Commit c46976c3 authored by abarth@webkit.org's avatar abarth@webkit.org
Browse files

2011-05-13 Adam Barth <abarth@webkit.org>

        Reviewed by Eric Seidel.

        indexedDB is visible inside iframe sandbox
        https://bugs.webkit.org/show_bug.cgi?id=60785

        * http/tests/security/no-indexeddb-from-sandbox-expected.txt: Added.
        * http/tests/security/no-indexeddb-from-sandbox.html: Added.
2011-05-13  Adam Barth  <abarth@webkit.org>

        Reviewed by Eric Seidel.

        indexedDB is visible inside iframe sandbox
        https://bugs.webkit.org/show_bug.cgi?id=60785

        We're supposed to return a null indexedDB factory when inside an iframe
        sandbox.

        Test: http/tests/security/no-indexeddb-from-sandbox.html

        * page/DOMWindow.cpp:
        (WebCore::DOMWindow::webkitIndexedDB):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@86458 268f45cc-cd09-0410-ab3c-d52691b4dbfc
parent 0cad0fe3
2011-05-13 Adam Barth <abarth@webkit.org>
Reviewed by Eric Seidel.
indexedDB is visible inside iframe sandbox
https://bugs.webkit.org/show_bug.cgi?id=60785
* http/tests/security/no-indexeddb-from-sandbox-expected.txt: Added.
* http/tests/security/no-indexeddb-from-sandbox.html: Added.
2011-05-13 Mark Pilgrim <pilgrim@chromium.org>
 
Reviewed by Tony Chang.
<script>
if (window.layoutTestController)
layoutTestController.dumpAsText();
</script>
<iframe sandbox="allow-scripts"
src="data:text/html,
<script>
var db = window.webkitIndexedDB;
alert(db ? 'FAIL' : 'PASS');
</script>"
></iframe>
2011-05-13 Adam Barth <abarth@webkit.org>
Reviewed by Eric Seidel.
indexedDB is visible inside iframe sandbox
https://bugs.webkit.org/show_bug.cgi?id=60785
We're supposed to return a null indexedDB factory when inside an iframe
sandbox.
Test: http/tests/security/no-indexeddb-from-sandbox.html
* page/DOMWindow.cpp:
(WebCore::DOMWindow::webkitIndexedDB):
2011-05-13 Adam Roben <aroben@apple.com>
 
Fix manual tests that got broken by the move of WebCore into Source
......@@ -729,22 +729,19 @@ void DOMWindow::resetGeolocation()
#if ENABLE(INDEXED_DATABASE)
IDBFactory* DOMWindow::webkitIndexedDB() const
{
if (m_idbFactory)
return m_idbFactory.get();
Document* document = this->document();
if (!document)
return 0;
// FIXME: See if access is allowed.
Page* page = document->page();
if (!page)
return 0;
// FIXME: See if indexedDatabase access is allowed.
if (!document->securityOrigin()->canAccessDatabase())
return 0;
m_idbFactory = IDBFactory::create(page->group().idbFactory());
if (!m_idbFactory)
m_idbFactory = IDBFactory::create(page->group().idbFactory());
return m_idbFactory.get();
}
#endif
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment