[Webkit-unassigned] [Bug 41802] Give WebKit clients a way to replace window.screen to foil attempts to track users with it

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Thu Sep 9 03:47:06 PDT 2010


--- Comment #19 from Robert Hogan <robert at webkit.org>  2010-09-09 03:47:05 PST ---
(In reply to comment #18)
> http/tests/security/cross-frame-access-put.html -> failed

This test is skipped in Qt but doesn't need to be - I can recreate the failure and get it to pass otherwise.

The difference in results is an extra console message:

CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe-for-put-test.html from frame with URL Domains, protocols and ports must match.

for the attempt to shadow the screen object cross-origin. The 'replaceable' attribute generates this new piece of code that the test invokes and which generates the console message:

void setJSDOMWindowScreen(ExecState* exec, JSObject* thisObject, JSValue value)
    if (!static_cast<JSDOMWindow*>(thisObject)->allowsAccessFrom(exec))
    // Shadowing a built-in object
    static_cast<JSDOMWindow*>(thisObject)->putDirect(Identifier(exec, "screen"), value);

So the test hasn't identified a regression. Updating results and resubmitting.

Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list