-
weinig authored
Reviewed by Geoff. Tests for <rdar://problem/5326791> * http/tests/security/cross-frame-access-expected.txt: * http/tests/security/cross-frame-access-put-expected.txt: Added. * http/tests/security/cross-frame-access-put.html: Added. * http/tests/security/resources/cross-frame-iframe-for-put-test.html: Added. WebCore: Reviewed by Geoff. Fix for <rdar://problem/5326791> XSS vulnerability: ability to set window.defaultStatus, window.defaultstatus and window.status cross domains Test: http/tests/security/cross-frame-access-put.html * bindings/js/kjs_window.cpp: (KJS::Window::put): Adds isSafeScript check for defaultStatus, defaultstatus and status cases. git-svn-id: http://svn.webkit.org/repository/webkit/trunk@24181 268f45cc-cd09-0410-ab3c-d52691b4dbfc
76781f60