WebKit Bugzilla
New
Browse
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
RESOLVED FIXED
154779
Prevent cross-origin access to Location.assign() / Location.reload()
https://bugs.webkit.org/show_bug.cgi?id=154779
Summary
Prevent cross-origin access to Location.assign() / Location.reload()
Chris Dumez
Reported
2016-02-27 12:47:54 PST
Prevent cross-origin access to Location.assign() / Location.reload() to match the latest specification:
https://html.spec.whatwg.org/multipage/browsers.html#crossoriginproperties-(-o
-) Firefox and Chrome already prevent this but Safari allows it. We should only allow cross origin access to Location.replace() and the Location.href setter.
Attachments
Patch
(16.93 KB, patch)
2016-02-27 13:27 PST
,
Chris Dumez
no flags
Details
Formatted Diff
Diff
View All
Add attachment
proposed patch, testcase, etc.
Chris Dumez
Comment 1
2016-02-27 13:27:20 PST
Created
attachment 272421
[details]
Patch
WebKit Commit Bot
Comment 2
2016-02-27 16:50:22 PST
Comment on
attachment 272421
[details]
Patch Clearing flags on attachment: 272421 Committed
r197263
: <
http://trac.webkit.org/changeset/197263
>
WebKit Commit Bot
Comment 3
2016-02-27 16:50:26 PST
All reviewed patches have been landed. Closing bug.
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug