[Webkit-unassigned] [Bug 110831] New: Plug-ins from third-party domains in the top frame can still set LSOs
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Feb 25 18:11:44 PST 2013
https://bugs.webkit.org/show_bug.cgi?id=110831
Summary: Plug-ins from third-party domains in the top frame can
still set LSOs
Product: WebKit
Version: 528+ (Nightly build)
Platform: Unspecified
OS/Version: Unspecified
Status: NEW
Severity: Normal
Priority: P2
Component: WebKit Misc.
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: jeffrey at endrift.com
Since r127513, plug-ins from third-party contexts have been forced into private browsing mode; however, this patch only defines a third-party context as a subframe; an embed to a third-party domain in the main frame will not be forced into private browsing mode.
Changing this to force third-party domain embeds, however, will break upload sites e.g. for Flash games that use CDNs or subdomains to ensure cookies are safe, such as Newgrounds and Kongregate.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list