[Webkit-unassigned] [Bug 142341] Fonts should be treated as active mixed content

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Thu Mar 5 11:02:30 PST 2015


Alexey Proskuryakov <ap at webkit.org> changed:

           What    |Removed                     |Added
                 CC|                            |ap at webkit.org,
                   |                            |sam at webkit.org

--- Comment #1 from Alexey Proskuryakov <ap at webkit.org> ---
I think that the old definition of active content is what can run JS code in the context of the current page, thus enabling XSS for an active attacker who can can replace non-encrypted content. 

I'm not sure how to make sense of this proposed change. Is it really about protecting against arbitrary code execution attacks on https pages?

You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20150305/b87bd70d/attachment-0002.html>

More information about the webkit-unassigned mailing list