Reviewed by Eric Seidel.

        DOMWindow::setLocation doesn't understand that DOMWindow can be inactive
        https://bugs.webkit.org/show_bug.cgi?id=62057

        Test that some esoteric combination of eval, load, and Location don't
        do something goofy.

        * http/tests/security/xss-DENIED-contentWindow-eval-expected.txt: Added.
        * http/tests/security/xss-DENIED-contentWindow-eval.html: Added.
2011-06-03  Adam Barth  <abarth@webkit.org>

        Reviewed by Eric Seidel.

        DOMWindow::setLocation doesn't understand that DOMWindow can be inactive
        https://bugs.webkit.org/show_bug.cgi?id=62057

        This code gets confused when dealing with inactive DOMWindows.  We
        should just block inactive DOMWindows because there's no compatibility
        reason to support them in this code path.

        Test: http/tests/security/xss-DENIED-contentWindow-eval.html

        * page/DOMWindow.cpp:
        (WebCore::DOMWindow::isInsecureScriptAccess):


git-svn-id: http://svn.webkit.org/repository/webkit/trunk@88071 268f45cc-cd09-0410-ab3c-d52691b4dbfc