Commit 6c9e76ee authored by abarth@webkit.org's avatar abarth@webkit.org
Browse files

2009-11-28 Adam Barth <abarth@webkit.org>

        Reviewed by Dimitri Glazkov.

        [Chromium] Sify compose button alerts error
        https://bugs.webkit.org/show_bug.cgi?id=31394

        Test: http/tests/security/calling-versus-current.html

        We're supposed to use the calling context for security checks.  In JSC
        land, this is the lexicalGlobalObject.

        * bindings/v8/V8Proxy.cpp:
        (WebCore::V8Proxy::canAccessPrivate):
2009-11-28  Adam Barth  <abarth@webkit.org>

        Reviewed by Dimitri Glazkov.

        [Chromium] Sify compose button alerts error
        https://bugs.webkit.org/show_bug.cgi?id=31394

        Test that we're using the calling security context in a simple case.

        * http/tests/security/calling-versus-current-expected.txt: Added.
        * http/tests/security/calling-versus-current.html: Added.


git-svn-id: http://svn.webkit.org/repository/webkit/trunk@51459 268f45cc-cd09-0410-ab3c-d52691b4dbfc
parent 666278a7
2009-11-28 Adam Barth <abarth@webkit.org>
Reviewed by Dimitri Glazkov.
[Chromium] Sify compose button alerts error
https://bugs.webkit.org/show_bug.cgi?id=31394
Test that we're using the calling security context in a simple case.
* http/tests/security/calling-versus-current-expected.txt: Added.
* http/tests/security/calling-versus-current.html: Added.
2009-11-27 Daniel Bates <dbates@webkit.org>
 
Reviewed by Adam Barth.
<iframe src="resources/innocent-victim.html"></iframe>
<div id="console">FAIL</div>
<script>
if (window.layoutTestController)
layoutTestController.dumpAsText();
window.onload = function() {
window.f = frames[0].atob;
document.domain = "0.0.1";
if (btoa(window.f("PASS")) == "PASS")
document.getElementById("console").innerHTML = "PASS"
}
</script>
2009-11-28 Adam Barth <abarth@webkit.org>
Reviewed by Dimitri Glazkov.
[Chromium] Sify compose button alerts error
https://bugs.webkit.org/show_bug.cgi?id=31394
Test: http/tests/security/calling-versus-current.html
We're supposed to use the calling context for security checks. In JSC
land, this is the lexicalGlobalObject.
* bindings/v8/V8Proxy.cpp:
(WebCore::V8Proxy::canAccessPrivate):
2009-11-27 Shinichiro Hamaji <hamaji@chromium.org>
 
Unreviewed Chromium build fix introduced by r51428.
......@@ -888,14 +888,20 @@ bool V8Proxy::canAccessPrivate(DOMWindow* targetWindow)
String message;
DOMWindow* originWindow = retrieveWindow(currentContext());
if (originWindow == targetWindow)
v8::Local<v8::Context> activeContext = v8::Context::GetCalling();
if (activeContext.IsEmpty()) {
// There is a single activation record on the stack, so that must
// be the activeContext.
activeContext = v8::Context::GetCurrent();
}
DOMWindow* activeWindow = retrieveWindow(activeContext);
if (activeWindow == targetWindow)
return true;
if (!originWindow)
if (!activeWindow)
return false;
const SecurityOrigin* activeSecurityOrigin = originWindow->securityOrigin();
const SecurityOrigin* activeSecurityOrigin = activeWindow->securityOrigin();
const SecurityOrigin* targetSecurityOrigin = targetWindow->securityOrigin();
// We have seen crashes were the security origin of the target has not been
......@@ -908,7 +914,7 @@ bool V8Proxy::canAccessPrivate(DOMWindow* targetWindow)
// Allow access to a "about:blank" page if the dynamic context is a
// detached context of the same frame as the blank page.
if (targetSecurityOrigin->isEmpty() && originWindow->frame() == targetWindow->frame())
if (targetSecurityOrigin->isEmpty() && activeWindow->frame() == targetWindow->frame())
return true;
return false;
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment