Summary: | Cross-Origin-Options: deny/allow-postmessage should prevent getting navigated by cross-origin scripts | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | WebKit | Reporter: | Chris Dumez <cdumez> | ||||||
Component: | DOM | Assignee: | Chris Dumez <cdumez> | ||||||
Status: | RESOLVED FIXED | ||||||||
Severity: | Normal | CC: | cdumez, commit-queue, dbates, esprehn+autocc, ews-watchlist, ggaren, kangil.han, rniwa, webkit-bug-importer, wilander | ||||||
Priority: | P2 | Keywords: | InRadar | ||||||
Version: | WebKit Nightly Build | ||||||||
Hardware: | Unspecified | ||||||||
OS: | Unspecified | ||||||||
Bug Depends on: | 184996 | ||||||||
Bug Blocks: | |||||||||
Attachments: |
|
Description
Chris Dumez
2018-05-16 09:45:04 PDT
Created attachment 340526 [details]
Patch
Comment on attachment 340526 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=340526&action=review r=me > Source/WebCore/ChangeLog:9 > + Update our canNavigation() implementation [1] to take into account the Cross-Origin-Options header. canNavigate > Source/WebCore/ChangeLog:15 > + possible to trigger a "targetted" navigation via <a target="foo"> or open(url, "foo"). targeted Created attachment 340597 [details]
Patch
The commit-queue encountered the following flaky tests while processing attachment 340597 [details]: media/modern-media-controls/volume-support/volume-support-click.html bug 164229 (author: graouts@apple.com) The commit-queue is continuing to process your patch. Comment on attachment 340597 [details] Patch Clearing flags on attachment: 340597 Committed r231911: <https://trac.webkit.org/changeset/231911> All reviewed patches have been landed. Closing bug. |