[Webkit-unassigned] [Bug 17099] Add Mozilla tests for postMessage, fix bugs they reveal
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri May 9 16:06:16 PDT 2008
http://bugs.webkit.org/show_bug.cgi?id=17099
------- Comment #8 from jwalden+bwo at mit.edu 2008-05-09 16:06 PDT -------
(In reply to comment #6)
> - you're using the value of document.domain for determining origin -- you
> should use the actual location
>
> The fifth is probably most important -- it's a spoofing concern for hosts
> which give out subdomains (although at least it isn't a two-way channel
> unless "*" is used with the response, rather only subdomain->other).
On second thought, I have no reason to believe it's not two-way; I don't think
I tested that in the tests, and my reason for believing it was pure mental
rationalization.
(Last time I bugspam in this bug today, I promise! :-) )
--
Configure bugmail: http://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the webkit-unassigned
mailing list