| Index: third_party/WebKit/Source/core/dom/Document.cpp
|
| diff --git a/third_party/WebKit/Source/core/dom/Document.cpp b/third_party/WebKit/Source/core/dom/Document.cpp
|
| index 2e5102eb0ff09212e3e4c0f555caa6deed66b926..e8fa9838f84b82a802dd2c1db5438a0d1f3d0f51 100644
|
| --- a/third_party/WebKit/Source/core/dom/Document.cpp
|
| +++ b/third_party/WebKit/Source/core/dom/Document.cpp
|
| @@ -2417,7 +2417,7 @@ ScriptableDocumentParser* Document::scriptableDocumentParser() const
|
| return parser() ? parser()->asScriptableDocumentParser() : 0;
|
| }
|
|
|
| -void Document::open(Document* ownerDocument, ExceptionState& exceptionState)
|
| +void Document::open(Document* enteredDocument, ExceptionState& exceptionState)
|
| {
|
| if (importLoader()) {
|
| exceptionState.throwDOMException(InvalidStateError, "Imported document doesn't support open().");
|
| @@ -2429,10 +2429,14 @@ void Document::open(Document* ownerDocument, ExceptionState& exceptionState)
|
| return;
|
| }
|
|
|
| - if (ownerDocument) {
|
| - setURL(ownerDocument->url());
|
| - m_cookieURL = ownerDocument->cookieURL();
|
| - setSecurityOrigin(ownerDocument->securityOrigin());
|
| + if (enteredDocument) {
|
| + if (!securityOrigin()->canAccess(enteredDocument->securityOrigin())) {
|
| + exceptionState.throwSecurityError("Can only call open() on same-origin documents.");
|
| + return;
|
| + }
|
| + setSecurityOrigin(enteredDocument->securityOrigin());
|
| + setURL(enteredDocument->url());
|
| + m_cookieURL = enteredDocument->cookieURL();
|
| }
|
|
|
| open();
|
| @@ -2844,7 +2848,7 @@ int Document::elapsedTime() const
|
| return static_cast<int>((currentTime() - m_startTime) * 1000);
|
| }
|
|
|
| -void Document::write(const SegmentedString& text, Document* ownerDocument, ExceptionState& exceptionState)
|
| +void Document::write(const SegmentedString& text, Document* enteredDocument, ExceptionState& exceptionState)
|
| {
|
| if (importLoader()) {
|
| exceptionState.throwDOMException(InvalidStateError, "Imported document doesn't support write().");
|
| @@ -2856,6 +2860,11 @@ void Document::write(const SegmentedString& text, Document* ownerDocument, Excep
|
| return;
|
| }
|
|
|
| + if (enteredDocument && !securityOrigin()->canAccess(enteredDocument->securityOrigin())) {
|
| + exceptionState.throwSecurityError("Can only call write() on same-origin documents.");
|
| + return;
|
| + }
|
| +
|
| NestingLevelIncrementer nestingLevelIncrementer(m_writeRecursionDepth);
|
|
|
| m_writeRecursionIsTooDeep = (m_writeRecursionDepth > 1) && m_writeRecursionIsTooDeep;
|
| @@ -2872,23 +2881,23 @@ void Document::write(const SegmentedString& text, Document* ownerDocument, Excep
|
| }
|
|
|
| if (!hasInsertionPoint)
|
| - open(ownerDocument, ASSERT_NO_EXCEPTION);
|
| + open(enteredDocument, ASSERT_NO_EXCEPTION);
|
|
|
| ASSERT(m_parser);
|
| m_parser->insert(text);
|
| }
|
|
|
| -void Document::write(const String& text, Document* ownerDocument, ExceptionState& exceptionState)
|
| +void Document::write(const String& text, Document* enteredDocument, ExceptionState& exceptionState)
|
| {
|
| - write(SegmentedString(text), ownerDocument, exceptionState);
|
| + write(SegmentedString(text), enteredDocument, exceptionState);
|
| }
|
|
|
| -void Document::writeln(const String& text, Document* ownerDocument, ExceptionState& exceptionState)
|
| +void Document::writeln(const String& text, Document* enteredDocument, ExceptionState& exceptionState)
|
| {
|
| - write(text, ownerDocument, exceptionState);
|
| + write(text, enteredDocument, exceptionState);
|
| if (exceptionState.hadException())
|
| return;
|
| - write("\n", ownerDocument);
|
| + write("\n", enteredDocument);
|
| }
|
|
|
| void Document::write(LocalDOMWindow* callingWindow, const Vector<String>& text, ExceptionState& exceptionState)
|
|
|
Chromium Code Reviews
Issue 1611523002:
Require the entry document to have the same origin as the open()d document (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master