Flash does something similar, but not *precisely* the same. I stand
by my statement that the below is insecure.
Adam
On Mon, Jun 8, 2009 at 8:08 PM, John Abd-El-Malek<j...@chromium.org> wrote:
> BTW this is how Flash does it.
>
> On Mon, Jun 8, 2009 at 7:47 PM, Adam Barth <aba...@chromium.org> wrote:
>>
>> On Mon, Jun 8, 2009 at 1:29 PM, vijay<tec...@gmail.com> wrote:
>> > We used to use NPN_GetURL with "javascript:document.location" as the
>> > URL. In the current implementation, after this script is executed in
>> > WebPluginImpl::ExecuteScript (in src/webkit/glue/webplugin_impl.cc),
>> > its checking the result value:
>>
>> This is not a secure way to determine which page embedded the plug-in.
>> If you require this value to make a security decision, you should use
>> a different approach.
>>
>> Adam
>>
>> >>
>
>
--~--~---------~--~----~------------~-------~--~----~
Chromium Developers mailing list: chromium-dev@googlegroups.com
View archives, change email options, or unsubscribe:
http://groups.google.com/group/chromium-dev
-~----------~----~----~----~------~----~------~--~---
