Skip to content
  • abarth@webkit.org's avatar
    WebCore: · e17b6057
    abarth@webkit.org authored
    2008-09-07  Adam Barth  <abarth@webkit.org>
    
            Reviewed by Sam Weinig.
    
            Adopt opener restriction on frame navigation.
              https://bugs.webkit.org/show_bug.cgi?id=20642
    
            This restriction helps prevent an attacker from navigating top-level
            windows that were created by another web site.
    
            Tests: http/tests/security/frameNavigation/not-opener.html
                   http/tests/security/frameNavigation/opener.html
    
            * loader/FrameLoader.cpp:
            (WebCore::canAccessAncestor):
            (WebCore::FrameLoader::shouldAllowNavigation):
    
    LayoutTests:
    
    2008-09-07  Adam Barth  <abarth@webkit.org>
    
            Reviewed by Sam Weinig.
    
            Tests that opener restriction is working properly.
              https://bugs.webkit.org/show_bug.cgi?id=20642
    
            * http/tests/security/frameNavigation/not-opener-expected.txt: Added.
            * http/tests/security/frameNavigation/not-opener.html: Added.
            * http/tests/security/frameNavigation/opener-expected.txt: Copied from LayoutTests/fast/dom/Document/early-document-access-expected.txt.
            * http/tests/security/frameNavigation/opener.html: Added.
            * http/tests/security/frameNavigation/resources/not-opener-helper.html: Added.
            * http/tests/security/frameNavigation/resources/pass.html: Added.
            * http/tests/security/frameNavigation/resources/ready.html: Added.
    
    git-svn-id: http://svn.webkit.org/repository/webkit/trunk@36262 268f45cc-cd09-0410-ab3c-d52691b4dbfc
    e17b6057