[Webkit-unassigned] [Bug 51674] [Qt] LocalContentCanAccessRemoteUrls creates cross frame scripting vulnerability

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Mon Jan 3 06:55:50 PST 2011


--- Comment #7 from Benjamin Poulain <benjamin.poulain at nokia.com>  2011-01-03 06:55:49 PST ---
(In reply to comment #6)
> Its not just a documentation issue. If you read my comment, the property gives universalAccess to the securityOrigin on which its set. It creates security problems when used in applications which needs only XHR. 
> [...]

I understand that, but it is an other problem altogether. You should create another bug report for that.

This bug is about "LocalContentCanAccessRemoteUrls", which as you said has documentation problem. The patch for this particular bug is updating the doc. What you need is a new use case that you should detail separately.

Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list