[Webkit-unassigned] [Bug 34296] Provide a way for WebKit clients to specify a more granular policy for cross-origin frame access
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Jan 29 11:20:48 PST 2010
https://bugs.webkit.org/show_bug.cgi?id=34296
--- Comment #2 from Mike Thole <mthole at mikethole.com> 2010-01-29 11:20:48 PST ---
In related bug 24853, Aaron Boodman mentioned that:
"For example, we don't really need (and probably don't want) the ability to do
cross-frame scripting."
I wonder what the rationale for not wanting the ability to do cross-frame
scripting was? I added patch (47724) that adds a whiltelist check to
SecuriyOrigin::canAccess(). If we still don't want cross-frame access to go
along with XHR access, we'll need to do something a little more involved.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list