[Webkit-unassigned] [Bug 31098] [XSSAuditor] Allow scripts and plug-ins from the same origin
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Sun Nov 8 15:26:55 PST 2009
https://bugs.webkit.org/show_bug.cgi?id=31098
Daniel Bates <dbates at webkit.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #42721| |review?
Flag| |
--- Comment #3 from Daniel Bates <dbates at webkit.org> 2009-11-08 15:26:54 PDT ---
Created an attachment (id=42721)
--> (https://bugs.webkit.org/attachment.cgi?id=42721)
Patch with test case
Since XSSAuditor::canLoadExternalScriptFromSrc, XSSAuditor::canLoadObject, and
XSSAuditor::canSetBaseElementURL should all allow same-origin loads, I defined
a new method XSSAuditor::isSameOriginResource, as opposed to inlining the
same-origin check.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list