Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(381)

Issues Search
    My Issues | Starred     Open | Closed | All

Issue 2691083006: The security check in document.open should test for same-origin (Closed)

Created:
3 years, 10 months ago by jochen (gone - plz use gerrit)
Modified:
3 years, 10 months ago
Reviewers:
Mike West
CC:
blink-reviews, blink-reviews-dom_chromium.org, chromium-reviews, dglazkov+blink, eae+blinkwatch, rwlbuis, sof
Target Ref:
refs/pending/heads/master
Project:
chromium
Visibility:
Public.

Description

The security check in document.open should test for same-origin And not for same-origin domain, see https://github.com/whatwg/html/issues/2282 R=mkwst@chromium.org BUG= Review-Url: https://codereview.chromium.org/2691083006 Cr-Commit-Position: refs/heads/master@{#450684} Committed: https://chromium.googlesource.com/chromium/src/+/df05e7ac8ec9c43c03b8e066b3cf538c2c274cef

Patch Set 1 #

Total comments: 1
Unified diffs Side-by-side diffs Delta from patch set Stats (+3 lines, -2 lines) Patch
M third_party/WebKit/LayoutTests/fast/parser/resources/document-open-in-unload-inner.html View 1 chunk +1 line, -1 line 1 comment Download
M third_party/WebKit/Source/core/dom/Document.cpp View 1 chunk +2 lines, -1 line 0 comments Download

Messages

Total messages: 13 (7 generated)
jochen (gone - plz use gerrit)
3 years, 10 months ago (2017-02-15 09:16:41 UTC) #1
Mike West
https://codereview.chromium.org/2691083006/diff/1/third_party/WebKit/LayoutTests/fast/parser/resources/document-open-in-unload-inner.html File third_party/WebKit/LayoutTests/fast/parser/resources/document-open-in-unload-inner.html (right): https://codereview.chromium.org/2691083006/diff/1/third_party/WebKit/LayoutTests/fast/parser/resources/document-open-in-unload-inner.html#newcode2 third_party/WebKit/LayoutTests/fast/parser/resources/document-open-in-unload-inner.html:2: <iframe srcdoc="Hi"></iframe> I don't understand how this tests the ...
3 years, 10 months ago (2017-02-15 11:36:15 UTC) #4
jochen (gone - plz use gerrit)
tests are here: https://github.com/w3c/web-platform-tests/pull/4642
3 years, 10 months ago (2017-02-15 12:13:50 UTC) #7
Mike West
Ok. LGTM, assuming those tests pass after the patch.
3 years, 10 months ago (2017-02-15 12:57:23 UTC) #8
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.org/2691083006/1
3 years, 10 months ago (2017-02-15 13:16:30 UTC) #10
commit-bot: I haz the power
3 years, 10 months ago (2017-02-15 13:22:22 UTC) #13
Message was sent while issue was closed. 
Committed patchset #1 (id:1) as
https://chromium.googlesource.com/chromium/src/+/df05e7ac8ec9c43c03b8e066b3cf...

Powered by Google App Engine
This is Rietveld 408576698