Issue 2797: SecurityOrigin::canRequest grants local URLs universal access http://code.google.com/p/chromium/issues/detail?id=2797
New issue report by [EMAIL PROTECTED]: In the merge, we picked up SecurityOrigin::canRequest, which lets local files (those from file:// URLs) request any URL (e.g., via XMLHttpRequest). Our policy is not to grant file:// URLs this universal access. To fix this issue, just remove the lines: if (isLocal()) return true; from the function. I'm working with upstream to have this controlled by a pref so we can unfork this file. Issue attributes: Status: Untriaged Owner: [EMAIL PROTECTED] CC: [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED] Labels: Type-Bug Pri-2 OS-All Area-Unknown WebKitMerge -- You received this message because you are listed in the owner or CC fields of this issue, or because you starred this issue. You may adjust your issue notification preferences at: http://code.google.com/hosting/settings --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Chromium-bugs" group. To post to this group, send email to chromium-bugs@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/chromium-bugs?hl=en -~----------~----~----~----~------~----~------~--~---