[Webkit-unassigned] [Bug 28951] New: QtWebKit fix insecure default for LocalContentCanAccessRemoteUrls
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Sep 3 08:39:18 PDT 2009
https://bugs.webkit.org/show_bug.cgi?id=28951
Summary: QtWebKit fix insecure default for
LocalContentCanAccessRemoteUrls
Product: WebKit
Version: 528+ (Nightly build)
Platform: Other
OS/Version: All
Status: UNCONFIRMED
Severity: Major
Priority: P2
Component: WebKit Qt
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: rich at kde.org
Richard Moore <rich at kde.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #38992| |review?
Flag| |
Created an attachment (id=38992)
--> (https://bugs.webkit.org/attachment.cgi?id=38992)
Patch to correct behaviour
QtWebKit uses an unsafe default that allows local content to access arbitrary
URLs. Similar issues in other browsers have recently led to a spate of
vulnerabilities. This issue was discussed in the context of web kit in the
following email thread:
https://lists.webkit.org/pipermail/webkit-dev/2009-August/009557.html
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list