[Webkit-unassigned] [Bug 38152] New: sandbox iframes have access to top.history methods
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Apr 26 17:24:24 PDT 2010
https://bugs.webkit.org/show_bug.cgi?id=38152
Summary: sandbox iframes have access to top.history methods
Product: WebKit
Version: 528+ (Nightly build)
Platform: PC
OS/Version: Mac OS X 10.5
Status: UNCONFIRMED
Severity: Normal
Priority: P2
Component: Frames
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: evn at google.com
a sandboxed iframe can access top.history.back/forward/go when
allow-top-navigation is not setted.
sandboxer.html: <iframe src="sandboxed.html" sandbox="allow-scripts"><iframe>
sandboxed.html: <script>top.history.back()</script>
expected results: security error
actual results: the previous page is loaded
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list