Index: third_party/WebKit/Source/core/html/HTMLFrameElementBase.cpp |
diff --git a/third_party/WebKit/Source/core/html/HTMLFrameElementBase.cpp b/third_party/WebKit/Source/core/html/HTMLFrameElementBase.cpp |
index 5168a162275426a27313b095d744f7cc1b87cfc3..b0f8a39877a55f0f1b0a625959820cfbdedc51e2 100644 |
--- a/third_party/WebKit/Source/core/html/HTMLFrameElementBase.cpp |
+++ b/third_party/WebKit/Source/core/html/HTMLFrameElementBase.cpp |
@@ -23,6 +23,7 @@ |
#include "core/html/HTMLFrameElementBase.h" |
+#include "bindings/core/v8/BindingSecurity.h" |
#include "bindings/core/v8/ScriptController.h" |
#include "bindings/core/v8/ScriptEventListener.h" |
#include "core/HTMLNames.h" |
@@ -49,17 +50,24 @@ HTMLFrameElementBase::HTMLFrameElementBase(const QualifiedName& tagName, |
m_marginWidth(-1), |
m_marginHeight(-1) {} |
-bool HTMLFrameElementBase::isURLAllowed() const { |
+bool HTMLFrameElementBase::isURLAllowed(bool fromLayout) const { |
esprehn
2016/11/15 08:27:12
This check is named wrong, you set that bool insid
|
if (m_URL.isEmpty()) |
return true; |
const KURL& completeURL = document().completeURL(m_URL); |
- if (protocolIsJavaScript(completeURL)) { |
- if (contentFrame() && |
- !ScriptController::canAccessFromCurrentOrigin(toIsolate(&document()), |
- contentFrame())) |
- return false; |
+ if (contentFrame() && protocolIsJavaScript(completeURL)) { |
+ v8::Isolate* isolate = toIsolate(&document()); |
+ if (isolate->InContext()) { |
haraken
2016/11/15 08:44:24
In the first place, would you help me understand w
dcheng
2016/11/15 08:55:07
Here is my understanding:
If there is no current
|
+ if (!BindingSecurity::shouldAllowAccessToFrame( |
+ currentDOMWindow(isolate), contentFrame(), |
+ BindingSecurity::ErrorReportOption::Report)) |
+ return false; |
+ } else { |
+ if (!fromLayout && !document().getSecurityOrigin()->canAccess( |
dcheng
2016/11/15 08:14:21
How come we need to skip this block if we're in la
|
+ contentFrame()->securityContext()->getSecurityOrigin())) |
+ return false; |
+ } |
} |
LocalFrame* parentFrame = document().frame(); |