[Webkit-unassigned] [Bug 16968] New: Security violations in Acid3 test

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Mon Jan 21 23:13:52 PST 2008 

http://bugs.webkit.org/show_bug.cgi?id=16968

           Summary: Security violations in Acid3 test
           Product: WebKit
           Version: 525+ (Nightly build)
          Platform: Macintosh
               URL: http://www.hixie.ch/tests/evil/acid/003/NOT_READY_PLEASE
                    _DO_NOT_USE.html
        OS/Version: Mac OS X 10.4
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: New Bugs
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: eric at webkit.org
                CC: ian at hixie.ch, sam at webkit.org


Security violations in Acid3 test

I expect that these are calls to object.contentDocument.  I'm not certain.  I'm
also not sure if this behavior is correct or not.

Unsafe JavaScript attempt to access frame with URL
data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hsaW5rIiB3aWR0aD0iMTAwIiBoZWlnaHQ9IjEwMCI%2BPGRlZnM%2BPGZvbnQtZmFjZSBmb250LWZhbWlseT0iQUNJRDNzdmdmb250Ij48Zm9udC1mYWNlLXNyYz48Zm9udC1mYWNlLXVyaSB4bGluazpocmVmPSJkYXRhOmltYWdlL3N2Zyt4bWw7YmFzZTY0LFBITjJaeUI0Yld4dWN6MGlhSFIwY0RvdkwzZDNkeTUzTXk1dmNtY3ZNakF3TUM5emRtY2lJSGh0Ykc1ek9uaHNhVzVyUFNKb2RIUndPaTh2ZDNkM0xuY3pMbTl5Wnk4eE9UazVMM2hzYVc1cklqNDhaR1ZtY3o0OFptOXVkQ0JvYjNKcGVpMWhaSFl0ZUQwaU5UQXdJaUJwWkQwaWJXbHVhU0klMkJQR1p2Ym5RdFptRmpaU0JtYjI1MExXWmhiV2xzZVQwaVFVTkpSRE56ZG1kbWIyNTBJaUIxYm1sMGN5MXdaWEl0WlcwOUlqUXdNREFpSUdGelkyVnVkRDBpT0RBd0lpQmtaWE5qWlc1MFBTSXRNakF3SWlCaGJIQm9ZV0psZEdsalBTSXdJaTglMkJQRzFwYzNOcGJtY3RaMng1Y0dnZ2FHOXlhWG90WVdSMkxYZzlJakV3TURBd0lpQmtQU0pOTUNBd0lEUXdNREFnTUNJdlBqeG5iSGx3YUNCMWJtbGpiMlJsUFNKaElpQm5iSGx3YUMxdVlXMWxQU0poSWlCb2IzSnBlaTFoWkhZdGVEMGlORElpTHo0OFoyeDVjR2dnZFc1cFkyOWtaVDBpWWlJZ1oyeDVjR2d0Ym1GdFpUMGlZaUlnYUc5eWFYb3RZV1Iy
 TFhnOUlqSXpJaTglMkJQR2RzZVhCb0lIVnVhV052WkdVOUltTWlJR2RzZVhCb0xXNWhiV1U5SW1NaUlHaHZjbWw2TFdGa2RpMTRQU0kwTnpFeElpOCUyQlBDOW1iMjUwUGp3dlpHVm1jejQ4TDNOMlp6NE5DZyUzRCUzRCNtaW5pIi8%2BPC9mb250LWZhY2Utc3JjPjwvZm9udC1mYWNlPjxwYXRoIGlkPSJwYXRoIiBkPSJNMCAwbDAgNDJsMTYgMTZsNDcxMSAwIi8%2BPC9kZWZzPjwvc3ZnPg0K
from frame with URL
http://www.hixie.ch/tests/evil/acid/003/NOT_READY_PLEASE_DO_NOT_USE.html.
Domains, protocols and ports must match.
Unsafe JavaScript attempt to access frame with URL
data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hsaW5rIiB3aWR0aD0iMTAwIiBoZWlnaHQ9IjEwMCI%2BPGRlZnM%2BPGZvbnQtZmFjZSBmb250LWZhbWlseT0iQUNJRDNzdmdmb250Ij48Zm9udC1mYWNlLXNyYz48Zm9udC1mYWNlLXVyaSB4bGluazpocmVmPSJkYXRhOmltYWdlL3N2Zyt4bWw7YmFzZTY0LFBITjJaeUI0Yld4dWN6MGlhSFIwY0RvdkwzZDNkeTUzTXk1dmNtY3ZNakF3TUM5emRtY2lJSGh0Ykc1ek9uaHNhVzVyUFNKb2RIUndPaTh2ZDNkM0xuY3pMbTl5Wnk4eE9UazVMM2hzYVc1cklqNDhaR1ZtY3o0OFptOXVkQ0JvYjNKcGVpMWhaSFl0ZUQwaU5UQXdJaUJwWkQwaWJXbHVhU0klMkJQR1p2Ym5RdFptRmpaU0JtYjI1MExXWmhiV2xzZVQwaVFVTkpSRE56ZG1kbWIyNTBJaUIxYm1sMGN5MXdaWEl0WlcwOUlqUXdNREFpSUdGelkyVnVkRDBpT0RBd0lpQmtaWE5qWlc1MFBTSXRNakF3SWlCaGJIQm9ZV0psZEdsalBTSXdJaTglMkJQRzFwYzNOcGJtY3RaMng1Y0dnZ2FHOXlhWG90WVdSMkxYZzlJakV3TURBd0lpQmtQU0pOTUNBd0lEUXdNREFnTUNJdlBqeG5iSGx3YUNCMWJtbGpiMlJsUFNKaElpQm5iSGx3YUMxdVlXMWxQU0poSWlCb2IzSnBlaTFoWkhZdGVEMGlORElpTHo0OFoyeDVjR2dnZFc1cFkyOWtaVDBpWWlJZ1oyeDVjR2d0Ym1GdFpUMGlZaUlnYUc5eWFYb3RZV1Iy
 TFhnOUlqSXpJaTglMkJQR2RzZVhCb0lIVnVhV052WkdVOUltTWlJR2RzZVhCb0xXNWhiV1U5SW1NaUlHaHZjbWw2TFdGa2RpMTRQU0kwTnpFeElpOCUyQlBDOW1iMjUwUGp3dlpHVm1jejQ4TDNOMlp6NE5DZyUzRCUzRCNtaW5pIi8%2BPC9mb250LWZhY2Utc3JjPjwvZm9udC1mYWNlPjxwYXRoIGlkPSJwYXRoIiBkPSJNMCAwbDAgNDJsMTYgMTZsNDcxMSAwIi8%2BPC9kZWZzPjwvc3ZnPg0K
from frame with URL
http://www.hixie.ch/tests/evil/acid/003/NOT_READY_PLEASE_DO_NOT_USE.html.
Domains, protocols and ports must match.
Unsafe JavaScript attempt to access frame with URL
data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hsaW5rIiB3aWR0aD0iMTAwIiBoZWlnaHQ9IjEwMCI%2BPGRlZnM%2BPGZvbnQtZmFjZSBmb250LWZhbWlseT0iQUNJRDNzdmdmb250Ij48Zm9udC1mYWNlLXNyYz48Zm9udC1mYWNlLXVyaSB4bGluazpocmVmPSJkYXRhOmltYWdlL3N2Zyt4bWw7YmFzZTY0LFBITjJaeUI0Yld4dWN6MGlhSFIwY0RvdkwzZDNkeTUzTXk1dmNtY3ZNakF3TUM5emRtY2lJSGh0Ykc1ek9uaHNhVzVyUFNKb2RIUndPaTh2ZDNkM0xuY3pMbTl5Wnk4eE9UazVMM2hzYVc1cklqNDhaR1ZtY3o0OFptOXVkQ0JvYjNKcGVpMWhaSFl0ZUQwaU5UQXdJaUJwWkQwaWJXbHVhU0klMkJQR1p2Ym5RdFptRmpaU0JtYjI1MExXWmhiV2xzZVQwaVFVTkpSRE56ZG1kbWIyNTBJaUIxYm1sMGN5MXdaWEl0WlcwOUlqUXdNREFpSUdGelkyVnVkRDBpT0RBd0lpQmtaWE5qWlc1MFBTSXRNakF3SWlCaGJIQm9ZV0psZEdsalBTSXdJaTglMkJQRzFwYzNOcGJtY3RaMng1Y0dnZ2FHOXlhWG90WVdSMkxYZzlJakV3TURBd0lpQmtQU0pOTUNBd0lEUXdNREFnTUNJdlBqeG5iSGx3YUNCMWJtbGpiMlJsUFNKaElpQm5iSGx3YUMxdVlXMWxQU0poSWlCb2IzSnBlaTFoWkhZdGVEMGlORElpTHo0OFoyeDVjR2dnZFc1cFkyOWtaVDBpWWlJZ1oyeDVjR2d0Ym1GdFpUMGlZaUlnYUc5eWFYb3RZV1Iy
 TFhnOUlqSXpJaTglMkJQR2RzZVhCb0lIVnVhV052WkdVOUltTWlJR2RzZVhCb0xXNWhiV1U5SW1NaUlHaHZjbWw2TFdGa2RpMTRQU0kwTnpFeElpOCUyQlBDOW1iMjUwUGp3dlpHVm1jejQ4TDNOMlp6NE5DZyUzRCUzRCNtaW5pIi8%2BPC9mb250LWZhY2Utc3JjPjwvZm9udC1mYWNlPjxwYXRoIGlkPSJwYXRoIiBkPSJNMCAwbDAgNDJsMTYgMTZsNDcxMSAwIi8%2BPC9kZWZzPjwvc3ZnPg0K
from frame with URL
http://www.hixie.ch/tests/evil/acid/003/NOT_READY_PLEASE_DO_NOT_USE.html.
Domains, protocols and ports must match.
Unsafe JavaScript attempt to access frame with URL
data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hsaW5rIiB3aWR0aD0iMTAwIiBoZWlnaHQ9IjEwMCI%2BPGRlZnM%2BPGZvbnQtZmFjZSBmb250LWZhbWlseT0iQUNJRDNzdmdmb250Ij48Zm9udC1mYWNlLXNyYz48Zm9udC1mYWNlLXVyaSB4bGluazpocmVmPSJkYXRhOmltYWdlL3N2Zyt4bWw7YmFzZTY0LFBITjJaeUI0Yld4dWN6MGlhSFIwY0RvdkwzZDNkeTUzTXk1dmNtY3ZNakF3TUM5emRtY2lJSGh0Ykc1ek9uaHNhVzVyUFNKb2RIUndPaTh2ZDNkM0xuY3pMbTl5Wnk4eE9UazVMM2hzYVc1cklqNDhaR1ZtY3o0OFptOXVkQ0JvYjNKcGVpMWhaSFl0ZUQwaU5UQXdJaUJwWkQwaWJXbHVhU0klMkJQR1p2Ym5RdFptRmpaU0JtYjI1MExXWmhiV2xzZVQwaVFVTkpSRE56ZG1kbWIyNTBJaUIxYm1sMGN5MXdaWEl0WlcwOUlqUXdNREFpSUdGelkyVnVkRDBpT0RBd0lpQmtaWE5qWlc1MFBTSXRNakF3SWlCaGJIQm9ZV0psZEdsalBTSXdJaTglMkJQRzFwYzNOcGJtY3RaMng1Y0dnZ2FHOXlhWG90WVdSMkxYZzlJakV3TURBd0lpQmtQU0pOTUNBd0lEUXdNREFnTUNJdlBqeG5iSGx3YUNCMWJtbGpiMlJsUFNKaElpQm5iSGx3YUMxdVlXMWxQU0poSWlCb2IzSnBlaTFoWkhZdGVEMGlORElpTHo0OFoyeDVjR2dnZFc1cFkyOWtaVDBpWWlJZ1oyeDVjR2d0Ym1GdFpUMGlZaUlnYUc5eWFYb3RZV1Iy
 TFhnOUlqSXpJaTglMkJQR2RzZVhCb0lIVnVhV052WkdVOUltTWlJR2RzZVhCb0xXNWhiV1U5SW1NaUlHaHZjbWw2TFdGa2RpMTRQU0kwTnpFeElpOCUyQlBDOW1iMjUwUGp3dlpHVm1jejQ4TDNOMlp6NE5DZyUzRCUzRCNtaW5pIi8%2BPC9mb250LWZhY2Utc3JjPjwvZm9udC1mYWNlPjxwYXRoIGlkPSJwYXRoIiBkPSJNMCAwbDAgNDJsMTYgMTZsNDcxMSAwIi8%2BPC9kZWZzPjwvc3ZnPg0K
from frame with URL
http://www.hixie.ch/tests/evil/acid/003/NOT_READY_PLEASE_DO_NOT_USE.html.
Domains, protocols and ports must match.


-- 
Configure bugmail: http://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

More information about the webkit-unassigned mailing list