here are the results after the attached patch:
http://w3sim.com/frames/screenshots/webkit-patched-single.png
Our current understanding of the IE7 policy is that a active frame can navigate
a target frame (in the same window) if:
* The target frame is the top-level frame
* The active frame is in the same origin of the target frame or any of its
ancestors
So far we have only tried navigating frames within a single window. We're going
to work on the multi-window case next.
--
Configure bugmail: http://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the webkit-unassigned
mailing list