[SCM] WebKit Debian packaging branch, debian/unstable, updated. debian/1.1.15-1-40151-g37bb677

hyatt hyatt at 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Sat Sep 26 07:47:51 UTC 2009 

The following commit has been merged in the debian/unstable branch:
commit 4de0a6c7d0035a47e4c742fb8f3fc55821d9e269
Author: hyatt <hyatt at 268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date:   Fri Jul 18 19:22:59 2003 +0000

    	Fix for 3334082, XML documents can access HTML/XML docs in other
    	domains.  The basic bug is that we made a change right before
    	1.0 to allow a parent document to access a child frame's document
    	if the child frame had no document.  What we didn't notice was
    	that the ptr was obtained from the part by asking for an HTML
    	document.  For XML documents that failed the cast, we got back
    	null as well, which means that for non-HTML XML documents we
    	always return true from isSafeScript.
    
    	This patch makes sure our addition uses the raw xmlDoc pointer,
    	so that there are no mistakes, and it restores the code that
    	denies access when you aren't an HTML document.
    
    	(It is a separate bug that we just disallow cross-frame
    	communication in XML documents right now that I'll file as
    	a follow-up to this one.)
    
            Reviewed by darin, rjw, mjs
    
            * khtml/ecma/kjs_window.cpp:
            (Window::isSafeScript):
    
    
    git-svn-id: http://svn.webkit.org/repository/webkit/trunk@4671 268f45cc-cd09-0410-ab3c-d52691b4dbfc

diff --git a/WebCore/ChangeLog-2003-10-25 b/WebCore/ChangeLog-2003-10-25
index 0169ea1..22442fd 100644
--- a/WebCore/ChangeLog-2003-10-25
+++ b/WebCore/ChangeLog-2003-10-25
@@ -1,3 +1,27 @@
+2003-07-18  Dave Hyatt  <hyatt at apple.com>
+
+	Fix for 3334082, XML documents can access HTML/XML docs in other
+	domains.  The basic bug is that we made a change right before
+	1.0 to allow a parent document to access a child frame's document
+	if the child frame had no document.  What we didn't notice was
+	that the ptr was obtained from the part by asking for an HTML
+	document.  For XML documents that failed the cast, we got back
+	null as well, which means that for non-HTML XML documents we
+	always return true from isSafeScript.
+
+	This patch makes sure our addition uses the raw xmlDoc pointer,
+	so that there are no mistakes, and it restores the code that
+	denies access when you aren't an HTML document.
+
+	(It is a separate bug that we just disallow cross-frame
+	communication in XML documents right now that I'll file as
+	a follow-up to this one.)
+	
+        Reviewed by darin, rjw, mjs
+
+        * khtml/ecma/kjs_window.cpp:
+        (Window::isSafeScript):
+
 2003-07-15  Dave Hyatt  <hyatt at apple.com>
 
 	Fix for 3300362, crash on myuhc.com.  The residual style code
diff --git a/WebCore/ChangeLog-2005-08-23 b/WebCore/ChangeLog-2005-08-23
index 0169ea1..22442fd 100644
--- a/WebCore/ChangeLog-2005-08-23
+++ b/WebCore/ChangeLog-2005-08-23
@@ -1,3 +1,27 @@
+2003-07-18  Dave Hyatt  <hyatt at apple.com>
+
+	Fix for 3334082, XML documents can access HTML/XML docs in other
+	domains.  The basic bug is that we made a change right before
+	1.0 to allow a parent document to access a child frame's document
+	if the child frame had no document.  What we didn't notice was
+	that the ptr was obtained from the part by asking for an HTML
+	document.  For XML documents that failed the cast, we got back
+	null as well, which means that for non-HTML XML documents we
+	always return true from isSafeScript.
+
+	This patch makes sure our addition uses the raw xmlDoc pointer,
+	so that there are no mistakes, and it restores the code that
+	denies access when you aren't an HTML document.
+
+	(It is a separate bug that we just disallow cross-frame
+	communication in XML documents right now that I'll file as
+	a follow-up to this one.)
+	
+        Reviewed by darin, rjw, mjs
+
+        * khtml/ecma/kjs_window.cpp:
+        (Window::isSafeScript):
+
 2003-07-15  Dave Hyatt  <hyatt at apple.com>
 
 	Fix for 3300362, crash on myuhc.com.  The residual style code
diff --git a/WebCore/khtml/ecma/kjs_window.cpp b/WebCore/khtml/ecma/kjs_window.cpp
index 4787078..b0ca7b8 100644
--- a/WebCore/khtml/ecma/kjs_window.cpp
+++ b/WebCore/khtml/ecma/kjs_window.cpp
@@ -953,19 +953,17 @@ bool Window::isSafeScript(ExecState *exec) const
     return true;
   }
 
+  // JS may be attempting to access the "window" object, which should be valid,
+  // even if the document hasn't been constructed yet.  If the document doesn't
+  // exist yet allow JS to access the window object.
+  if (!m_part->xmlDocImpl())
+      return true;
+  
   DOM::HTMLDocument thisDocument = m_part->htmlDocument();
-#if !APPLE_CHANGES
   if ( thisDocument.isNull() ) {
     kdDebug(6070) << "Window::isSafeScript: trying to access an XML document !?" << endl;
     return false;
   }
-#else
-  // JS may be attempting to access the "window" object, which should be valid,
-  // even if the document hasn't been constructed yet.  If the document doesn't
-  // exist yet allow JS to access the window object.
-  if (thisDocument.isNull())
-    return true;
-#endif
 
   DOM::HTMLDocument actDocument = activePart->htmlDocument();
 

-- 
WebKit Debian packaging

More information about the Pkg-webkit-commits mailing list