[Webkit-unassigned] [Bug 16968] Security violations in Acid3 test
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Jan 22 09:24:48 PST 2008
http://bugs.webkit.org/show_bug.cgi?id=16968
------- Comment #1 from sam at webkit.org 2008-01-22 09:24 PDT -------
I don't think this is usage of data: URLs is appropriate for the Acid3 test as
there is no specification that I know of (in the time frame allowed for Acid3
or after) that defines the behavior of access to data: URLs from JS. Following
a strict understanding of the same-origin policy, the behavior should not be
allowed as the protocols (or scheme if that is how you roll) differ.
Hixie, if you agree, the issue can be mitigated by using a file on the same
domain.
--
Configure bugmail: http://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the webkit-unassigned
mailing list