[Webkit-unassigned] [Bug 36732] New: sandboxed iframes from same origin should not be granted notification permission of the parent frame unless allow-same-origin is specified
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Sun Mar 28 13:36:00 PDT 2010
https://bugs.webkit.org/show_bug.cgi?id=36732
Summary: sandboxed iframes from same origin should not be
granted notification permission of the parent frame
unless allow-same-origin is specified
Product: WebKit
Version: 528+ (Nightly build)
Platform: All
OS/Version: All
Status: NEW
Severity: Normal
Priority: P2
Component: WebCore Misc.
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: rafaelw at chromium.org
CC: abarth at webkit.org
<iframe sandbox="allow-scripts"> from the same origin as the host page should
be restricted from webkitNotifications.requestPermission(),
webkitNotification.createNotification() &
webkitNotification.createHTMLNotification unless allow-same-origin is
specified.
The underlying issue is that isUnique() is not being observed. Note that
https://bugs.webkit.org/show_bug.cgi?id=36625 changes the interface of
NotificationPresenter to pass the url rather than the security origin, so
clients will not longer be able to observe the bit.
Per discussion with abarth on #webkit, the preferred approach will be to have
the check of isUnique() take place prior to calling into the clients
NotificationPresenter.
Allow per discussion with abarth on #webkit, I set about creating an (if
checked in, failing) layout test, but the notifications layout tests do not yet
support granting permission via the layoutController and are disabled, so I've
attached a simple html test that should be easily adapted to a layout test.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list