1 files changed, 10 insertions, 3 deletions

diff --git a/WebCore/html/HTMLFrameElementBase.cpp b/WebCore/html/HTMLFrameElementBase.cpp
index c30b74f..756dd84 100644
--- a/WebCore/html/HTMLFrameElementBase.cpp
+++ b/WebCore/html/HTMLFrameElementBase.cpp
@@ -24,6 +24,7 @@
 #include "config.h"
 #include "HTMLFrameElementBase.h"
 
+#include "Attribute.h"
 #include "CSSHelper.h"
 #include "Document.h"
 #include "EventNames.h"
@@ -34,11 +35,11 @@
 #include "FrameView.h"
 #include "HTMLFrameSetElement.h"
 #include "HTMLNames.h"
-#include "ScriptEventListener.h"
 #include "KURL.h"
-#include "MappedAttribute.h"
 #include "Page.h"
 #include "RenderFrame.h"
+#include "ScriptController.h"
+#include "ScriptEventListener.h"
 #include "Settings.h"
 
 namespace WebCore {
@@ -64,6 +65,12 @@ bool HTMLFrameElementBase::isURLAllowed() const
 
     const KURL& completeURL = document()->completeURL(m_URL);
 
+    if (protocolIsJavaScript(completeURL)) { 
+        Document* contentDoc = this->contentDocument();
+        if (contentDoc && !ScriptController::canAccessFromCurrentOrigin(contentDoc->frame()))
+            return false;
+    }
+
     // Don't allow more than 200 total frames in a set. This seems
     // like a reasonable upper bound, and otherwise mutually recursive
     // frameset pages can quickly bring the program to its knees with
@@ -109,7 +116,7 @@ void HTMLFrameElementBase::openURL(bool lockHistory, bool lockBackForwardList)
         contentFrame()->setInViewSourceMode(viewSourceMode());
 }
 
-void HTMLFrameElementBase::parseMappedAttribute(MappedAttribute *attr)
+void HTMLFrameElementBase::parseMappedAttribute(Attribute* attr)
 {
     if (attr->name() == srcAttr)
         setLocation(deprecatedParseURL(attr->value()));