| Index: Source/bindings/core/v8/custom/V8WindowCustom.cpp
|
| diff --git a/Source/bindings/core/v8/custom/V8WindowCustom.cpp b/Source/bindings/core/v8/custom/V8WindowCustom.cpp
|
| index 83a91efb6ce3d4033035bd2add6a7dcee31927b4..a44d91e894313de1f284fd328cff96199dd88aba 100644
|
| --- a/Source/bindings/core/v8/custom/V8WindowCustom.cpp
|
| +++ b/Source/bindings/core/v8/custom/V8WindowCustom.cpp
|
| @@ -107,7 +107,13 @@ void V8Window::frameElementAttributeGetterCustom(const v8::PropertyCallbackInfo<
|
| {
|
| LocalDOMWindow* impl = toLocalDOMWindow(V8Window::toImpl(info.Holder()));
|
| ExceptionState exceptionState(ExceptionState::GetterContext, "frame", "Window", info.Holder(), info.GetIsolate());
|
| - if (!BindingSecurity::shouldAllowAccessToNode(info.GetIsolate(), impl->frameElement(), exceptionState)) {
|
| +
|
| + // Do the security check against the parent frame rather than
|
| + // frameElement() itself, so that a remote parent frame can be handled
|
| + // properly. In that case, there's no frameElement(), yet we should still
|
| + // throw a proper exception and deny access.
|
| + Frame* target = impl->frame() ? impl->frame()->tree().parent() : nullptr;
|
| + if (!BindingSecurity::shouldAllowAccessToFrame(info.GetIsolate(), target, exceptionState)) {
|
| v8SetReturnValueNull(info);
|
| exceptionState.throwIfNeeded();
|
| return;
|
|
|