[Webkit-unassigned] [Bug 246606] [GTK][WPE] Add provision to enable / disable websecurity
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Oct 17 07:41:43 PDT 2022
https://bugs.webkit.org/show_bug.cgi?id=246606
--- Comment #3 from Michael Catanzaro <mcatanzaro at gnome.org> ---
I suppose the use case is to allow one website that you control to script another website that you don't control? That will make it easier to do evil things, but the app developer using WebKit can inject anything into any page anyway, and it's not a terribly big step from that to allowing web content that you trust to do the same. But then again, it goes both ways: you'd better really trust *everything* that you're loading.
I guess it will be OK if only used by apps that load tightly-controlled custom web content, and never used by any normal desktop apps. The disadvantage I see is that some app developer might decide to use it without understanding the consequences.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20221017/6edb8f59/attachment.htm>
More information about the webkit-unassigned
mailing list