[Webkit-unassigned] [Bug 142341] Fonts should be treated as active mixed content
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Mar 5 11:02:30 PST 2015
https://bugs.webkit.org/show_bug.cgi?id=142341
Alexey Proskuryakov <ap at webkit.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |ap at webkit.org,
| |sam at webkit.org
--- Comment #1 from Alexey Proskuryakov <ap at webkit.org> ---
I think that the old definition of active content is what can run JS code in the context of the current page, thus enabling XSS for an active attacker who can can replace non-encrypted content.
I'm not sure how to make sense of this proposed change. Is it really about protecting against arbitrary code execution attacks on https pages?
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20150305/b87bd70d/attachment-0002.html>
More information about the webkit-unassigned
mailing list