Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1108)

Issue 1311253005: Use Document of callingWindow for access check in isInsecureScriptAccess() (Closed)

Created:
5 years, 4 months ago by Nate Chapin
Modified:
5 years, 4 months ago
Reviewers:
dcheng
CC:
blink-reviews
Target Ref:
refs/heads/master
Project:
blink
Visibility:
Public.

Description

Use Document of callingWindow for access check in isInsecureScriptAccess() The Document call was changed to Frame::securityContext() to make the code more RemoteFrame-friendly. However, callingWindow is guaranteed local. Revert to getting the SecurityOrigin via Document. BUG=524074 TEST=http/tests/security/location-change-from-detached-DOMWindow.html Committed: https://src.chromium.org/viewvc/blink?view=rev&revision=201139

Patch Set 1 #

Total comments: 1
Unified diffs Side-by-side diffs Delta from patch set Stats (+22 lines, -0 lines) Patch
A LayoutTests/http/tests/security/location-change-from-detached-DOMWindow.html View 1 chunk +22 lines, -0 lines 0 comments Download
A + LayoutTests/http/tests/security/location-change-from-detached-DOMWindow-expected.txt View 0 chunks +-1 lines, --1 lines 0 comments Download
M Source/core/frame/DOMWindow.cpp View 1 chunk +1 line, -1 line 1 comment Download

Messages

Total messages: 15 (6 generated)
commit-bot: I haz the power
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1311253005/1 View timeline at https://chromium-cq-status.appspot.com/patch-timeline/1311253005/1
5 years, 4 months ago (2015-08-24 21:55:49 UTC) #2
Nate Chapin
5 years, 4 months ago (2015-08-24 21:56:25 UTC) #4
dcheng
lgtm https://codereview.chromium.org/1311253005/diff/1/Source/core/frame/DOMWindow.cpp File Source/core/frame/DOMWindow.cpp (right): https://codereview.chromium.org/1311253005/diff/1/Source/core/frame/DOMWindow.cpp#newcode140 Source/core/frame/DOMWindow.cpp:140: if (callingWindow.document()->securityOrigin()->canAccessCheckSuborigins(frame()->securityContext()->securityOrigin())) Sorry for missing this in the ...
5 years, 4 months ago (2015-08-24 23:49:44 UTC) #5
commit-bot: I haz the power
Dry run: This issue passed the CQ dry run.
5 years, 4 months ago (2015-08-24 23:50:05 UTC) #7
Nate Chapin
On 2015/08/24 23:49:44, dcheng wrote: > lgtm > > https://codereview.chromium.org/1311253005/diff/1/Source/core/frame/DOMWindow.cpp > File Source/core/frame/DOMWindow.cpp (right): > ...
5 years, 4 months ago (2015-08-25 16:02:18 UTC) #8
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1311253005/1 View timeline at https://chromium-cq-status.appspot.com/patch-timeline/1311253005/1
5 years, 4 months ago (2015-08-25 16:02:46 UTC) #10
commit-bot: I haz the power
No L-G-T-M from a valid reviewer yet. Only full committers are accepted. Even if an ...
5 years, 4 months ago (2015-08-25 16:02:48 UTC) #12
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1311253005/1 View timeline at https://chromium-cq-status.appspot.com/patch-timeline/1311253005/1
5 years, 4 months ago (2015-08-25 17:16:05 UTC) #14
commit-bot: I haz the power
5 years, 4 months ago (2015-08-25 17:20:35 UTC) #15
Message was sent while issue was closed.
Committed patchset #1 (id:1) as
https://src.chromium.org/viewvc/blink?view=rev&revision=201139

Powered by Google App Engine
This is Rietveld 408576698