From 0250c1987af104372a30af713389f3a96d865f9e Mon Sep 17 00:00:00 2001
From: Ben Murdoch <benm@google.com>
Date: Thu, 4 Sep 2014 15:36:58 +0100
Subject: Cherry pick r91152 DOMWindow::open performs a security check on a
 wrong window DO NOT MERGE

Bug: 17050386

Change-Id: I17ca28b2dfe3327831dc283730dd1583d12baac2
---
 Source/WebCore/page/DOMWindow.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Source/WebCore/page/DOMWindow.cpp b/Source/WebCore/page/DOMWindow.cpp
index 177c498..0416cb5 100644
--- a/Source/WebCore/page/DOMWindow.cpp
+++ b/Source/WebCore/page/DOMWindow.cpp
@@ -1835,7 +1835,7 @@ PassRefPtr<DOMWindow> DOMWindow::open(const String& urlString, const AtomicStrin
         if (!activeFrame->loader()->shouldAllowNavigation(targetFrame))
             return 0;
 
-        if (isInsecureScriptAccess(activeWindow, urlString))
+        if (targetFrame->domWindow()->isInsecureScriptAccess(activeWindow, urlString))
             return targetFrame->domWindow();
 
         if (urlString.isEmpty())
-- 
cgit v1.1