Security: Setting document.domain to "org" or any other TLD
Reported by fon...@gmail.com, Nov 8 2011
Nov 8 2011,
Funny I was asking this question just the other day. It's not a security vulnerability, really, because no self-respecting web page should ever set document.domain = "com". It is a vulnerability of the site if that is the case. That said, other browsers do it as precaution, and we should too. Nobody has picked it up because the webkit plumbing it needs is onerous.
Oct 13 2012,
This issue has been closed for some time. No one will pay attention to new comments. If you are seeing this bug or have new data, please click New Issue to start a new bug.
Mar 10 2013,
Mar 11 2013,
Oct 2 2016,
Sign in to add a comment