[SCM] WebKit Debian packaging branch, debian/unstable, updated. debian/1.1.15-1-40151-g37bb677
mjs
mjs at 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Sat Sep 26 08:18:54 UTC 2009
The following commit has been merged in the debian/unstable branch:
commit 1fd110af15671bdf13873c0e6f399a0acc53fef8
Author: mjs <mjs at 268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date: Sun Dec 14 06:43:46 2003 +0000
Reviewed by Darin.
<rdar://problem/3507885>: REGRESSION (100-116): frames missing due to cross-domain check (derstandard.at)
* khtml/ecma/kjs_window.cpp:
(Window::isSafeScript): Loosen the frame access rules a bit. We already allowed access to
a document loaded as empty from the parent or opener. Now also allow access from any document
in the same domain as the parent or opener, so that, for instance, a sibling frame can access it
so long as it is in the same domain as the parent.
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@5793 268f45cc-cd09-0410-ab3c-d52691b4dbfc
diff --git a/WebCore/ChangeLog-2005-08-23 b/WebCore/ChangeLog-2005-08-23
index db9a46d..8f50443 100644
--- a/WebCore/ChangeLog-2005-08-23
+++ b/WebCore/ChangeLog-2005-08-23
@@ -1,3 +1,15 @@
+2003-12-13 Maciej Stachowiak <mjs at apple.com>
+
+ Reviewed by Darin.
+
+ <rdar://problem/3507885>: REGRESSION (100-116): frames missing due to cross-domain check (derstandard.at)
+
+ * khtml/ecma/kjs_window.cpp:
+ (Window::isSafeScript): Loosen the frame access rules a bit. We already allowed access to
+ a document loaded as empty from the parent or opener. Now also allow access from any document
+ in the same domain as the parent or opener, so that, for instance, a sibling frame can access it
+ so long as it is in the same domain as the parent.
+
2003-12-13 Darin Adler <darin at apple.com>
Reviewed by Maciej.
diff --git a/WebCore/khtml/ecma/kjs_window.cpp b/WebCore/khtml/ecma/kjs_window.cpp
index 04e5bb2..45dde42 100644
--- a/WebCore/khtml/ecma/kjs_window.cpp
+++ b/WebCore/khtml/ecma/kjs_window.cpp
@@ -976,12 +976,6 @@ bool Window::isSafeScript(ExecState *exec) const
if ( activePart == m_part ) // Not calling from another frame, no problem.
return true;
- // allow access from the window that opened this one if it made an initially empty document
- if ( ( activePart == m_part->opener() || activePart == m_part->parentPart() ) &&
- shouldLoadAsEmptyDocument(m_part->url()) ) {
- return true;
- }
-
// JS may be attempting to access the "window" object, which should be valid,
// even if the document hasn't been constructed yet. If the document doesn't
// exist yet allow JS to access the window object.
@@ -1003,9 +997,24 @@ bool Window::isSafeScript(ExecState *exec) const
return true;
DOM::DOMString thisDomain = thisDocument->domain();
+
+ // if this document is being initially loaded as empty by its parent
+ // or opener, allow access from any document in the same domain as
+ // the parent or opener.
+ if (shouldLoadAsEmptyDocument(m_part->url())) {
+ KHTMLPart *ancestorPart = m_part->opener() ? m_part->opener() : m_part->parentPart();
+ while (ancestorPart && shouldLoadAsEmptyDocument(ancestorPart->url())) {
+ ancestorPart = ancestorPart->parentPart();
+ }
+
+ if (ancestorPart)
+ thisDomain = ancestorPart->docImpl()->domain();
+ }
+
//kdDebug(6070) << "current domain:" << actDomain.string() << ", frame domain:" << thisDomain.string() << endl;
if ( actDomain == thisDomain )
return true;
+
#if APPLE_CHANGES
if (Interpreter::shouldPrintExceptions()) {
printf("Unsafe JavaScript attempt to access frame with URL %s from frame with URL %s. Domains must match.\n",
--
WebKit Debian packaging
More information about the Pkg-webkit-commits
mailing list