-
abarth@webkit.org authored
2009-01-10 Adam Barth <abarth@webkit.org> Reviewed by Darin Adler. Fix https://bugs.webkit.org/show_bug.cgi?id=21456 We shouldn't update the document pointer of inactive windows. This behavior differs slightly from Firefox, I'd argue that this behavior is more correct (we both differ from IE). The HTML 5 spec is a bit in flux on this point. Test: http/tests/security/xss-inactive-closure.html * bindings/js/JSDOMWindowBase.cpp: (WebCore::JSDOMWindowBase::~JSDOMWindowBase): * bindings/js/ScriptController.cpp: (WebCore::ScriptController::clearWindowShell): (WebCore::ScriptController::updateDocument): * bindings/js/ScriptController.h: LayoutTests: 2009-01-10 Adam Barth <abarth@webkit.org> Reviewed by Darin Adler. Test that we don't do goofy things with the document pointer after navigation. * fast/dom/Window/dom-access-from-closure-iframe-expected.txt: * fast/dom/Window/dom-access-from-closure-window-expected.txt: * http/tests/security/resources/childWithButton.html: Added. * http/tests/security/resources/xss-inactive-closure-child-2.html: Added. * http/tests/security/resources/xss-inactive-closure-child.html: Added. * http/tests/security/xss-inactive-closure-expected.txt: Added. * http/tests/security/xss-inactive-closure.html: Added. git-svn-id: http://svn.webkit.org/repository/webkit/trunk@39779 268f45cc-cd09-0410-ab3c-d52691b4dbfc97ae7979
