| Index: Source/core/frame/Location.idl
|
| diff --git a/Source/core/frame/Location.idl b/Source/core/frame/Location.idl
|
| index c8ea4f0675f281c1e1f4c1d5892c17ae154f2ab7..da81ecff9f585b6d5781ef7040e8320a339d950d 100644
|
| --- a/Source/core/frame/Location.idl
|
| +++ b/Source/core/frame/Location.idl
|
| @@ -29,6 +29,11 @@
|
| [
|
| CheckSecurity=Frame,
|
| ] interface Location {
|
| + // |assign|, |replace|, and *writing* |href| do not require a security
|
| + // check, as they *change* the page, and thus these do not change any
|
| + // property of an *existing* document at a different origin.
|
| + // However, *reading* |href|, or accessing any component, is a security
|
| + // problem, since that allows tracking navigation.
|
| [SetterCallWith=ActiveWindow&FirstWindow, DoNotCheckSecurity=Setter, Unforgeable] attribute DOMString href;
|
|
|
| [CallWith=ActiveWindow&FirstWindow, DoNotCheckSecurity, Unforgeable, ReadOnly, PerWorldBindings, ActivityLogging=ForIsolatedWorlds] void assign([Default=Undefined] optional DOMString url);
|
|
|
Chromium Code Reviews
Issue 77723003:
[DoNotCheckSecurity=Getter] => [DoNotCheckSecurity] (Closed)
Base URL: svn://svn.chromium.org/blink/trunk