[Webkit-unassigned] [Bug 15313] New: Same-origin check wrong when document.domain set
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Sep 28 18:18:08 PDT 2007
http://bugs.webkit.org/show_bug.cgi?id=15313
Summary: Same-origin check wrong when document.domain set
Product: WebKit
Version: 522+ (nightly)
Platform: All
OS/Version: All
Status: UNCONFIRMED
Severity: Normal
Priority: P2
Component: WebCore JavaScript
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: hk9565 at gmail.com
There are two issues here:
1) Two pages that have set their document.domain to the same value should only
be considered the same origin if their protocols and port numbers match. This
is particularly important isolation between HTTP and HTTPS pages.
2) Once a page sets its document.domain, it should no longer be able to access
pages that have not set their document.domain to the same value. Otherwise,
another page could inject script into that page and access the original origin.
--
Configure bugmail: http://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the webkit-unassigned
mailing list