[Webkit-unassigned] [Bug 36692] Redo the file:// origin separation
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Mar 29 13:43:21 PDT 2010
https://bugs.webkit.org/show_bug.cgi?id=36692
--- Comment #12 from Chris Evans <scarybeasts at gmail.com> 2010-03-29 13:43:21 PST ---
In the case of the postMessage origin whilst we are in "isolated file origin"
mode, it sounds like a risk to return simply "file://". The message recipient
needs to know the full granularity of the source origin in order to avoid
getting security decisions wrong. I stand by the patch.
If you liked, as a simple tweak to resolve this for M5, we could return "null"
for all file:// origins when we are in "isolated file origin" mode. That's what
currently happens without this patch (toString() on a unique origin returns
"null"). v8 knows that a null origin implies it must always do access checks.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list