[Webkit-unassigned] [Bug 15936] Overly permissive frame navigation allows password theft

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Thu Nov 29 15:56:21 PST 2007


http://bugs.webkit.org/show_bug.cgi?id=15936





------- Comment #10 from sam at webkit.org  2007-11-29 15:56 PDT -------
After some testing of the opener frame behavior I have come to the conclusion
that a simpler policy may be possible.  The policy is:

 The navigation change is safe if the active frame is:
   - in the same security origin as the target or one of the target's ancestors
Or the target frame is:
   - a top-level frame frame in the frame hierarchy

Thoughts?


-- 
Configure bugmail: http://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.



More information about the webkit-unassigned mailing list