[Webkit-unassigned] [Bug 44420] Bogus JS security exception when accessing an object from another frame
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Aug 24 10:51:50 PDT 2010
https://bugs.webkit.org/show_bug.cgi?id=44420
--- Comment #6 from koszalekopalek at interia.pl 2010-08-24 10:51:50 PST ---
Second thoughts.
1) Is using .allow_access file flexible enough?
I have application ABC in directory C:/abc/ and application XYZ in directory C:/xyz. I would like to allow both applications to access files in respective directories, however, in the paranoia mode I don't want application ABC to access files in C:/xyz.
So, maybe this .allow_access file should be a configuration file (much like apache's .htacces), one entry being application id.
*) What other entries are needed?
*) What should be the format of the file? (JSON?)
*) What other entries, if any, are needed?
An elegant and flexible solution might be picked by other browsers, I don't think an .allow_access hack will.
2) The backwards compatibility is broken for most legitimate and innocent applications (documentation systems using framesets). What about allowing local access for files that are older than 2010.08 even if if .allow_access does not exist? In this way existing documentation framesets will continue to work (unless copied). Newly generated documentation will have to be shipped with the .allow_access file.
I hope this is a legitimate comment, could you paste it to http://code.google.com/p/chromium/issues/detail?id=47416 (adding comments is restricted at the moment).
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list