Chromium Code Reviews Chromium Code Reviews
Issue 1327263002:
Modifies WindowProxy::setSecurityToken so that the frame's SecurityOrigin is taken into account whe… (Closed)
Base URL: https://chromium.googlesource.com/chromium/blink.git@master| Index: Source/bindings/core/v8/ScriptController.cpp |
| diff --git a/Source/bindings/core/v8/ScriptController.cpp b/Source/bindings/core/v8/ScriptController.cpp |
| index 94a454008a6a30c2328eb8faa2fa5bb6bb492702..9e902e9d37190395b202756913a01ae202ded61a 100644 |
| --- a/Source/bindings/core/v8/ScriptController.cpp |
| +++ b/Source/bindings/core/v8/ScriptController.cpp |
| @@ -141,6 +141,13 @@ void ScriptController::clearForClose() |
| void ScriptController::updateSecurityOrigin(SecurityOrigin* origin) |
| { |
| m_windowProxyManager->mainWorldProxy()->updateSecurityOrigin(origin); |
| + Vector<std::pair<ScriptState*, SecurityOrigin*>> isolatedContexts; |
| + m_windowProxyManager->collectIsolatedContexts(isolatedContexts); |
| + for (auto isolatedContext : isolatedContexts) { |
| + WindowProxy* proxy = m_windowProxyManager->existingWindowProxy(isolatedContext.first->world()); |
|
haraken
2015/09/14 15:28:59
I think we should call windowProxy, not existingWi
epertoso
2015/09/14 15:59:37
But windowProxy() will create a proxy if there isn
haraken
2015/09/14 23:46:04
I can't come up with a scenario where the isolated
epertoso
2015/09/15 08:24:58
Done.
|
| + if (proxy) |
| + proxy->setSecurityToken(isolatedContext.second); |
|
haraken
2015/09/14 15:28:59
How about calling updateSecurityOrigin, just like
epertoso
2015/09/14 15:59:37
updateSecurityOrigin has an ASSERT that implies it
haraken
2015/09/14 23:46:04
I think it does make sense to remove the assert no
epertoso
2015/09/15 08:24:58
Done.
|
| + } |
| } |
| v8::MaybeLocal<v8::Value> ScriptController::callFunction(v8::Local<v8::Function> function, v8::Local<v8::Value> receiver, int argc, v8::Local<v8::Value> info[]) |
