[Webkit-unassigned] [Bug 84865] New: SecurityOrigin::canLoad() should return true when m_universalAccess is true

Wed Apr 25 07:59:45 PDT 2012

https://bugs.webkit.org/show_bug.cgi?id=84865

           Summary: SecurityOrigin::canLoad() should return true when
                    m_universalAccess is true
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: Unspecified
        OS/Version: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: WebCore Misc.
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: yong.li.webkit at gmail.com
                CC: sam at webkit.org, abarth at webkit.org

At the time m_universalAccess was invented, it was supposed to by-pass all security checks.

http://trac.webkit.org/changeset/40449

2009-01-30 Adam Barth < abarth at webkit.org>

    Reviewed by Sam Weinig.

    Add a pref to disable web security.

Then SecurityOrigin::canLoad() was added later with code moved from FrameLoader, and it doesn't respect m_universalAccess. The result is even m_universalAccess is on, there can still be some contents blocked by canLoad().

I think it makes sense that SecurityOrigin::canLoad() should also check m_universalAccess.

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.