diff options
author | Steve Block <steveblock@google.com> | 2011-06-10 16:52:27 +0100 |
---|---|---|
committer | Steve Block <steveblock@google.com> | 2011-06-14 01:14:02 +0100 |
commit | 54cdeeebc7adcbcd900e8b6a141a8cae27d9a631 (patch) | |
tree | 845b0d338b204a48560eca3b51b34cf92ed96840 /Source/WebCore/page/DOMWindow.cpp | |
parent | d2c5226a647dc21d0c15267e09a3d19cf3e0d593 (diff) | |
download | external_webkit-54cdeeebc7adcbcd900e8b6a141a8cae27d9a631.zip external_webkit-54cdeeebc7adcbcd900e8b6a141a8cae27d9a631.tar.gz external_webkit-54cdeeebc7adcbcd900e8b6a141a8cae27d9a631.tar.bz2 |
Merge WebKit at branches/chromium/742 r88085: Initial merge by git.
Change-Id: I0501b484b9528e31b0026e5ad64416dd6541cdde
Diffstat (limited to 'Source/WebCore/page/DOMWindow.cpp')
-rw-r--r-- | Source/WebCore/page/DOMWindow.cpp | 21 |
1 files changed, 14 insertions, 7 deletions
diff --git a/Source/WebCore/page/DOMWindow.cpp b/Source/WebCore/page/DOMWindow.cpp index fda46df..c7f162a 100644 --- a/Source/WebCore/page/DOMWindow.cpp +++ b/Source/WebCore/page/DOMWindow.cpp @@ -1742,14 +1742,21 @@ bool DOMWindow::isInsecureScriptAccess(DOMWindow* activeWindow, const String& ur if (!protocolIsJavaScript(urlString)) return false; - // FIXME: Is there some way to eliminate the need for a separate "activeWindow == this" check? - if (activeWindow == this) - return false; + // If m_frame->domWindow() != this, then |this| isn't the DOMWindow that's + // currently active in the frame and there's no way we should allow the + // access. + // FIXME: Remove this check if we're able to disconnect DOMWindow from + // Frame on navigation: https://bugs.webkit.org/show_bug.cgi?id=62054 + if (m_frame->domWindow() == this) { + // FIXME: Is there some way to eliminate the need for a separate "activeWindow == this" check? + if (activeWindow == this) + return false; - // FIXME: The name canAccess seems to be a roundabout way to ask "can execute script". - // Can we name the SecurityOrigin function better to make this more clear? - if (activeWindow->securityOrigin()->canAccess(securityOrigin())) - return false; + // FIXME: The name canAccess seems to be a roundabout way to ask "can execute script". + // Can we name the SecurityOrigin function better to make this more clear? + if (activeWindow->securityOrigin()->canAccess(securityOrigin())) + return false; + } printErrorMessage(crossDomainAccessErrorMessage(activeWindow)); return true; |