[Webkit-unassigned] [Bug 36692] Redo the file:// origin separation
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Mar 29 10:42:31 PDT 2010
https://bugs.webkit.org/show_bug.cgi?id=36692
--- Comment #11 from Adam Barth <abarth at webkit.org> 2010-03-29 10:42:31 PST ---
(In reply to comment #10)
> It's a security vulnerability to not consider the full file:// origin context
> in toString(). v8, at least, uses SecurityOrigin::toString() as a cache key for
> cached permission checks.
If so, then there's a lot more work to do to fix this bug bug completely.
> Since it's a security contract an unknown number of consumers are depending on,
> I really don't want to change it.
We can't land the patch you've attached here because it changes something in
the web platform that we don't want to change. If you enable this setting by
default an run the LayoutTests, I think you'll find at least one failing test
because of this issue.
> How is this value exposed to Javascript? We can think about whether it makes
> logical sense or not.
It's exposed as the "origin" property of message events generated via
postMessage. It's also exposed in the Origin HTTP header that's part of CORS.
There might be other cases, but those are the ones that come to mind.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list