[Webkit-unassigned] [Bug 34296] Provide a way for WebKit clients to specify a more granular policy for cross-origin frame access
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Feb 22 22:39:40 PST 2010
https://bugs.webkit.org/show_bug.cgi?id=34296
--- Comment #8 from Adam Barth <abarth at webkit.org> 2010-02-22 22:39:40 PST ---
> Although canAccess() isn't entirely symmetric today, given that some
> SecurityOrigins are granted universal access and canAccess() respects that.
Indeed. I'm been on a multi-year odyssey to remove these cases. I think this
situation is removed in the default settings for every port except the Mac
port. My understanding is that future version of Safari will use a the
non-default setting but that we're worried about non-Safari clients of WebKit
relying on the old (insecure) behavior.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list