Updates: Cc: scarybeasts Comment #18 on issue 20450 by aba...@chromium.org: Chromium shouldn't allow XHR to local directories http://code.google.com/p/chromium/issues/detail?id=20450
The fix should be in WebKit, not in the browser, if we can help it. We should look at the code, but I think a trailing "/" in the URL might be dispositive. We can block access by returning false when we get a canRequest for these URLs and setting noAccess when we load these URLs into frames. The Firefox policy is most subtle. -- You received this message because you are listed in the owner or CC fields of this issue, or because you starred this issue. You may adjust your issue notification preferences at: http://code.google.com/hosting/settings -- Automated mail from issue updates at http://crbug.com/ Subscription options: http://groups.google.com/group/chromium-bugs