Browser Frame Injection Vulnerability, review needed
Waldo Bastian
bastian at kde.org
Wed Jul 7 20:24:03 BST 2004
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
There was a frame vulnerability reported last week, we have some patches
floating around at http://bugs.kde.org/show_bug.cgi?id=84352
Some feedback on those would be nice. In particular it seems that frames
inherit their "domain" from the toplevel loading frameset. I would expect
that it would inherit its domain from its loading frameset, but not from the
frameset's frameset, as seems to be the case. Is that a bug or is there a
reason why that is as it is?
Cheers,
Waldo
- --
bastian at kde.org | KDE Community World Summit 2004 | bastian at suse.com
bastian at kde.org | 21-29 August, Ludwigsburg, Germany | bastian at suse.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
iD8DBQFA7E3UN4pvrENfboIRArGpAJkBOA/PeIK8S7qXA3naP7OXeQjGbgCggrLr
ZQuaYETohj/1KvbbW1lKZjg=
=J7Gc
-----END PGP SIGNATURE-----
More information about the kfm-devel
mailing list