[Webkit-unassigned] [Bug 17099] Add Mozilla tests for postMessage, fix bugs they reveal

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Fri May 9 16:06:16 PDT 2008


http://bugs.webkit.org/show_bug.cgi?id=17099





------- Comment #8 from jwalden+bwo at mit.edu  2008-05-09 16:06 PDT -------
(In reply to comment #6)
> - you're using the value of document.domain for determining origin -- you
>   should use the actual location
> 
> The fifth is probably most important -- it's a spoofing concern for hosts
> which give out subdomains (although at least it isn't a two-way channel
> unless "*" is used with the response, rather only subdomain->other).

On second thought, I have no reason to believe it's not two-way; I don't think
I tested that in the tests, and my reason for believing it was pure mental
rationalization.

(Last time I bugspam in this bug today, I promise!  :-) )


-- 
Configure bugmail: http://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.



More information about the webkit-unassigned mailing list