| Index: Source/WebCore/html/HTMLPlugInImageElement.cpp
|
| ===================================================================
|
| --- Source/WebCore/html/HTMLPlugInImageElement.cpp (revision 96950)
|
| +++ Source/WebCore/html/HTMLPlugInImageElement.cpp (working copy)
|
| @@ -30,6 +30,7 @@
|
| #include "Page.h"
|
| #include "RenderEmbeddedObject.h"
|
| #include "RenderImage.h"
|
| +#include "SecurityOrigin.h"
|
|
|
| namespace WebCore {
|
|
|
| @@ -76,9 +77,14 @@
|
| if (document()->frame()->page()->frameCount() >= Page::maxNumberOfFrames)
|
| return false;
|
|
|
| + KURL completeURL = document()->completeURL(url);
|
| +
|
| + if (contentFrame() && protocolIsJavaScript(completeURL)
|
| + && !document()->securityOrigin()->canAccess(contentDocument()->securityOrigin()))
|
| + return false;
|
| +
|
| // We allow one level of self-reference because some sites depend on that.
|
| // But we don't allow more than one.
|
| - KURL completeURL = document()->completeURL(url);
|
| bool foundSelfReference = false;
|
| for (Frame* frame = document()->frame(); frame; frame = frame->tree()->parent()) {
|
| if (equalIgnoringFragmentIdentifier(frame->document()->url(), completeURL)) {
|
|
|
Chromium Code Reviews
Issue 8206005:
Merge 96826 - Add check for JavaScript URLs in HTMLPlugInImageElement::allowedToLoadFrameURL (Closed)
Base URL: http://svn.webkit.org/repository/webkit/branches/chromium/874/