[Webkit-unassigned] [Bug 248390] New: [GTK] <svg><use> URIs not passed through WebKitWebPage::send-request
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Nov 28 04:46:28 PST 2022
https://bugs.webkit.org/show_bug.cgi?id=248390
Bug ID: 248390
Summary: [GTK] <svg><use> URIs not passed through
WebKitWebPage::send-request
Product: WebKit
Version: WebKit Nightly Build
Hardware: Unspecified
OS: Unspecified
Status: NEW
Severity: Normal
Priority: P2
Component: WebKitGTK
Assignee: webkit-unassigned at lists.webkit.org
Reporter: mcrha at redhat.com
CC: bugs-noreply at webkitgtk.org
When there's an HTML code snippet like this one:
<svg width='16' height='16'>
<use xlink:href='https://thisweek.gnome.org/images/icons.svg#link'></use>
</svg>
the WebKitGTK ignores the WebKitWebPage::send-request callback on the extension side and immediately claims:
mail://xxx/yyy/xzz?....:55:145: CONSOLE SECURITY ERROR Unsafe attempt to load URL https://thisweek.gnome.org/images/icons.svg from
origin mail://xxx. Domains, protocols and ports must match.
The URL from the `use` tag should be processed by the WebKitWebPage::send-request first, as is done for other URL-s, like for example with the <img src=...>.
This can be a security problem for use cases where the WebKitWebPage::send-request callback is supposed to filter what should be processed in what way (like manual download, which does not involve WebKitGTK internals).
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20221128/87715369/attachment.htm>
More information about the webkit-unassigned
mailing list