third_party/WebKit/Source/core/html/HTMLFrameElementBase.cpp - Issue 2183423002: Only do security checks on javascript: URLs for frames for loading

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: third_party/WebKit/Source/core/html/HTMLFrameElementBase.cpp

Issue 2183423002: Only do security checks on javascript: URLs for frames for loading (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: updates Created 4 years, 5 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: third_party/WebKit/Source/core/html/HTMLFrameElementBase.cpp

diff --git a/third_party/WebKit/Source/core/html/HTMLFrameElementBase.cpp b/third_party/WebKit/Source/core/html/HTMLFrameElementBase.cpp

index 0c5029c6cb5d1b06cf5593ce1729964e2dd6cfc7..d305f26a306c37e350195823bbcfa38dff3ba5e6 100644

--- a/third_party/WebKit/Source/core/html/HTMLFrameElementBase.cpp

+++ b/third_party/WebKit/Source/core/html/HTMLFrameElementBase.cpp

@@ -47,6 +47,7 @@ HTMLFrameElementBase::HTMLFrameElementBase(const QualifiedName& tagName, Documen

, m_scrollingMode(ScrollbarAuto)

, m_marginWidth(-1)

, m_marginHeight(-1)

+ , m_javaScriptURLCanAccessFrame(false)

{

}

@@ -57,10 +58,8 @@ bool HTMLFrameElementBase::isURLAllowed() const

const KURL& completeURL = document().completeURL(m_URL);

- if (protocolIsJavaScript(completeURL)) {

- if (contentFrame() && !ScriptController::canAccessFromCurrentOrigin(toIsolate(&document()), contentFrame()))

- return false;

- }

+ if (protocolIsJavaScript(completeURL) && !m_javaScriptURLCanAccessFrame)

+ return false;

LocalFrame* parentFrame = document().frame();

if (parentFrame)

@@ -188,6 +187,21 @@ void HTMLFrameElementBase::attachLayoutTree(const AttachContext& context)

void HTMLFrameElementBase::setLocation(const String& str)

{

m_URL = AtomicString(str);

+ m_javaScriptURLCanAccessFrame = false;

+ if (!m_URL.isEmpty()) {

dcheng 2016/07/28 08:55:03 OK, so I thought this would be better, but the mor

+ const KURL& completeURL = document().completeURL(m_URL);

+ if (protocolIsJavaScript(completeURL)) {

+ if (contentFrame()) {

+ v8::Isolate* isolate = toIsolate(&document());

+ SECURITY_CHECK(isolate->InContext());

+ if (ScriptController::canAccessFromCurrentOrigin(toIsolate(&document()), contentFrame()))

+ m_javaScriptURLCanAccessFrame = true;

+ } else {

+ m_javaScriptURLCanAccessFrame = true;

+ }

if (isConnected())

openURL(false);

« no previous file with comments | « third_party/WebKit/Source/core/html/HTMLFrameElementBase.h ('k') | no next file » | no next file with comments »