RESOLVED FIXED 154779
Prevent cross-origin access to Location.assign() / Location.reload()
https://bugs.webkit.org/show_bug.cgi?id=154779
Summary Prevent cross-origin access to Location.assign() / Location.reload()
Chris Dumez
Reported 2016-02-27 12:47:54 PST
Prevent cross-origin access to Location.assign() / Location.reload() to match the latest specification: https://html.spec.whatwg.org/multipage/browsers.html#crossoriginproperties-(-o-) Firefox and Chrome already prevent this but Safari allows it. We should only allow cross origin access to Location.replace() and the Location.href setter.
Attachments
Patch (16.93 KB, patch)
2016-02-27 13:27 PST, Chris Dumez
no flags
Chris Dumez
Comment 1 2016-02-27 13:27:20 PST
WebKit Commit Bot
Comment 2 2016-02-27 16:50:22 PST
Comment on attachment 272421 [details] Patch Clearing flags on attachment: 272421 Committed r197263: <http://trac.webkit.org/changeset/197263>
WebKit Commit Bot
Comment 3 2016-02-27 16:50:26 PST
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.