Index: third_party/WebKit/Source/core/dom/Document.cpp |
diff --git a/third_party/WebKit/Source/core/dom/Document.cpp b/third_party/WebKit/Source/core/dom/Document.cpp |
index f0573887629fc669ea47dfd44cdb3d1389c40f38..48c837abca91befde9ae6e56923446364c560190 100644 |
--- a/third_party/WebKit/Source/core/dom/Document.cpp |
+++ b/third_party/WebKit/Source/core/dom/Document.cpp |
@@ -5656,12 +5656,34 @@ v8::Local<v8::Object> Document::associateWithWrapper(v8::Isolate* isolate, const |
bool Document::isSecureContext(String& errorMessage, const SecureContextCheck privilegeContextCheck) const |
{ |
+ // There may be exceptions for the secure context check defined for |
+ // certain origins. The exceptions are applied only to the origin |
+ // themselves and to immediate sanbox frame descendants, but *not* to |
robwu
2015/10/03 19:28:51
sanbox -> sandbox
jww
2015/10/06 21:53:55
Done.
|
+ // any other children. For example: |
+ // <iframe src="scheme://this-origin-has-exception"> |
+ // <iframe sandbox srcdoc="..."></iframe> |
robwu
2015/10/03 19:28:51
This does not pass the check because the URL of th
jww
2015/10/06 21:53:56
Hm, no, I don't want that to pass; I'm not sure wh
|
+ // </iframe> |
+ // would pass this check, both for the outer frame and the inner frame, |
+ // assuming that the origin "scheme://this-origin-has-exception" is granted |
+ // an exception. However, |
+ // <iframe src="scheme://this-origin-has-exception"> |
+ // <iframe src="http://a.b/"></iframe> |
+ // </iframe> |
+ // the inner frame "http://a.b/" would *not* pass the check, even though |
+ // the parent frame has an exception. |
+ // In all cases, a frame must be potentially trustworthy in addition to |
+ // having an exception listed in order for the exception to be granted. |
if (SecurityContext::isSandboxed(SandboxOrigin)) { |
- if (!SecurityOrigin::create(url())->isPotentiallyTrustworthy(errorMessage)) |
+ RefPtr<SecurityOrigin> origin = SecurityOrigin::create(url()); |
+ if (!origin->isPotentiallyTrustworthy(errorMessage)) |
return false; |
+ if (SecurityPolicy::shouldOriginBypassSecureContextCheck(*origin)) |
+ return true; |
} else { |
if (!securityOrigin()->isPotentiallyTrustworthy(errorMessage)) |
return false; |
+ if (SecurityPolicy::shouldOriginBypassSecureContextCheck(*securityOrigin())) |
+ return true; |
} |
if (privilegeContextCheck == StandardSecureContextCheck) { |