On Thu, 7 Feb 2008, Hallvord R M Steen wrote:
Adam Barth and Collin Jackson pointed out to me that while investigating
frame navigation policies they found that a recipient of a postMessage
in Opera can set event.source.location, thus navigate the sender
window/document. I think this is a
On Feb 7, 2008 4:32 AM, Hallvord R M Steen [EMAIL PROTECTED] wrote:
One case I'm still
somewhat concerned about is that one is allowed to set the location of
any top-level window according to the ancestor policy,
Yes. I think there is a lot of room for improvement in this part of
the
I'm a bit late to this party due to turning off list email because I didn't
think I could handle it in addition to all the other email I receive. I just
reenabled it to not miss anything; we'll see how this actually goes this time
around. :-\
Adam Barth wrote:
On Feb 7, 2008 4:32 AM,
Adam Barth and Collin Jackson pointed out to me that while
investigating frame navigation policies they found that a recipient of
a postMessage in Opera can set event.source.location, thus navigate
the sender window/document. I think this is a bug in the API itself.
This seems to violate the
On Feb 7, 2008 10:24 AM, Hallvord R M Steen wrote:
Adam Barth and Collin Jackson pointed out to me that while
investigating frame navigation policies they found that a recipient of
a postMessage in Opera can set event.source.location, thus navigate
the sender window/document. I think this is a
Hallvord,
On Feb 7, 2008 1:24 AM, Hallvord R M Steen [EMAIL PROTECTED] wrote:
Adam Barth and Collin Jackson pointed out to me that while
investigating frame navigation policies they found that a recipient of
a postMessage in Opera can set event.source.location, thus navigate
the sender
On 07/02/2008, Hallvord R M Steen [EMAIL PROTECTED] wrote:
That is of course a possibility. I don't have Firefox 3 handy so I'd
appreciate somebody explaining how it is implemented there.
By the way, I recommend Minefield (the Firefox 3 nightlies) to anyone.
I now use it as my default browser
On 07/02/2008, Thomas Broyer [EMAIL PROTECTED] wrote:
On Feb 7, 2008 10:24 AM, Hallvord R M Steen wrote:
Adam Barth and Collin Jackson pointed out to me that while
investigating frame navigation policies they found that a recipient of
a postMessage in Opera can set event.source.location,
Adam Barth and Collin Jackson pointed out to me that while
investigating frame navigation policies they found that a recipient of
a postMessage in Opera can set event.source.location, thus navigate
the sender window/document. I think this is a bug in the API itself.
When one frame posts
On Feb 7, 2008 2:27 AM, Hallvord R M Steen [EMAIL PROTECTED] wrote:
Opera assumes that if a script
has a JavaScript pointer to a frame then that script is permitted to
navigate that frame.
This is actually per the spec and required for web compatibility: any
script that has a pointer to a
On Feb 7, 2008, at 2:27 AM, Hallvord R M Steen wrote:
The source attribute of the message event does not leak any
privileges
to the recipient in Internet Explorer, Firefox, and Safari because
these browsers do not make this assumption and instead check whether
the script is permitted to
Opera assumes that if a script
has a JavaScript pointer to a frame then that script is permitted to
navigate that frame.
This is actually per the spec and required for web compatibility
Here is a test case:
http://crypto.stanford.edu/~abarth/research/html5/sibling/
Ah sorry, I see
On Feb 7, 2008 10:59 AM, Hallvord R M Steen wrote:
Have a look at section 4.7.4.1. Security which reads:
User agents must raise a security exception whenever any of the
members of a Location object are accessed by scripts whose origin is
not the same as the Location object's associated
13 matches
Mail list logo