third_party/WebKit/Source/core/dom/Document.cpp - Issue 2707113005: The security check in document.write should test for same-origin

Side by Side Diff: third_party/WebKit/Source/core/dom/Document.cpp

Issue 2707113005: The security check in document.write should test for same-origin (Closed)

Patch Set: updates Created 3 years, 10 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

« no previous file with comments | « third_party/WebKit/LayoutTests/external/wpt/html/webappapis/dynamic-markup-insertion/opening-the-input-stream/origin-check-in-document-open-same-origin-domain.sub.html ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

OLD	NEW
1 /*	1 /*

2 * Copyright (C) 1999 Lars Knoll (knoll@kde.org)	2 * Copyright (C) 1999 Lars Knoll (knoll@kde.org)

3 * (C) 1999 Antti Koivisto (koivisto@kde.org)	3 * (C) 1999 Antti Koivisto (koivisto@kde.org)

4 * (C) 2001 Dirk Mueller (mueller@kde.org)	4 * (C) 2001 Dirk Mueller (mueller@kde.org)

5 * (C) 2006 Alexey Proskuryakov (ap@webkit.org)	5 * (C) 2006 Alexey Proskuryakov (ap@webkit.org)

6 * Copyright (C) 2004, 2005, 2006, 2007, 2008, 2009, 2011, 2012 Apple Inc. All	6 * Copyright (C) 2004, 2005, 2006, 2007, 2008, 2009, 2011, 2012 Apple Inc. All

7 * rights reserved.	7 * rights reserved.

8 * Copyright (C) 2008, 2009 Torch Mobile Inc. All rights reserved.	8 * Copyright (C) 2008, 2009 Torch Mobile Inc. All rights reserved.

9 * (http://www.torchmobile.com/)	9 * (http://www.torchmobile.com/)

10 * Copyright (C) 2008, 2009, 2011, 2012 Google Inc. All rights reserved.	10 * Copyright (C) 2008, 2009, 2011, 2012 Google Inc. All rights reserved.

(...skipping 3141 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
3152 }	3152 }

3153	3153

3154 if (m_throwOnDynamicMarkupInsertionCount) {	3154 if (m_throwOnDynamicMarkupInsertionCount) {

3155 exceptionState.throwDOMException(	3155 exceptionState.throwDOMException(

3156 InvalidStateError,	3156 InvalidStateError,

3157 "Custom Element constructor should not use write().");	3157 "Custom Element constructor should not use write().");

3158 return;	3158 return;

3159 }	3159 }

3160	3160

3161 if (enteredDocument &&	3161 if (enteredDocument &&

3162 !getSecurityOrigin()->canAccess(enteredDocument->getSecurityOrigin())) {	3162 !getSecurityOrigin()->isSameSchemeHostPortAndSuborigin(

	3163 enteredDocument->getSecurityOrigin())) {

3163 exceptionState.throwSecurityError(	3164 exceptionState.throwSecurityError(

3164 "Can only call write() on same-origin documents.");	3165 "Can only call write() on same-origin documents.");

3165 return;	3166 return;

3166 }	3167 }

3167	3168

3168 NestingLevelIncrementer nestingLevelIncrementer(m_writeRecursionDepth);	3169 NestingLevelIncrementer nestingLevelIncrementer(m_writeRecursionDepth);

3169	3170

3170 m_writeRecursionIsTooDeep =	3171 m_writeRecursionIsTooDeep =

3171 (m_writeRecursionDepth > 1) && m_writeRecursionIsTooDeep;	3172 (m_writeRecursionDepth > 1) && m_writeRecursionIsTooDeep;

3172 m_writeRecursionIsTooDeep =	3173 m_writeRecursionIsTooDeep =

(...skipping 3443 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
6616 }	6617 }

6617	6618

6618 void showLiveDocumentInstances() {	6619 void showLiveDocumentInstances() {

6619 WeakDocumentSet& set = liveDocumentSet();	6620 WeakDocumentSet& set = liveDocumentSet();

6620 fprintf(stderr, "There are %u documents currently alive:\n", set.size());	6621 fprintf(stderr, "There are %u documents currently alive:\n", set.size());

6621 for (blink::Document* document : set)	6622 for (blink::Document* document : set)

6622 fprintf(stderr, "- Document %p URL: %s\n", document,	6623 fprintf(stderr, "- Document %p URL: %s\n", document,

6623 document->url().getString().utf8().data());	6624 document->url().getString().utf8().data());

6624 }	6625 }

6625 #endif	6626 #endif

OLD	NEW