[Webkit-unassigned] [Bug 256241] New: setAppBadge() should reject with SecurityError if child iframe is not same origin-domain as top-origin

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue May 2 18:52:16 PDT 2023 

https://bugs.webkit.org/show_bug.cgi?id=256241

            Bug ID: 256241
           Summary: setAppBadge() should reject with SecurityError if
                    child iframe is not same origin-domain as top-origin
           Product: WebKit
           Version: Other
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: WebKit Misc.
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: marcosc at apple.com

As per spec, setAppBadge() should reject with SecurityError if child iframe is not same origin-domain as top-origin.

Updated spec change:
https://github.com/w3c/badging/pull/107

Relevant test: 
LayoutTests/imported/w3c/web-platform-tests/badging/setAppBadge_cross_origin.sub.html

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20230503/3648ee90/attachment.htm>

More information about the webkit-unassigned mailing list