[Webkit-unassigned] [Bug 27239] Do not do HTTP Refresh to javascript: or other dangerous URI schemes
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Aug 10 09:12:59 PDT 2009
https://bugs.webkit.org/show_bug.cgi?id=27239
--- Comment #8 from Adam Barth <abarth at webkit.org> 2009-08-10 09:12:57 PDT ---
Comment from a user on the Chromium issue tracker:
[[
Comment 6 by sbjesse, Today (1 minute ago)
@abarth thx for the pointer. but i think the most direct fix is on the
view-source
scheme, where no redirection/refresh is expected, not restricting
refresh-target
schemes (although either a hardcoded or a tunable list will be quite cool)
]]
Should we restrict this change to view source frames only? We should test
interoperability here.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list