256241 – setAppBadge() should reject with SecurityError if child iframe is not same origin-domain as top-origin

NEW256241

setAppBadge() should reject with SecurityError if child iframe is not same origin-domain as top-origin

https://bugs.webkit.org/show_bug.cgi?id=256241

Summary setAppBadge() should reject with SecurityError if child iframe is not same or...

Marcos Caceres

Reported 2023-05-02 18:52:16 PDT

As per spec, setAppBadge() should reject with SecurityError if child iframe is not same origin-domain as top-origin. Updated spec change: https://github.com/w3c/badging/pull/107 Relevant test: LayoutTests/imported/w3c/web-platform-tests/badging/setAppBadge_cross_origin.sub.html

Attachments
Add attachment proposed patch, testcase, etc.

Marcos Caceres

Comment 1 2023-05-02 18:53:29 PDT

<rdar://problem/107109904>

Marcos Caceres

Comment 2 2023-05-02 18:55:21 PDT

Pull request: https://github.com/WebKit/WebKit/pull/13389

Note You need to log in before you can comment on or make changes to this bug.

Status NEW

Resolution

Priority P2

Severity Normal

Classification Unclassified

Version Other

Hardware Unspecified

OS Unspecified

Product WebKit

Component WebKit Misc.

Assignee

Nobody

Reported

2023-05-02 18:52 PDT

Modified

2025-02-18 19:00 PST History

CC List

2 users Show

URL

https://wpt.live/badging/setAppBadge_cross_origin.sub.https.html

Keywords InRadar, WPTImpact

Depends on

Blocks