• abarth@webkit.org's avatar
    2011-01-01 Adam Barth <abarth@webkit.org> · 14e08540
    abarth@webkit.org authored
            Reviewed by Eric Seidel.
    
            sandbox iframes have access to top.history methods
            https://bugs.webkit.org/show_bug.cgi?id=38152
    
            To enforce the sandbox restrictions on History, we need to pass the
            ScriptExecutionContext to WebCore.  This patch leaves the original
            History methods in place because they are used directly by folks who
            don't care about security checks.
    
            Test: fast/frames/sandboxed-iframe-history-denied.html
    
            * page/History.cpp:
            (WebCore::History::back):
            (WebCore::History::forward):
            (WebCore::History::go):
            * page/History.h:
            * page/History.idl:
    2011-01-01  Justin Schuh  <jschuh@chromium.org>
    
            Reviewed by Eric Seidel.
    
            sandbox iframes have access to top.history methods
            https://bugs.webkit.org/show_bug.cgi?id=38152
    
            Test that sandboxed iframes cannot use history to navigate the top
            frame.  This test is less than ideal, as described in the test itself.
            If I was really on top of things, I'd add a test for successful use of
            the history API when allow-top-navigation is set, but that test would
            be complicated and I'm lazy (enough to copy directly from abarth).
    
            * fast/frames/sandboxed-iframe-history-denied-expected.txt: Added.
            * fast/frames/sandboxed-iframe-history-denied.html: Added.
    
    
    git-svn-id: http://svn.webkit.org/repository/webkit/trunk@74853 268f45cc-cd09-0410-ab3c-d52691b4dbfc
    14e08540
sandboxed-iframe-history-denied.html 1.03 KB