[Webkit-unassigned] [Bug 21288] Implement HTML5's sandbox attribute for iframes
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Nov 10 08:17:44 PST 2009
https://bugs.webkit.org/show_bug.cgi?id=21288
Adam Barth <abarth at webkit.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #42859|review? |review-
Flag| |
--- Comment #22 from Adam Barth <abarth at webkit.org> 2009-11-10 08:17:41 PDT ---
(From update of attachment 42859)
This is getting really close! Thanks for working on this feature.
106 if (accessControlOriginString != "*" &&
securityOrigin->isSandboxed(SandboxOrigin))
I don't quite understand why we need to look at accessControlOriginString in
this check. It seems like passesAccessControlCheck should just return true
unconditionally when accessControlOriginString == "*" before we get here.
Also,
110 if (!accessControlOrigin->isSameSchemeHostPort(securityOrigin))
Should return false when securityOrigin is sandboxed.
90 HTMLFrameOwnerElement::inheritSandboxFlags
Shouldn't this push the new sandbox flags into the document's security origin
to keep it up-to-date?
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list