[SCM] WebKit Debian packaging branch, debian/unstable, updated. debian/1.1.15-1-40151-g37bb677
hyatt
hyatt at 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Sat Sep 26 07:47:51 UTC 2009
The following commit has been merged in the debian/unstable branch:
commit 4de0a6c7d0035a47e4c742fb8f3fc55821d9e269
Author: hyatt <hyatt at 268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date: Fri Jul 18 19:22:59 2003 +0000
Fix for 3334082, XML documents can access HTML/XML docs in other
domains. The basic bug is that we made a change right before
1.0 to allow a parent document to access a child frame's document
if the child frame had no document. What we didn't notice was
that the ptr was obtained from the part by asking for an HTML
document. For XML documents that failed the cast, we got back
null as well, which means that for non-HTML XML documents we
always return true from isSafeScript.
This patch makes sure our addition uses the raw xmlDoc pointer,
so that there are no mistakes, and it restores the code that
denies access when you aren't an HTML document.
(It is a separate bug that we just disallow cross-frame
communication in XML documents right now that I'll file as
a follow-up to this one.)
Reviewed by darin, rjw, mjs
* khtml/ecma/kjs_window.cpp:
(Window::isSafeScript):
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@4671 268f45cc-cd09-0410-ab3c-d52691b4dbfc
diff --git a/WebCore/ChangeLog-2003-10-25 b/WebCore/ChangeLog-2003-10-25
index 0169ea1..22442fd 100644
--- a/WebCore/ChangeLog-2003-10-25
+++ b/WebCore/ChangeLog-2003-10-25
@@ -1,3 +1,27 @@
+2003-07-18 Dave Hyatt <hyatt at apple.com>
+
+ Fix for 3334082, XML documents can access HTML/XML docs in other
+ domains. The basic bug is that we made a change right before
+ 1.0 to allow a parent document to access a child frame's document
+ if the child frame had no document. What we didn't notice was
+ that the ptr was obtained from the part by asking for an HTML
+ document. For XML documents that failed the cast, we got back
+ null as well, which means that for non-HTML XML documents we
+ always return true from isSafeScript.
+
+ This patch makes sure our addition uses the raw xmlDoc pointer,
+ so that there are no mistakes, and it restores the code that
+ denies access when you aren't an HTML document.
+
+ (It is a separate bug that we just disallow cross-frame
+ communication in XML documents right now that I'll file as
+ a follow-up to this one.)
+
+ Reviewed by darin, rjw, mjs
+
+ * khtml/ecma/kjs_window.cpp:
+ (Window::isSafeScript):
+
2003-07-15 Dave Hyatt <hyatt at apple.com>
Fix for 3300362, crash on myuhc.com. The residual style code
diff --git a/WebCore/ChangeLog-2005-08-23 b/WebCore/ChangeLog-2005-08-23
index 0169ea1..22442fd 100644
--- a/WebCore/ChangeLog-2005-08-23
+++ b/WebCore/ChangeLog-2005-08-23
@@ -1,3 +1,27 @@
+2003-07-18 Dave Hyatt <hyatt at apple.com>
+
+ Fix for 3334082, XML documents can access HTML/XML docs in other
+ domains. The basic bug is that we made a change right before
+ 1.0 to allow a parent document to access a child frame's document
+ if the child frame had no document. What we didn't notice was
+ that the ptr was obtained from the part by asking for an HTML
+ document. For XML documents that failed the cast, we got back
+ null as well, which means that for non-HTML XML documents we
+ always return true from isSafeScript.
+
+ This patch makes sure our addition uses the raw xmlDoc pointer,
+ so that there are no mistakes, and it restores the code that
+ denies access when you aren't an HTML document.
+
+ (It is a separate bug that we just disallow cross-frame
+ communication in XML documents right now that I'll file as
+ a follow-up to this one.)
+
+ Reviewed by darin, rjw, mjs
+
+ * khtml/ecma/kjs_window.cpp:
+ (Window::isSafeScript):
+
2003-07-15 Dave Hyatt <hyatt at apple.com>
Fix for 3300362, crash on myuhc.com. The residual style code
diff --git a/WebCore/khtml/ecma/kjs_window.cpp b/WebCore/khtml/ecma/kjs_window.cpp
index 4787078..b0ca7b8 100644
--- a/WebCore/khtml/ecma/kjs_window.cpp
+++ b/WebCore/khtml/ecma/kjs_window.cpp
@@ -953,19 +953,17 @@ bool Window::isSafeScript(ExecState *exec) const
return true;
}
+ // JS may be attempting to access the "window" object, which should be valid,
+ // even if the document hasn't been constructed yet. If the document doesn't
+ // exist yet allow JS to access the window object.
+ if (!m_part->xmlDocImpl())
+ return true;
+
DOM::HTMLDocument thisDocument = m_part->htmlDocument();
-#if !APPLE_CHANGES
if ( thisDocument.isNull() ) {
kdDebug(6070) << "Window::isSafeScript: trying to access an XML document !?" << endl;
return false;
}
-#else
- // JS may be attempting to access the "window" object, which should be valid,
- // even if the document hasn't been constructed yet. If the document doesn't
- // exist yet allow JS to access the window object.
- if (thisDocument.isNull())
- return true;
-#endif
DOM::HTMLDocument actDocument = activePart->htmlDocument();
--
WebKit Debian packaging
More information about the Pkg-webkit-commits
mailing list