Chromium Code Reviews Chromium Code Reviews
Issue 406143004:
Bugfix in html_dart2js: Detect window objects in a way compatible with cross domain iframes (Closed)
Base URL: https://dart.googlecode.com/svn/branches/bleeding_edge| Index: dart/sdk/lib/html/dart2js/html_dart2js.dart |
| diff --git a/dart/sdk/lib/html/dart2js/html_dart2js.dart b/dart/sdk/lib/html/dart2js/html_dart2js.dart |
| index 7a2e9050709f9a44b31f75fa7ede832280a597d0..7c57b6e5de9203b7d6503aea8e388c180b0928ba 100644 |
| --- a/dart/sdk/lib/html/dart2js/html_dart2js.dart |
| +++ b/dart/sdk/lib/html/dart2js/html_dart2js.dart |
| @@ -35436,10 +35436,10 @@ EventTarget _convertNativeToDart_EventTarget(e) { |
| if (e == null) { |
| return null; |
| } |
| - // Assume it's a Window if it contains the setInterval property. It may be |
| + // Assume it's a Window if it contains the self/window properties. It may be |
|
blois
2014/07/23 17:35:04
This change needs to be made in:
https://code.goog
kustermann
2014/07/23 20:10:49
Done.
|
| // from a different frame - without a patched prototype - so we cannot |
| // rely on Dart type checking. |
| - if (JS('bool', r'"setInterval" in #', e)) { |
| + if (JS('bool', r'"self" in # && "window" in #', e, e)) { |
|
blois
2014/07/23 17:35:04
The primary API exposed by _DOMWindowCrossFrame is
floitsch
2014/07/23 17:57:36
That would bring it back to being a security viola
kustermann
2014/07/23 20:10:49
Good point. Done.
[I searched a bit on the intern
kustermann
2014/07/23 20:10:49
That's actually not a security violation, because
|
| var window = _DOMWindowCrossFrame._createSafe(e); |
| // If it's a native window. |
| if (window is EventTarget) { |
