|
Throw 'SecurityError' upon cross-origin Location access.
As suggested in the HTML specification[1], IE and Firefox (and old
Opera) throw a 'SecurityError' exception upon attempts to access to
Location object properties cross-origin. Chrome and WebKit do not,
instead returning 'undefined' and writing an error to the console.
This has a few negative effects: developers are forced to hack around
access violations in two ways rather than having a single code path, and
(more annoyingly) developers are unable to avoid generating the error
message. See every ad on the internet for the effect on the console. :)
This patch aligns Blink's behavior to IE and Firefox's by adding
'SecurityError' exception to these access violations, which is the first
step towards getting rid of the console spam. A subsequent patch will
adjust the exception's message to contain some sanitized version of the
current access violation detail message, and drop the unavoidable console
messages. There will be much rejoicing.
[1]: http://www.whatwg.org/specs/web-apps/current-work/multipage/history.html#security-location
R=abarth@chromium.org
BUG= 17325
Committed: https://src.chromium.org/viewvc/blink?view=rev&revision=154376
Total comments: 1
Total comments: 1
|
Unified diffs |
Side-by-side diffs |
Delta from patch set |
Stats (+208 lines, -117 lines) |
Patch |
 |
M |
LayoutTests/http/tests/inspector/console-cross-origin-iframe-logging.html
|
View
|
1
|
1 chunk |
+6 lines, -2 lines |
0 comments
|
Download
|
 |
M |
LayoutTests/http/tests/inspector/console-cross-origin-iframe-logging-expected.txt
|
View
|
1
|
1 chunk |
+3 lines, -3 lines |
0 comments
|
Download
|
 |
M |
LayoutTests/http/tests/plugins/cross-frame-object-access-expected.txt
|
View
|
1
|
1 chunk |
+1 line, -0 lines |
0 comments
|
Download
|
 |
M |
LayoutTests/http/tests/plugins/resources/cross-frame-object-access.html
|
View
|
1
|
2 chunks |
+19 lines, -12 lines |
0 comments
|
Download
|
 |
M |
LayoutTests/http/tests/security/XFrameOptions/x-frame-options-deny.html
|
View
|
|
1 chunk |
+6 lines, -5 lines |
0 comments
|
Download
|
 |
M |
LayoutTests/http/tests/security/XFrameOptions/x-frame-options-deny-expected.txt
|
View
|
|
1 chunk |
+1 line, -1 line |
0 comments
|
Download
|
 |
M |
LayoutTests/http/tests/security/XFrameOptions/x-frame-options-deny-meta-tag.html
|
View
|
|
1 chunk |
+6 lines, -5 lines |
0 comments
|
Download
|
 |
M |
LayoutTests/http/tests/security/XFrameOptions/x-frame-options-deny-meta-tag-expected.txt
|
View
|
|
1 chunk |
+1 line, -1 line |
0 comments
|
Download
|
 |
M |
LayoutTests/http/tests/security/XFrameOptions/x-frame-options-deny-meta-tag-in-body.html
|
View
|
|
1 chunk |
+6 lines, -5 lines |
0 comments
|
Download
|
 |
M |
LayoutTests/http/tests/security/XFrameOptions/x-frame-options-deny-meta-tag-in-body-expected.txt
|
View
|
|
1 chunk |
+1 line, -1 line |
0 comments
|
Download
|
 |
M |
LayoutTests/http/tests/security/XFrameOptions/x-frame-options-deny-meta-tag-parent-same-origin-deny.html
|
View
|
|
1 chunk |
+6 lines, -5 lines |
0 comments
|
Download
|
 |
M |
LayoutTests/http/tests/security/XFrameOptions/x-frame-options-deny-meta-tag-parent-same-origin-deny-expected.txt
|
View
|
|
1 chunk |
+1 line, -1 line |
0 comments
|
Download
|
 |
M |
LayoutTests/http/tests/security/XFrameOptions/x-frame-options-multiple-headers-sameorigin-deny.html
|
View
|
|
1 chunk |
+6 lines, -5 lines |
0 comments
|
Download
|
 |
M |
LayoutTests/http/tests/security/XFrameOptions/x-frame-options-multiple-headers-sameorigin-deny-expected.txt
|
View
|
|
1 chunk |
+1 line, -1 line |
0 comments
|
Download
|
 |
M |
LayoutTests/http/tests/security/XFrameOptions/x-frame-options-parent-same-origin-deny.html
|
View
|
|
1 chunk |
+6 lines, -5 lines |
0 comments
|
Download
|
 |
M |
LayoutTests/http/tests/security/XFrameOptions/x-frame-options-parent-same-origin-deny-expected.txt
|
View
|
|
1 chunk |
+1 line, -1 line |
0 comments
|
Download
|
 |
M |
LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-allow-block-expected.txt
|
View
|
|
1 chunk |
+0 lines, -2 lines |
0 comments
|
Download
|
 |
M |
LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-block-allow-expected.txt
|
View
|
|
1 chunk |
+0 lines, -2 lines |
0 comments
|
Download
|
 |
M |
LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-block-block-expected.txt
|
View
|
|
1 chunk |
+0 lines, -2 lines |
0 comments
|
Download
|
 |
M |
LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-block-filter-expected.txt
|
View
|
|
1 chunk |
+0 lines, -2 lines |
0 comments
|
Download
|
 |
M |
LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-block-invalid-expected.txt
|
View
|
|
1 chunk |
+0 lines, -2 lines |
0 comments
|
Download
|
 |
M |
LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-block-unset-expected.txt
|
View
|
|
1 chunk |
+0 lines, -2 lines |
0 comments
|
Download
|
 |
M |
LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-filter-block-expected.txt
|
View
|
|
1 chunk |
+0 lines, -2 lines |
0 comments
|
Download
|
 |
M |
LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-invalid-block-expected.txt
|
View
|
|
1 chunk |
+0 lines, -2 lines |
0 comments
|
Download
|
 |
M |
LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-unset-block-expected.txt
|
View
|
|
1 chunk |
+0 lines, -2 lines |
0 comments
|
Download
|
 |
M |
LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-block-expected.txt
|
View
|
|
1 chunk |
+1 line, -1 line |
0 comments
|
Download
|
 |
M |
LayoutTests/http/tests/security/contentSecurityPolicy/resources/reflected-xss-and-xss-protection.js
|
View
|
|
1 chunk |
+1 line, -1 line |
0 comments
|
Download
|
 |
M |
LayoutTests/http/tests/security/cross-frame-access-callback-explicit-domain-DENY-expected.txt
|
View
|
|
2 chunks |
+3 lines, -0 lines |
0 comments
|
Download
|
 |
M |
LayoutTests/http/tests/security/cross-frame-access-delete.html
|
View
|
|
1 chunk |
+2 lines, -2 lines |
0 comments
|
Download
|
 |
M |
LayoutTests/http/tests/security/cross-frame-access-delete-expected.txt
|
View
|
|
1 chunk |
+2 lines, -2 lines |
0 comments
|
Download
|
 |
M |
LayoutTests/http/tests/security/cross-frame-access-enumeration.html
|
View
|
|
1 chunk |
+20 lines, -10 lines |
0 comments
|
Download
|
 |
M |
LayoutTests/http/tests/security/cross-frame-access-enumeration-expected.txt
|
View
|
|
1 chunk |
+1 line, -0 lines |
0 comments
|
Download
|
 |
M |
LayoutTests/http/tests/security/cross-frame-access-location-get.html
|
View
|
|
2 chunks |
+14 lines, -1 line |
0 comments
|
Download
|
 |
M |
LayoutTests/http/tests/security/cross-frame-access-location-get-expected.txt
|
View
|
|
3 chunks |
+24 lines, -1 line |
0 comments
|
Download
|
 |
M |
LayoutTests/http/tests/security/cross-frame-access-location-put-expected.txt
|
View
|
|
1 chunk |
+5 lines, -0 lines |
0 comments
|
Download
|
 |
M |
LayoutTests/http/tests/security/resources/cross-frame-access.js
|
View
|
|
1 chunk |
+18 lines, -0 lines |
0 comments
|
Download
|
 |
M |
LayoutTests/http/tests/security/resources/cross-frame-iframe-callback-explicit-domain-DENY.html
|
View
|
|
1 chunk |
+2 lines, -1 line |
0 comments
|
Download
|
 |
M |
LayoutTests/http/tests/security/resources/cross-frame-iframe-for-location-get-test.html
|
View
|
|
1 chunk |
+2 lines, -1 line |
0 comments
|
Download
|
 |
M |
LayoutTests/http/tests/security/sandboxed-iframe-blocks-access-from-parent.html
|
View
|
|
1 chunk |
+7 lines, -3 lines |
0 comments
|
Download
|
 |
M |
LayoutTests/http/tests/security/sandboxed-iframe-blocks-access-from-parent-expected.txt
|
View
|
|
1 chunk |
+2 lines, -1 line |
0 comments
|
Download
|
 |
M |
LayoutTests/http/tests/security/xss-DENIED-assign-location-hash-expected.txt
|
View
|
|
1 chunk |
+1 line, -0 lines |
0 comments
|
Download
|
 |
M |
LayoutTests/http/tests/security/xss-DENIED-assign-location-host-expected.txt
|
View
|
|
1 chunk |
+1 line, -0 lines |
0 comments
|
Download
|
 |
M |
LayoutTests/http/tests/security/xss-DENIED-assign-location-hostname-expected.txt
|
View
|
|
1 chunk |
+1 line, -0 lines |
0 comments
|
Download
|
 |
M |
LayoutTests/http/tests/security/xss-DENIED-assign-location-nonstandardProperty-expected.txt
|
View
|
|
1 chunk |
+1 line, -0 lines |
0 comments
|
Download
|
 |
M |
LayoutTests/http/tests/security/xss-DENIED-assign-location-pathname-expected.txt
|
View
|
|
1 chunk |
+1 line, -0 lines |
0 comments
|
Download
|
 |
M |
LayoutTests/http/tests/security/xss-DENIED-assign-location-protocol-expected.txt
|
View
|
|
1 chunk |
+1 line, -0 lines |
0 comments
|
Download
|
 |
M |
LayoutTests/http/tests/security/xss-DENIED-assign-location-reload-expected.txt
|
View
|
|
1 chunk |
+1 line, -0 lines |
0 comments
|
Download
|
 |
M |
LayoutTests/http/tests/security/xss-DENIED-assign-location-search-expected.txt
|
View
|
|
1 chunk |
+1 line, -0 lines |
0 comments
|
Download
|
 |
M |
LayoutTests/http/tests/security/xssAuditor/block-does-not-leak-location.html
|
View
|
|
1 chunk |
+1 line, -2 lines |
0 comments
|
Download
|
 |
M |
LayoutTests/http/tests/security/xssAuditor/block-does-not-leak-location-expected.txt
|
View
|
|
1 chunk |
+1 line, -5 lines |
0 comments
|
Download
|
 |
M |
LayoutTests/http/tests/security/xssAuditor/full-block-base-href-expected.txt
|
View
|
|
1 chunk |
+1 line, -1 line |
0 comments
|
Download
|
 |
M |
LayoutTests/http/tests/security/xssAuditor/full-block-iframe-javascript-url-expected.txt
|
View
|
|
1 chunk |
+1 line, -1 line |
0 comments
|
Download
|
 |
M |
LayoutTests/http/tests/security/xssAuditor/full-block-javascript-link-expected.txt
|
View
|
|
1 chunk |
+1 line, -1 line |
0 comments
|
Download
|
 |
M |
LayoutTests/http/tests/security/xssAuditor/full-block-link-onclick-expected.txt
|
View
|
|
1 chunk |
+1 line, -1 line |
0 comments
|
Download
|
 |
M |
LayoutTests/http/tests/security/xssAuditor/full-block-object-tag-expected.txt
|
View
|
|
1 chunk |
+1 line, -1 line |
0 comments
|
Download
|
 |
M |
LayoutTests/http/tests/security/xssAuditor/full-block-script-tag-cross-domain-expected.txt
|
View
|
|
1 chunk |
+1 line, -1 line |
0 comments
|
Download
|
 |
M |
LayoutTests/http/tests/security/xssAuditor/full-block-script-tag-expected.txt
|
View
|
|
1 chunk |
+1 line, -1 line |
0 comments
|
Download
|
 |
M |
LayoutTests/http/tests/security/xssAuditor/full-block-script-tag-with-source-expected.txt
|
View
|
|
1 chunk |
+1 line, -1 line |
0 comments
|
Download
|
 |
M |
LayoutTests/http/tests/security/xssAuditor/resources/utilities.js
|
View
|
|
1 chunk |
+7 lines, -5 lines |
0 comments
|
Download
|
 |
M |
LayoutTests/http/tests/security/xssAuditor/xss-protection-parsing-03-expected.txt
|
View
|
|
1 chunk |
+1 line, -1 line |
0 comments
|
Download
|
 |
M |
LayoutTests/http/tests/security/xssAuditor/xss-protection-parsing-04-expected.txt
|
View
|
|
1 chunk |
+1 line, -1 line |
0 comments
|
Download
|
 |
M |
Source/bindings/v8/V8Initializer.cpp
|
View
|
|
2 chunks |
+6 lines, -0 lines |
1 comment
|
Download
|
Total messages: 12 (0 generated)
|