[Webkit-unassigned] [Bug 35556] New: REGRESSION(r51097) - Unable to log in to statefarm.com
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Mar 1 17:15:00 PST 2010
https://bugs.webkit.org/show_bug.cgi?id=35556
Summary: REGRESSION(r51097) - Unable to log in to statefarm.com
Product: WebKit
Version: 528+ (Nightly build)
Platform: All
OS/Version: All
Status: NEW
Severity: Normal
Priority: P2
Component: Page Loading
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: beidson at apple.com
REGRESSION(r51097) - Unable to log in to statefarm.com
Logging in to statefarm.com takes you to a page with the following content:
<script EVENT="onload()" FOR="window" LANGUAGE="JavaScript">
... /* some cookie stuff */ ...
document.location.replace("https://online.statefarm.com/apps/SecurityQA/ChallengeQA.asp?returnURL=http://www.statefarm.com/account.htm");
//-->
</script>
After r51097, we wouldn't execute any script with a "for" attribute.
Firefox handles this fine. They have a rule that allows:
-Only "for"
-Only "event"
-"for" and "event" where "for=window" and "event=onload()"
See https://bugzilla.mozilla.org/show_bug.cgi?id=184159 for more discussion
about this.
We should copy their rule.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list