[Webkit-unassigned] [Bug 156651] [GTK] Expose AllowUniversalAccessFromFileURLs preference now that calling localStorage.getItem() results in SecurityError: DOM Exception 18
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Apr 18 23:50:05 PDT 2016
https://bugs.webkit.org/show_bug.cgi?id=156651
--- Comment #30 from Carlos Garcia Campos <cgarcia at igalia.com> ---
(In reply to comment #28)
> (In reply to comment #26)
> > 1.- Patch WebKit in 2.12 branch only to allow access to local storage from
> > file URLs when AllowFileAccessFromFileURLS is set.
>
> No please, let's not change the semantics of this setting just for a stable
> branch.
It's not actually changing the semantics, it's just assuming that if you enabled that setting is because your app is serving file URIs and you also want to allow access to the local storage, for backwards compatibility only.
> > 2.- Roll out the patch that introduced the issue. It doesn't look like a so
> > serious issue in the end, and it has always been that way.
>
> I dunno about that either; arbitrary access to localStorage seems pretty
> serious.
That's why my initial proposal was to limit it to apps already enabling file access. We could also check the document URL to see if it's a local file, but it could be a custom URI scheme or a resource:/.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20160419/84a00c87/attachment-0001.html>
More information about the webkit-unassigned
mailing list