Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(909)

Issues Search
    My Issues | Starred     Open | Closed | All

Issue 2705783004: Throw security errors for attribute access on detached windows. (Closed)

Created:
3 years, 10 months ago by dcheng
Modified:
3 years, 10 months ago
CC:
chromium-reviews, blink-reviews, blink-reviews-bindings_chromium.org
Target Ref:
refs/pending/heads/master
Project:
chromium
Visibility:
Public.

Description

Throw security errors for attribute access on detached windows. BUG=693695

Patch Set 1 #

Total comments: 3

Patch Set 2 : Bad tests #

Unified diffs Side-by-side diffs Delta from patch set Stats (+98 lines, -398 lines) Patch
M third_party/WebKit/LayoutTests/fast/dom/Window/orphaned-frame-access-expected.txt View 1 1 chunk +2 lines, -4 lines 0 comments Download
M third_party/WebKit/LayoutTests/fast/dom/Window/property-access-on-cached-properties-after-frame-navigated-expected.txt View 1 1 chunk +9 lines, -9 lines 0 comments Download
M third_party/WebKit/LayoutTests/fast/dom/Window/property-access-on-cached-properties-after-frame-removed-and-gced-expected.txt View 1 1 chunk +9 lines, -9 lines 0 comments Download
M third_party/WebKit/LayoutTests/fast/dom/Window/property-access-on-cached-properties-after-frame-removed-expected.txt View 1 1 chunk +9 lines, -9 lines 0 comments Download
M third_party/WebKit/LayoutTests/fast/dom/Window/property-access-on-cached-window-after-frame-removed-and-gced-expected.txt View 1 1 chunk +2 lines, -178 lines 0 comments Download
M third_party/WebKit/LayoutTests/fast/dom/Window/property-access-on-cached-window-after-frame-removed-expected.txt View 1 2 chunks +3 lines, -178 lines 0 comments Download
M third_party/WebKit/LayoutTests/fast/dom/Window/window-postmessage-clone-deep-array-expected.txt View 1 1 chunk +1 line, -1 line 0 comments Download
A third_party/WebKit/LayoutTests/http/tests/security/detached-cross-frame-access.html View 1 chunk +28 lines, -0 lines 0 comments Download
A third_party/WebKit/LayoutTests/http/tests/security/detached-cross-frame-access-expected.txt View 1 chunk +8 lines, -0 lines 0 comments Download
M third_party/WebKit/Source/bindings/core/v8/BindingSecurity.cpp View 1 chunk +16 lines, -10 lines 0 comments Download
M third_party/WebKit/Source/bindings/core/v8/V8Initializer.cpp View 1 chunk +11 lines, -0 lines 0 comments Download

Messages

Total messages: 9 (4 generated)
dcheng
https://codereview.chromium.org/2705783004/diff/1/third_party/WebKit/LayoutTests/http/tests/security/detached-cross-frame-access.html File third_party/WebKit/LayoutTests/http/tests/security/detached-cross-frame-access.html (right): https://codereview.chromium.org/2705783004/diff/1/third_party/WebKit/LayoutTests/http/tests/security/detached-cross-frame-access.html#newcode16 third_party/WebKit/LayoutTests/http/tests/security/detached-cross-frame-access.html:16: test(function() { This is a bit unsatisfactory, but otherwise, ...
3 years, 10 months ago (2017-02-19 09:05:51 UTC) #2
haraken
LGTM on my side. https://codereview.chromium.org/2705783004/diff/1/third_party/WebKit/Source/bindings/core/v8/BindingSecurity.cpp File third_party/WebKit/Source/bindings/core/v8/BindingSecurity.cpp (right): https://codereview.chromium.org/2705783004/diff/1/third_party/WebKit/Source/bindings/core/v8/BindingSecurity.cpp#newcode262 third_party/WebKit/Source/bindings/core/v8/BindingSecurity.cpp:262: LocalDOMWindow* callingWindow = currentDOMWindow(isolate); Nit: ...
3 years, 10 months ago (2017-02-19 09:14:10 UTC) #5
dcheng
https://codereview.chromium.org/2705783004/diff/1/third_party/WebKit/Source/bindings/core/v8/BindingSecurity.cpp File third_party/WebKit/Source/bindings/core/v8/BindingSecurity.cpp (right): https://codereview.chromium.org/2705783004/diff/1/third_party/WebKit/Source/bindings/core/v8/BindingSecurity.cpp#newcode262 third_party/WebKit/Source/bindings/core/v8/BindingSecurity.cpp:262: LocalDOMWindow* callingWindow = currentDOMWindow(isolate); On 2017/02/19 09:14:10, haraken wrote: ...
3 years, 10 months ago (2017-02-19 09:19:46 UTC) #6
haraken
On 2017/02/19 09:19:46, dcheng wrote: > https://codereview.chromium.org/2705783004/diff/1/third_party/WebKit/Source/bindings/core/v8/BindingSecurity.cpp > File third_party/WebKit/Source/bindings/core/v8/BindingSecurity.cpp (right): > > https://codereview.chromium.org/2705783004/diff/1/third_party/WebKit/Source/bindings/core/v8/BindingSecurity.cpp#newcode262 > ...
3 years, 10 months ago (2017-02-19 09:41:19 UTC) #7
dcheng
3 years, 10 months ago (2017-02-19 09:52:20 UTC) #8 
On 2017/02/19 09:19:46, dcheng wrote:
>
https://codereview.chromium.org/2705783004/diff/1/third_party/WebKit/Source/b...
> File third_party/WebKit/Source/bindings/core/v8/BindingSecurity.cpp (right):
> 
>
https://codereview.chromium.org/2705783004/diff/1/third_party/WebKit/Source/b...
> third_party/WebKit/Source/bindings/core/v8/BindingSecurity.cpp:262:
> LocalDOMWindow* callingWindow = currentDOMWindow(isolate);
> On 2017/02/19 09:14:10, haraken wrote:
> > 
> > Nit: callingWindow => currentWindow
> > 
> > (We removed the concept of CallingContext.)
> 
> Yeah, the reason I named it like this is for consistency with the
> crossDomainAccessErrorMessage's and sanitizedCrossDomainAccessErrorMessage's
> argument. Is it OK to fix this in a followup?

OK, I guess this patch is not going to be so simple after all, it changes quite
a few results.

Powered by Google App Engine
This is Rietveld 408576698