Cherry pick r91152 DOMWindow::open performs a security check on a wrong window DO NOT MERGE

Bug: 17050386 Change-Id: I17ca28b2dfe3327831dc283730dd1583d12baac2
author: Ben Murdoch <benm@google.com> 2014-09-04 15:36:58 +0100
committer: Paul Kocialkowski <contact@paulk.fr> 2014-10-05 11:07:17 +0200
commit: 0250c1987af104372a30af713389f3a96d865f9e (patch)
tree: 7a1df46b9cf024602b0865cd566f348abc1c2743
parent: 25c2cc29cfdd5e0c438bd5387f338d72ba446a5f (diff)
download: external_webkit-0250c1987af104372a30af713389f3a96d865f9e.zip
external_webkit-0250c1987af104372a30af713389f3a96d865f9e.tar.gz
external_webkit-0250c1987af104372a30af713389f3a96d865f9e.tar.bz2
1 files changed, 1 insertions, 1 deletions
diff --git a/Source/WebCore/page/DOMWindow.cpp b/Source/WebCore/page/DOMWindow.cpp
index 177c498..0416cb5 100644
--- a/Source/WebCore/page/DOMWindow.cpp
+++ b/Source/WebCore/page/DOMWindow.cpp
@@ -1835,7 +1835,7 @@ PassRefPtr<DOMWindow> DOMWindow::open(const String& urlString, const AtomicStrin
         if (!activeFrame->loader()->shouldAllowNavigation(targetFrame))
             return 0;
 
-        if (isInsecureScriptAccess(activeWindow, urlString))
+        if (targetFrame->domWindow()->isInsecureScriptAccess(activeWindow, urlString))
             return targetFrame->domWindow();
 
         if (urlString.isEmpty())
author	Ben Murdoch <benm@google.com>	2014-09-04 15:36:58 +0100
committer	Paul Kocialkowski <contact@paulk.fr>	2014-10-05 11:07:17 +0200
commit	0250c1987af104372a30af713389f3a96d865f9e (patch)
tree	7a1df46b9cf024602b0865cd566f348abc1c2743
parent	25c2cc29cfdd5e0c438bd5387f338d72ba446a5f (diff)
download	external_webkit-0250c1987af104372a30af713389f3a96d865f9e.zip external_webkit-0250c1987af104372a30af713389f3a96d865f9e.tar.gz external_webkit-0250c1987af104372a30af713389f3a96d865f9e.tar.bz2