[Webkit-unassigned] [Bug 26388] New: WebKit should allow cross-site scripts to set top.opener.location to a different URL
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Sun Jun 14 13:08:50 PDT 2009
https://bugs.webkit.org/show_bug.cgi?id=26388
Summary: WebKit should allow cross-site scripts to set
top.opener.location to a different URL
Product: WebKit
Version: 528+ (Nightly build)
Platform: Macintosh
OS/Version: Mac OS X 10.5
Status: UNCONFIRMED
Severity: Major
Priority: P2
Component: WebCore JavaScript
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: webkitbugs.3.maxchee at spamgourmet.com
This bug exists on Safari 4 beta/final and WebKit nightly.
If I am not mistaken, the reason behind restricting cross-site scripts to set
top.opener.location is to prevent phishing attacks. However, this breaks bill
payment function of epost when accessed through financial institutions and
likely other websites. Instead of silently breaking those websites, WebKit
should allow cross-site scripts to set top.opener.location, but display a
warning on the target window when the domain is about to be changed.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the webkit-unassigned
mailing list