[Webkit-unassigned] [Bug 20642] New: Adopt opener restriction for top-level frame navigation
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Sep 4 02:20:12 PDT 2008
https://bugs.webkit.org/show_bug.cgi?id=20642
Summary: Adopt opener restriction for top-level frame navigation
Product: WebKit
Version: 528+ (Nightly build)
Platform: All
URL: http://blogs.msdn.com/ie/archive/2008/09/02/ie8-
security-part-vi-beta-2-update.aspx
OS/Version: All
Status: NEW
Severity: Normal
Priority: P2
Component: Frames
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: abarth at webkit.org
CC: sam at webkit.org, collinj at webkit.org
Both IE 8 beta 2 and Firefox 3 now support the "opener restriction" for
navigation of top-level frames. We discussed this a number of months ago when
we did the initial frame navigation work, but opted not to implement the
restriction. Here is what it does:
Suppose window X opens window Y via window.open(...). If window Z tries to
navigate Y, the navigation will be blocked if Z is not the same origin as X
(the opener of Y).
I'm not convinced the opener restriction actually prevents any real attacks,
but it's probably worth matching the behavior of other browsers. (Opera has a
very complex policy for top-level windows, for example caring if a window is
showing an HTTPS page or not).
For some older context, see
http://crypto.stanford.edu/websec/frames/navigation/
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the webkit-unassigned
mailing list