[Webkit-unassigned] [Bug 63257] When blocking localStorage, Firefox throws a security exception on access, and maybe so should we
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Sep 14 11:19:23 PDT 2012
https://bugs.webkit.org/show_bug.cgi?id=63257
--- Comment #25 from Dan Carney <dcarney at google.com> 2012-09-14 11:19:50 PST ---
(In reply to comment #24)
> (In reply to comment #17)
> > Created an attachment (id=164084)
--> (https://bugs.webkit.org/attachment.cgi?id=164084&action=review) [details] [details]
> > Another round - still chromium only complete
> >
> > Okay, I've taken the above comments into consideration, and done the following:
> >...
> > * introduced a canAccessStorage method which in the default implementation just checks for a detached frame. I'm not sure if this actually correct as I need to check what Firefox does here.
>
> Jeffrey Pfau (cc'ed) is adding a "3rd party storage blocking" feature that allows Webkit to block any 3rd party script from accessing any storage technologies.
>
> I think this canAccessStorage method should also check whether the access is disqualified based on 3rd party storage blocking.
There is already the following check in DOMWindow::localStorage and ::sessionStorage accessors:
document->securityOrigin()->canAccessLocalStorage()
I believe that checks for third party accesses and throws the exception. I can try to add it to the canAccessStorage, but that would be potentially expensive...
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list