Changeset 50890 in webkit
- Timestamp:
- Nov 12, 2009 11:56:01 AM (15 years ago)
- Location:
- trunk
- Files:
-
- 2 added
- 3 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/LayoutTests/ChangeLog
r50888 r50890 1 2009-11-12 Adam Barth <abarth@webkit.org> 2 3 Reviewed by Dimitri Glazkov. 4 5 [Chromium] Sify compose button alerts error 6 https://bugs.webkit.org/show_bug.cgi?id=31394 7 8 Test that we're using the calling security context in a simple case. 9 10 * http/tests/security/calling-versus-current-expected.txt: Added. 11 * http/tests/security/calling-versus-current.html: Added. 12 1 13 2009-11-12 Daniel Bates <dbates@webkit.org> 2 14 -
trunk/WebCore/ChangeLog
r50888 r50890 1 2009-11-12 Adam Barth <abarth@webkit.org> 2 3 Reviewed by Dimitri Glazkov. 4 5 [Chromium] Sify compose button alerts error 6 https://bugs.webkit.org/show_bug.cgi?id=31394 7 8 Test: http/tests/security/calling-versus-current.html 9 10 We're supposed to use the calling context for security checks. In JSC 11 land, this is the lexicalGlobalObject. 12 13 * bindings/v8/V8Proxy.cpp: 14 (WebCore::V8Proxy::canAccessPrivate): 15 1 16 2009-11-12 Daniel Bates <dbates@webkit.org> 2 17 -
trunk/WebCore/bindings/v8/V8Proxy.cpp
r50752 r50890 860 860 String message; 861 861 862 DOMWindow* originWindow = retrieveWindow(currentContext()); 863 if (originWindow == targetWindow) 862 v8::Local<v8::Context> activeContext = v8::Context::GetCalling(); 863 if (activeContext.IsEmpty()) { 864 // There is a single activation record on the stack, so that must 865 // be the activeContext. 866 activeContext = v8::Context::GetCurrent(); 867 } 868 DOMWindow* activeWindow = retrieveWindow(activeContext); 869 if (activeWindow == targetWindow) 864 870 return true; 865 871 866 if (! originWindow)867 return false; 868 869 const SecurityOrigin* activeSecurityOrigin = originWindow->securityOrigin();872 if (!activeWindow) 873 return false; 874 875 const SecurityOrigin* activeSecurityOrigin = activeWindow->securityOrigin(); 870 876 const SecurityOrigin* targetSecurityOrigin = targetWindow->securityOrigin(); 871 877 … … 880 886 // Allow access to a "about:blank" page if the dynamic context is a 881 887 // detached context of the same frame as the blank page. 882 if (targetSecurityOrigin->isEmpty() && originWindow->frame() == targetWindow->frame())888 if (targetSecurityOrigin->isEmpty() && activeWindow->frame() == targetWindow->frame()) 883 889 return true; 884 890
Note: See TracChangeset
for help on using the changeset viewer.