Changeset 51459 in webkit
- Timestamp:
- Nov 28, 2009 8:39:11 AM (14 years ago)
- Location:
- trunk
- Files:
-
- 2 added
- 3 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/LayoutTests/ChangeLog
r51445 r51459 1 2009-11-28 Adam Barth <abarth@webkit.org> 2 3 Reviewed by Dimitri Glazkov. 4 5 [Chromium] Sify compose button alerts error 6 https://bugs.webkit.org/show_bug.cgi?id=31394 7 8 Test that we're using the calling security context in a simple case. 9 10 * http/tests/security/calling-versus-current-expected.txt: Added. 11 * http/tests/security/calling-versus-current.html: Added. 12 1 13 2009-11-27 Daniel Bates <dbates@webkit.org> 2 14 -
trunk/WebCore/ChangeLog
r51455 r51459 1 2009-11-28 Adam Barth <abarth@webkit.org> 2 3 Reviewed by Dimitri Glazkov. 4 5 [Chromium] Sify compose button alerts error 6 https://bugs.webkit.org/show_bug.cgi?id=31394 7 8 Test: http/tests/security/calling-versus-current.html 9 10 We're supposed to use the calling context for security checks. In JSC 11 land, this is the lexicalGlobalObject. 12 13 * bindings/v8/V8Proxy.cpp: 14 (WebCore::V8Proxy::canAccessPrivate): 15 1 16 2009-11-27 Shinichiro Hamaji <hamaji@chromium.org> 2 17 -
trunk/WebCore/bindings/v8/V8Proxy.cpp
r51407 r51459 889 889 String message; 890 890 891 DOMWindow* originWindow = retrieveWindow(currentContext()); 892 if (originWindow == targetWindow) 891 v8::Local<v8::Context> activeContext = v8::Context::GetCalling(); 892 if (activeContext.IsEmpty()) { 893 // There is a single activation record on the stack, so that must 894 // be the activeContext. 895 activeContext = v8::Context::GetCurrent(); 896 } 897 DOMWindow* activeWindow = retrieveWindow(activeContext); 898 if (activeWindow == targetWindow) 893 899 return true; 894 900 895 if (! originWindow)896 return false; 897 898 const SecurityOrigin* activeSecurityOrigin = originWindow->securityOrigin();901 if (!activeWindow) 902 return false; 903 904 const SecurityOrigin* activeSecurityOrigin = activeWindow->securityOrigin(); 899 905 const SecurityOrigin* targetSecurityOrigin = targetWindow->securityOrigin(); 900 906 … … 909 915 // Allow access to a "about:blank" page if the dynamic context is a 910 916 // detached context of the same frame as the blank page. 911 if (targetSecurityOrigin->isEmpty() && originWindow->frame() == targetWindow->frame())917 if (targetSecurityOrigin->isEmpty() && activeWindow->frame() == targetWindow->frame()) 912 918 return true; 913 919
Note: See TracChangeset
for help on using the changeset viewer.