[Webkit-unassigned] [Bug 41802] Give WebKit clients a way to replace window.screen to foil attempts to track users with it
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Sep 9 03:47:06 PDT 2010
https://bugs.webkit.org/show_bug.cgi?id=41802
--- Comment #19 from Robert Hogan <robert at webkit.org> 2010-09-09 03:47:05 PST ---
(In reply to comment #18)
> http/tests/security/cross-frame-access-put.html -> failed
This test is skipped in Qt but doesn't need to be - I can recreate the failure and get it to pass otherwise.
The difference in results is an extra console message:
CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe-for-put-test.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-put.html. Domains, protocols and ports must match.
for the attempt to shadow the screen object cross-origin. The 'replaceable' attribute generates this new piece of code that the test invokes and which generates the console message:
void setJSDOMWindowScreen(ExecState* exec, JSObject* thisObject, JSValue value)
{
if (!static_cast<JSDOMWindow*>(thisObject)->allowsAccessFrom(exec))
return;
// Shadowing a built-in object
static_cast<JSDOMWindow*>(thisObject)->putDirect(Identifier(exec, "screen"), value);
}
So the test hasn't identified a regression. Updating results and resubmitting.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list