[Webkit-unassigned] [Bug 31098] [XSSAuditor] Allow scripts and plug-ins from the same origin

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Sun Nov 8 15:26:55 PST 2009


https://bugs.webkit.org/show_bug.cgi?id=31098


Daniel Bates <dbates at webkit.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
  Attachment #42721|                            |review?
               Flag|                            |




--- Comment #3 from Daniel Bates <dbates at webkit.org>  2009-11-08 15:26:54 PDT ---
Created an attachment (id=42721)
 --> (https://bugs.webkit.org/attachment.cgi?id=42721)
Patch with test case

Since XSSAuditor::canLoadExternalScriptFromSrc, XSSAuditor::canLoadObject, and
XSSAuditor::canSetBaseElementURL should all allow same-origin loads, I defined
a new method XSSAuditor::isSameOriginResource, as opposed to inlining the
same-origin check.

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.



More information about the webkit-unassigned mailing list