Safari 5.01 complains about XSS problems

[GoogleCodeExporter]

Here's the sample code:
http://www.scottschmitz.com/SignOnTest.php

All the code does is call login() and logout() when you press the appropriate 
buttons.  If I execute this under Safari 5.01, I get a errors complaining about 
XSS scripting being unsafe.

Unsafe JavaScript attempt to access frame with URL about:blank from frame with 
URL ...m/SignOnTest.php. Domains, protocols and ports must match.

The page at https://www.google.com/accounts/AuthSubRevokeTokenJS ran insecure 
content from http://www.google.com/uds/modules/gdata/gdata-xd.js.

I just tested on iPAD and it was OK.  I believe that these errors are due to 
WebKit adding XSS checks to prevent malicious code from executing.

Original issue reported on code.google.com by SSchmit...@gmail.com on 12 Sep 2010 at 10:41

Attachments:

• SignOnTest.php

[GoogleCodeExporter]

I just tested on Google Chrome and, while I am getting the same errors, it 
looks like the code works.  I would love to catch those errors, but they are 
made with async calls and I can see no way to catch them at all!

Original comment by SSchmit...@gmail.com on 13 Sep 2010 at 1:56