Context Navigation

Changeset 107046 in webkit

Timestamp:

Feb 8, 2012 12:13:58 AM (12 years ago)

Author:

haraken@chromium.org

Message:

Replace [CheckNodeSecurity] with [CheckAccessToNode]
https://bugs.webkit.org/show_bug.cgi?id=77971

Reviewed by Adam Barth.

Source/WebCore:

[CheckNodeSecurity] is not implemented by code generators.
This patch replaces [CheckNodeSecurity] with [CheckAccessToNode].

Test: http/tests/security/cross-frame-access-frameelement.html

LayoutTests:

The added test checks if frameElement is accessible from the same or cross origin iframe.

http/tests/security/cross-frame-access-frameelement-expected.txt: Added.
http/tests/security/cross-frame-access-frameelement.html: Added.
http/tests/security/resources/cross-frame-access-frameelement-from-iframe.html: Added.
platform/chromium/http/tests/security/cross-frame-access-put-expected.txt: Updated the test result.

Location:

trunk

Files:

-                      r107036
+                      r107046
+-02-08  Kentaro Hara  <haraken@chromium.org>
+        Replace [CheckNodeSecurity] with [CheckAccessToNode]
+        https://bugs.webkit.org/show_bug.cgi?id=77971
+        Reviewed by Adam Barth.
+        The added test checks if frameElement is accessible from the same or cross origin iframe.
+        * http/tests/security/cross-frame-access-frameelement-expected.txt: Added.
+        * http/tests/security/cross-frame-access-frameelement.html: Added.
+        * http/tests/security/resources/cross-frame-access-frameelement-from-iframe.html: Added.
+        * platform/chromium/http/tests/security/cross-frame-access-put-expected.txt: Updated the test result.
 -02-07  Robert Kroeger  <rjkroege@chromium.org>

-                      r106728
+                      r107046
+CONSOLE MESSAGE: Unsafe JavaScript attempt to access frame with URL http://127.0.0.1:8000/security/cross-frame-access-put.html from frame with URL http://localhost:8000/security/resources/cross-frame-iframe-for-put-test.html. Domains, protocols and ports must match.
 CONSOLE MESSAGE: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe-for-put-test.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-put.html. Domains, protocols and ports must match.
 …
 ALERT: PASS: window.embeds should be 'undefined' and is.
 ALERT: PASS: window.event should be 'undefined' and is.
+ALERT: PASS: window.frameElement should be '[object HTMLIFrameElement]' and is.
+CONSOLE MESSAGE: Unsafe JavaScript attempt to access frame with URL http://127.0.0.1:8000/security/cross-frame-access-put.html from frame with URL http://localhost:8000/security/resources/cross-frame-iframe-for-put-test.html. Domains, protocols and ports must match.
+ALERT: PASS: window.frameElement should be 'undefined' and is.
 ALERT: PASS: window.frames should be '[object DOMWindow]' and is.
 ALERT: PASS: window.history should be '[object History]' and is.

-                      r107045
+                      r107046
+-02-08  Kentaro Hara  <haraken@chromium.org>
+        Replace [CheckNodeSecurity] with [CheckAccessToNode]
+        https://bugs.webkit.org/show_bug.cgi?id=77971
+        Reviewed by Adam Barth.
+        [CheckNodeSecurity] is not implemented by code generators.
+        This patch replaces [CheckNodeSecurity] with [CheckAccessToNode].
+        Test: http/tests/security/cross-frame-access-frameelement.html
+        * page/DOMWindow.idl:
 -02-08  Kentaro Hara  <haraken@chromium.org>

r107041	r107046
61	61	DOMSelection getSelection();
62	62
63		readonly attribute [Check~~NodeSecurity~~] Element frameElement;
	63	readonly attribute [CheckAccessToNode] Element frameElement;
64	64
65	65	[DoNotCheckDomainSecurity] void focus();

Note: See TracChangeset for help on using the changeset viewer.