-
abarth@webkit.org authored
https://bugs.webkit.org/show_bug.cgi?id=71591 Reviewed by Eric Seidel. Source/WebCore: We should always use document->securityOrigin()->isSandboxed because that picks up the sandbox bits that are frozen on the document rather than the ones that could change on the Frame. This patch starts preparing us to implement the CSP sandbox directive, which will cause use to have document sandbox bits without any attribute. * bindings/ScriptControllerBase.cpp: (WebCore::ScriptController::canExecuteScripts): - This call site was the only functional site left where these two could be different. This patch causes one progression and one regression. The progression is that we now correctly freeze the allow-scripts bit when a document is created, but the regression is we now allow the execution of JavaScript URLs, as noted in fast/frames/sandboxed-iframe-scripting.html. That's even more of an edge case, so I think it's a win overall. * loader/DocumentWriter.cpp: (WebCore::DocumentWriter::begin): - I don't think this part of the change is testable. There's no time to execute script between when the bits get copied off the Frame and when they're checked, so there's no time to change them. * loader/FrameLoader.cpp: - Update FIXME comment that is now fixed. * loader/FrameLoader.h: - Remove wrong API. LayoutTests: This patch updates this test to check a few more cases and notes a bug in our current implementation. * fast/frames/resources/sandboxed-iframe-script-dynamic.html: * fast/frames/sandboxed-iframe-scripting-expected.txt: * fast/frames/sandboxed-iframe-scripting.html: git-svn-id: http://svn.webkit.org/repository/webkit/trunk@99330 268f45cc-cd09-0410-ab3c-d52691b4dbfc
c9bb4877