[Webkit-unassigned] [Bug 15313] Same-origin check wrong when document.domain set

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Sat Sep 29 23:34:01 PDT 2007 

http://bugs.webkit.org/show_bug.cgi?id=15313


hk9565 at gmail.com changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
  Attachment #16466|                            |review?
               Flag|                            |




------- Comment #12 from hk9565 at gmail.com  2007-09-29 23:34 PDT -------
Created an attachment (id=16466)
 --> (http://bugs.webkit.org/attachment.cgi?id=16466&action=view)
Matches FF2 and IE6 with tests

Thanks go to Collin Jackson for running these test.  Here are how some other
browsers behave:

Firefox 2:
Protocol mismatch, document.domain set: Denied.
Port mismatch, document.domain set: Allowed.
Only one page has set document.domain: Denied.

Internet Explorer 6:
Protocol mismatch, document.domain set: Denied.
Port mismatch, document.domain set: Allowed.
Only one page has set document.domain: Denied.

Internet Explorer 7:
Protocol mismatch, document.domain set: Denied.
Port mismatch, document.domain set: Denied.
Only one page has set document.domain: Denied.

Opera 9:
Protocol mismatch, document.domain set: Denied.
Port mismatch, document.domain set: Denied.
Only one page has set document.domain: Allowed.

I've updated the patch to match the behavior of Firefox 2 and IE6.  The
scenarios where only one page has set document.domain are covered by two new
tests:

http/tests/security/cross-frame-access-child-explicit-domain.html
http/tests/security/cross-frame-access-parent-explicit-domain.html

Also, the patch updates the existing document.domain, protocol-mismatch test:

http/tests/security/cross-frame-access-protocol-explicit-domain.html

The port-mismatch case is already covered by a LayoutTest.

I'm not marking the older patch as obsolete because you may decide to
follow IE7s lead and be more secure.


-- 
Configure bugmail: http://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

More information about the webkit-unassigned mailing list