-
tsepez@chromium.org authored
https://bugs.webkit.org/show_bug.cgi?id=83721 Reviewed by James Robinson. Source/WebCore: The RenderLayer code currently propagates scroll position to parent frames without any cross-origin checks. This gives it a quick origin boundary check that is set by FrameLoader only when performing a fragment navigation. This allows us to safely relax the restriction on not scrolling at load time in FrameLoader since the safe thing will happen later on at scroll time. Test: http/tests/navigation/anchor-frames-same-origin.html * dom/Document.cpp: (WebCore::Document::findUnsafeParentScrollPropagationBoundary): * dom/Document.h: (Document): * loader/FrameLoader.cpp: (WebCore::FrameLoader::finishedParsing): (WebCore::FrameLoader::loadInSameDocument): (WebCore::FrameLoader::scrollToFragmentWithParentBoundary): * loader/FrameLoader.h: (FrameLoader): * page/FrameView.cpp: (WebCore::FrameView::FrameView): (WebCore::FrameView::reset): * page/FrameView.h: (WebCore::FrameView::safeToPropagateScrollToParent): (WebCore::FrameView::setSafeToPropagateScrollToParent): (FrameView): * rendering/RenderLayer.cpp: (WebCore::RenderLayer::scrollRectToVisible): LayoutTests: * http/tests/inspector/resource-parameters-expected.txt: * http/tests/navigation/anchor-frames-cross-origin-expected.txt: * http/tests/navigation/anchor-frames-cross-origin.html: * http/tests/navigation/anchor-frames-same-origin-expected.txt: Added. * http/tests/navigation/anchor-frames-same-origin.html: Added. * http/tests/navigation/resources/frame-with-anchor-cross-origin.html: * http/tests/navigation/resources/frame-with-anchor-same-origin.html: Added. * http/tests/navigation/resources/grandchild-with-anchor.html: Added. * http/tests/security/xssAuditor/anchor-url-dom-write-location-expected.txt: * http/tests/security/xssAuditor/anchor-url-dom-write-location-inline-event-expected.txt: * http/tests/security/xssAuditor/anchor-url-dom-write-location-inline-event-null-char-expected.txt: * http/tests/security/xssAuditor/anchor-url-dom-write-location-javascript-URL-expected.txt: * http/tests/security/xssAuditor/anchor-url-dom-write-location2-expected.txt: * http/tests/security/xssAuditor/dom-write-location-inline-event-expected.txt: git-svn-id: http://svn.webkit.org/repository/webkit/trunk@114406 268f45cc-cd09-0410-ab3c-d52691b4dbfc
8d3c2c18