[Webkit-unassigned] [Bug 130398] [WK2][GTK] Expose the enable-web-security property in WebKit2GTK API
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Sep 11 02:50:00 PDT 2015
https://bugs.webkit.org/show_bug.cgi?id=130398
Mario Sanchez Prada <mario at webkit.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|RESOLVED |REOPENED
Resolution|WONTFIX |---
--- Comment #17 from Mario Sanchez Prada <mario at webkit.org> ---
(In reply to comment #16)
> Let's say we'd like to write an local application written in HTML that runs
> within WebKit, what would be the solution if not this API to let the local
> application load resources from the web ?
After more than one year with this thing buried i nthe bugzilla, I recently stumbled into a situation quite similar to the one described by Nicolas, where the only way I could move forward was by disabling web-security.
To be clear, this happens in a context where I'm sure disabling this option does not pose any problem (i.e. not a full fledged browser), and where we control all the local content being loaded by the webview, meaning that there's no way anyone could inject a XSS attack or anything, pretty much like the case for testing the CSS test suite mentioned initially along with this bug report.
So, I'd like to get this discussion back to life again, see if we can agree on adding this property to the public API, so that embedders of WebKitGTK can use it if needed, without needing downstream patches.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20150911/2f48d8be/attachment.html>
More information about the webkit-unassigned
mailing list