[Webkit-unassigned] [Bug 119284] New: Cross-origin access to Location::reload() should throw a SecurityError

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue Jul 30 15:57:53 PDT 2013


https://bugs.webkit.org/show_bug.cgi?id=119284

           Summary: Cross-origin access to Location::reload() should throw
                    a SecurityError
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: Unspecified
        OS/Version: Unspecified
            Status: NEW
          Keywords: BlinkMergeCandidate
          Severity: Normal
          Priority: P2
         Component: Page Loading
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: rniwa at webkit.org
                CC: ap at webkit.org, beidson at apple.com, aestes at apple.com


Consider merging https://chromium.googlesource.com/chromium/blink/+/c63cc03a571db043e50e904a6b462251f3ab6c1f

Location's 'reload' property is currently special-cased to be accessible
cross-origin, but doesn't actually perform the requested action when
executed. Instead, it dumps an error message to the console and returns
early.

Firefox's implementation throws an exception upon access of the property,
and given that we've just changed various other Location properties to
match this behavior. This also better aligns our behavior with the spec[1].

[1]: http://www.whatwg.org/specs/web-apps/current-work/multipage/history.html#security-location

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.



More information about the webkit-unassigned mailing list