[Webkit-unassigned] [Bug 35802] Gadget embed blocked due to URL in content
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Sat Mar 6 20:32:21 PST 2010
https://bugs.webkit.org/show_bug.cgi?id=35802
--- Comment #5 from Adam Barth <abarth at webkit.org> 2010-03-06 20:32:21 PST ---
I think googleusercontent.com is meant to be a "throw away" domain that hosts
untrusted content. From your description it sounds like the gadget itself has
an XSS vulnerability. The gadget author should probably either fix their
security vulnerability or opt out of XSS protection by sending the
X-XSS-Protection: 0 header. (Note that this control header is still under
review at <https://bugs.webkit.org/show_bug.cgi?id=34436>.)
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list