-
abarth@webkit.org authored
2008-09-07 Adam Barth <abarth@webkit.org> Reviewed by Sam Weinig. Adopt opener restriction on frame navigation. https://bugs.webkit.org/show_bug.cgi?id=20642 This restriction helps prevent an attacker from navigating top-level windows that were created by another web site. Tests: http/tests/security/frameNavigation/not-opener.html http/tests/security/frameNavigation/opener.html * loader/FrameLoader.cpp: (WebCore::canAccessAncestor): (WebCore::FrameLoader::shouldAllowNavigation): LayoutTests: 2008-09-07 Adam Barth <abarth@webkit.org> Reviewed by Sam Weinig. Tests that opener restriction is working properly. https://bugs.webkit.org/show_bug.cgi?id=20642 * http/tests/security/frameNavigation/not-opener-expected.txt: Added. * http/tests/security/frameNavigation/not-opener.html: Added. * http/tests/security/frameNavigation/opener-expected.txt: Copied from LayoutTests/fast/dom/Document/early-document-access-expected.txt. * http/tests/security/frameNavigation/opener.html: Added. * http/tests/security/frameNavigation/resources/not-opener-helper.html: Added. * http/tests/security/frameNavigation/resources/pass.html: Added. * http/tests/security/frameNavigation/resources/ready.html: Added. git-svn-id: http://svn.webkit.org/repository/webkit/trunk@36262 268f45cc-cd09-0410-ab3c-d52691b4dbfc
e17b6057