[Webkit-unassigned] [Bug 17099] Add Mozilla tests for postMessage, fix bugs they reveal

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Fri May 9 16:06:16 PDT 2008


------- Comment #8 from jwalden+bwo at mit.edu  2008-05-09 16:06 PDT -------
(In reply to comment #6)
> - you're using the value of document.domain for determining origin -- you
>   should use the actual location
> The fifth is probably most important -- it's a spoofing concern for hosts
> which give out subdomains (although at least it isn't a two-way channel
> unless "*" is used with the response, rather only subdomain->other).

On second thought, I have no reason to believe it's not two-way; I don't think
I tested that in the tests, and my reason for believing it was pure mental

(Last time I bugspam in this bug today, I promise!  :-) )

Configure bugmail: http://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

More information about the webkit-unassigned mailing list