[Webkit-unassigned] [Bug 36692] Redo the file:// origin separation

Mon Mar 29 13:43:21 PDT 2010

https://bugs.webkit.org/show_bug.cgi?id=36692

--- Comment #12 from Chris Evans <scarybeasts at gmail.com>  2010-03-29 13:43:21 PST ---
In the case of the postMessage origin whilst we are in "isolated file origin"
mode, it sounds like a risk to return simply "file://". The message recipient
needs to know the full granularity of the source origin in order to avoid
getting security decisions wrong. I stand by the patch.

If you liked, as a simple tweak to resolve this for M5, we could return "null"
for all file:// origins when we are in "isolated file origin" mode. That's what
currently happens without this patch (toString() on a unique origin returns
"null"). v8 knows that a null origin implies it must always do access checks.

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.