Commit 46aee689 authored by weinig@apple.com's avatar weinig@apple.com

WebCore:

2009-06-20  Sam Weinig  <sam@webkit.org>

        Reviewed by Adam Barth.

        Fix for https://bugs.webkit.org/show_bug.cgi?id=26554
        Shadowing of top and parent

        * page/DOMWindow.idl:

LayoutTests:

2009-06-20  Sam Weinig  <sam@webkit.org>

        Reviewed by Adam Barth.

        Test for https://bugs.webkit.org/show_bug.cgi?id=26554

        Test writing to parent and top.

        * http/tests/security/cross-frame-access-put-expected.txt:
        * http/tests/security/cross-frame-access-put.html:
        * http/tests/security/resources/cross-frame-iframe-for-put-test.html:



git-svn-id: http://svn.webkit.org/repository/webkit/trunk@44906 268f45cc-cd09-0410-ab3c-d52691b4dbfc
parent 12ff6f52
2009-06-20 Sam Weinig <sam@webkit.org>
Reviewed by Adam Barth.
Test for https://bugs.webkit.org/show_bug.cgi?id=26554
Test writing to parent and top.
* http/tests/security/cross-frame-access-put-expected.txt:
* http/tests/security/cross-frame-access-put.html:
* http/tests/security/resources/cross-frame-iframe-for-put-test.html:
2009-06-20 Mark Rowe <mrowe@apple.com>
Reviewed by Dan Bernstein.
......
......@@ -366,6 +366,10 @@ CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http
CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe-for-put-test.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-put.html. Domains, protocols and ports must match.
CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe-for-put-test.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-put.html. Domains, protocols and ports must match.
CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe-for-put-test.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-put.html. Domains, protocols and ports must match.
ALERT: PASS: window.Attr should be '[object AttrConstructor]' and is.
ALERT: PASS: window.CDATASection should be '[object CDATASectionConstructor]' and is.
ALERT: PASS: window.CharacterData should be '[object CharacterDataConstructor]' and is.
......@@ -526,6 +530,8 @@ ALERT: PASS: window.status should be '' and is.
ALERT: PASS: window.statusbar should be '[object BarInfo]' and is.
ALERT: PASS: window.toolbar should be '[object BarInfo]' and is.
ALERT: PASS: window.window should be '[object DOMWindow]' and is.
ALERT: PASS: window.parent should be parentOld and is.
ALERT: PASS: window.top should be topOld and is.
ALERT: PASS: window.addEventListener should be 'function addEventListener() { [native code]}' and is.
ALERT: PASS: window.alert should be 'function alert() { [native code]}' and is.
ALERT: PASS: window.atob should be 'function atob() { [native code]}' and is.
......
......@@ -192,10 +192,8 @@ window.onload = function()
setForbiddenProperty(targetWindow, "statusbar");
setForbiddenProperty(targetWindow, "toolbar");
setForbiddenProperty(targetWindow, "window");
// FIXME: find a way to test these attributes
// setForbiddenProperty(targetWindow, "parent");
// setForbiddenProperty(targetWindow, "top");
setForbiddenProperty(targetWindow, "parent");
setForbiddenProperty(targetWindow, "top");
// Functions
setForbiddenProperty(targetWindow, "addEventListener");
......
......@@ -209,10 +209,8 @@
var statusOld = window.status;
var toolbarOld = window.toolbar;
var windowOld = window.window;
// FIXME: find a way to test these attributes
// var parentOld = window.parent;
// var topOld = window.top;
var parentOld = window.parent;
var topOld = window.top;
// Functions
var addEventListenerOld = window.addEventListener;
......@@ -417,9 +415,18 @@
shouldBe("window.toolbar", "toolbarOld");
shouldBe("window.window", "windowOld");
// FIXME: find a way to test these attributes
// shouldBe("window.parent", "parentOld");
// shouldBe("window.top", "topOld");
// Using shouldBe for parent and top causes extraneous warnings due to cross-orgin toString'ing.
if (window.parent === parentOld) {
alert("PASS: window.parent should be parentOld and is.");
} else {
alert("*** FAIL: window.parent should be parentOld but instead is " + window.parent + ". ***");
}
if (window.top === topOld) {
alert("PASS: window.top should be topOld and is.");
} else {
alert("*** FAIL: window.top should be topOld but instead is " + window.top + ". ***");
}
// Functions
shouldBe("window.addEventListener", "addEventListenerOld");
......
2009-06-20 Sam Weinig <sam@webkit.org>
Reviewed by Adam Barth.
Fix for https://bugs.webkit.org/show_bug.cgi?id=26554
Shadowing of top and parent
* page/DOMWindow.idl:
2009-06-20 Mark Rowe <mrowe@apple.com>
Reviewed by Dan Bernstein.
......
......@@ -133,8 +133,8 @@ module window {
attribute [Replaceable, DoNotCheckDomainSecurityOnGet] DOMWindow frames;
attribute [Replaceable, DoNotCheckDomainSecurityOnGet, V8CustomSetter] DOMWindow opener;
attribute [Replaceable, DoNotCheckDomainSecurity] DOMWindow parent;
attribute [Replaceable, DoNotCheckDomainSecurity, V8DisallowShadowing, V8ReadOnly] DOMWindow top;
attribute [Replaceable, DoNotCheckDomainSecurityOnGet] DOMWindow parent;
attribute [Replaceable, DoNotCheckDomainSecurityOnGet, V8DisallowShadowing, V8ReadOnly] DOMWindow top;
// DOM Level 2 AbstractView Interface
readonly attribute Document document;
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment