Changeset 57438 in webkit
- Timestamp:
- Apr 10, 2010 10:17:02 PM (14 years ago)
- Location:
- trunk/WebCore
- Files:
-
- 4 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/WebCore/ChangeLog
r57436 r57438 1 2010-04-10 Chris Evans <cevans@chromium.org> 2 3 Reviewed by Adam Barth. 4 5 Defense in depth: make sure an SVG document in the <img> context has 6 a unique origin. 7 8 https://bugs.webkit.org/show_bug.cgi?id=37392 9 10 * svg/graphics/SVGImage.cpp: 11 (WebCore::SVGImage::dataChanged): 12 Force the temporary rendering context into a unique origin. 13 * loader/FrameLoader.h: 14 (WebCore::FrameLoader::setForceSandboxFlags): 15 Support for setting sandbox flags that will always be applied. 16 * loader/FrameLoader.cpp: 17 (WebCore::FrameLoader::updateSandboxFlags): 18 Always apply any forced flags. 19 1 20 2010-04-10 Vangelis Kokkevis <vangelis@chromium.org> 2 21 -
trunk/WebCore/loader/FrameLoader.cpp
r57313 r57438 204 204 , m_suppressOpenerInNewFrame(false) 205 205 , m_sandboxFlags(SandboxAll) 206 , m_forceSandboxFlags(SandboxNone) 206 207 #ifndef NDEBUG 207 208 , m_didDispatchDidCommitLoad(false) … … 4011 4012 void FrameLoader::updateSandboxFlags() 4012 4013 { 4013 SandboxFlags flags = SandboxNone;4014 SandboxFlags flags = m_forceSandboxFlags; 4014 4015 if (Frame* parentFrame = m_frame->tree()->parent()) 4015 4016 flags |= parentFrame->loader()->sandboxFlags(); -
trunk/WebCore/loader/FrameLoader.h
r56650 r57438 260 260 bool isSandboxed(SandboxFlags mask) const { return m_sandboxFlags & mask; } 261 261 SandboxFlags sandboxFlags() const { return m_sandboxFlags; } 262 // The following sandbox flags will be forced, regardless of changes to 263 // the sandbox attribute of any parent frames. 264 void setForceSandboxFlags(SandboxFlags flags) { m_forceSandboxFlags = flags; m_sandboxFlags |= flags; } 262 265 263 266 // Mixed content related functions. … … 531 534 532 535 SandboxFlags m_sandboxFlags; 536 SandboxFlags m_forceSandboxFlags; 533 537 534 538 #ifndef NDEBUG -
trunk/WebCore/svg/graphics/SVGImage.cpp
r57089 r57438 256 256 ResourceRequest fakeRequest(KURL(ParsedURLString, "")); 257 257 FrameLoader* loader = frame->loader(); 258 loader->setForceSandboxFlags(SandboxAll); 258 259 loader->load(fakeRequest, false); // Make sure the DocumentLoader is created 259 260 loader->policyChecker()->cancelCheck(); // cancel any policy checks
Note: See TracChangeset
for help on using the changeset viewer.