[Webkit-unassigned] [Bug 83721] New: Framesniffing defense is too aggressive.
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Apr 11 14:49:39 PDT 2012
https://bugs.webkit.org/show_bug.cgi?id=83721
Summary: Framesniffing defense is too aggressive.
Product: WebKit
Version: 528+ (Nightly build)
Platform: Unspecified
OS/Version: Unspecified
Status: NEW
Severity: Normal
Priority: P2
Component: WebCore Misc.
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: tsepez at chromium.org
Follow on from bug 73083 comment #49 From Paul Stone 2012-04-10 09:10:34 PST:
Broken testcase (works in Firefox)
I just tested this in the Chrome Canary builds, and it seems that the fix is a bit too agressive. When navigating to a fragment in a cross-origin frame, it prevents the frame itself from scrolling. The frame itself should scroll (there's no leak there, Firefox still allows this), but it should prevent any any ancestor frames from scrolling if they're cross-origin.
I've attached a simple testcase that works in Firefox, but is broken in the Canary build. I think this could break some websites - for example API documentation that uses frames, where the table-of-contents pane is on a different (sub)domain than the main frame.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list