Bug 256241

Summary:	setAppBadge() should reject with SecurityError if child iframe is not same origin-domain as top-origin
Product:	WebKit	Reporter:	Marcos Caceres <marcosc>
Component:	WebKit Misc.	Assignee:	Nobody <webkit-unassigned>
Status:	NEW
Severity:	Normal	CC:	ahmad.saleem792, webkit-bug-importer
Priority:	P2	Keywords:	InRadar, WPTImpact
Version:	Other
Hardware:	Unspecified
OS:	Unspecified
URL:	https://wpt.live/badging/setAppBadge_cross_origin.sub.https.html

Marcos Caceres

Reported 2023-05-02 18:52:16 PDT

As per spec, setAppBadge() should reject with SecurityError if child iframe is not same origin-domain as top-origin. Updated spec change: https://github.com/w3c/badging/pull/107 Relevant test: LayoutTests/imported/w3c/web-platform-tests/badging/setAppBadge_cross_origin.sub.html

Attachments
Add attachment proposed patch, testcase, etc.

Marcos Caceres

Comment 1 2023-05-02 18:53:29 PDT

<rdar://problem/107109904>

Marcos Caceres

Comment 2 2023-05-02 18:55:21 PDT

Pull request: https://github.com/WebKit/WebKit/pull/13389

Note You need to log in before you can comment on or make changes to this bug.