Diff
Modified: trunk/LayoutTests/ChangeLog (123342 => 123343)
--- trunk/LayoutTests/ChangeLog 2012-07-23 15:49:29 UTC (rev 123342)
+++ trunk/LayoutTests/ChangeLog 2012-07-23 15:50:29 UTC (rev 123343)
@@ -1,3 +1,33 @@
+2012-07-21 Vincent Scheib <sch...@chromium.org>
+
+ webkitFullscreenElement, webkitCurrentFullScreenElement, webkitPointerLockElement block cross origin access.
+ https://bugs.webkit.org/show_bug.cgi?id=91892
+
+ Reviewed by Adam Barth.
+
+ Tests verifying the behavior of accessing
+ webkitFullscreenElement, webkitCurrentFullScreenElement, webkitPointerLockElement
+ from different origins.
+
+ * http/tests/fullscreen/fullscreenelement-different-origin-expected.txt: Added.
+ * http/tests/fullscreen/fullscreenelement-different-origin.html: Added.
+ * http/tests/fullscreen/fullscreenelement-same-origin-expected.txt: Added.
+ * http/tests/fullscreen/fullscreenelement-same-origin.html: Added.
+ * http/tests/pointer-lock/pointerlockelement-different-origin-expected.txt: Added.
+ * http/tests/pointer-lock/pointerlockelement-different-origin.html: Added.
+ * http/tests/pointer-lock/pointerlockelement-same-origin-expected.txt: Added.
+ * http/tests/pointer-lock/pointerlockelement-same-origin.html: Added.
+ * http/tests/resources/pointer-lock/iframe-common.js: Added.
+ (thisFileName):
+ (window.onmessage):
+ * http/tests/resources/pointer-lock/inner-iframe.html: Added.
+ * http/tests/resources/pointer-lock/pointer-lock-test-harness.js:
+ (runOnKeyPress.keypressHandler):
+ * pointer-lock/locked-element-iframe-removed-from-dom-expected.txt:
+ * pointer-lock/locked-element-iframe-removed-from-dom.html:
+ * pointer-lock/locked-element-removed-from-dom-expected.txt:
+ * pointer-lock/locked-element-removed-from-dom.html:
+
2012-07-23 Zan Dobersek <zandober...@gmail.com>
Unreviewed GTK gardening, adding the WONTFIX modifier to a few more tests,
Added: trunk/LayoutTests/http/tests/fullscreen/fullscreenelement-different-origin-expected.txt (0 => 123343)
--- trunk/LayoutTests/http/tests/fullscreen/fullscreenelement-different-origin-expected.txt (rev 0)
+++ trunk/LayoutTests/http/tests/fullscreen/fullscreenelement-different-origin-expected.txt 2012-07-23 15:50:29 UTC (rev 123343)
@@ -0,0 +1,13 @@
+Test iframe from different origin can not access webkitFullscreenElement.
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+PASS document.webkitFullscreenElement is targetDiv1
+PASS document.webkitCurrentFullScreenElement is targetDiv1
+PASS message is "inner-iframe.html document.webkitFullscreenElement = null"
+PASS message is "inner-iframe.html document.webkitCurrentFullScreenElement = null"
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
Property changes on: trunk/LayoutTests/http/tests/fullscreen/fullscreenelement-different-origin-expected.txt
___________________________________________________________________
Added: svn:eol-style
Added: trunk/LayoutTests/http/tests/fullscreen/fullscreenelement-different-origin.html (0 => 123343)
--- trunk/LayoutTests/http/tests/fullscreen/fullscreenelement-different-origin.html (rev 0)
+++ trunk/LayoutTests/http/tests/fullscreen/fullscreenelement-different-origin.html 2012-07-23 15:50:29 UTC (rev 123343)
@@ -0,0 +1,52 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+<script src=""
+<script src=""
+</head>
+<body>
+<div>
+ <div id="target1"></div>
+ <iframe src="" _onload_="doNextStepWithUserGesture()"></iframe>
+</div>
+<script>
+ description("Test iframe from different origin can not access webkitFullscreenElement.")
+ window.jsTestIsAsync = true;
+
+ targetDiv1 = document.getElementById("target1");
+ iframe = document.getElementsByTagName("iframe")[0];
+
+ todo = [
+ function () {
+ document._onwebkitfullscreenchange_ = function () { doNextStep(); document._onwebkitfullscreenchange_ = null; }
+ targetDiv1.webkitRequestFullscreen();
+ },
+ function () {
+ shouldBe("document.webkitFullscreenElement", "targetDiv1");
+ shouldBe("document.webkitCurrentFullScreenElement", "targetDiv1");
+ doNextStep();
+ },
+ function () {
+ iframe.contentWindow.postMessage(["eval", 'parent.postMessage(thisFileName() + " document.webkitFullscreenElement = " + document.webkitFullscreenElement, "*")'], "*");
+ window._onmessage_ = function (messageEvent) {
+ message = messageEvent.data;
+ shouldBeEqualToString("message", "inner-iframe.html document.webkitFullscreenElement = null");
+ window._onmessage_ = null;
+ doNextStep();
+ }
+ },
+ function () {
+ iframe.contentWindow.postMessage(["eval", 'parent.postMessage(thisFileName() + " document.webkitCurrentFullScreenElement = " + document.webkitCurrentFullScreenElement, "*")'], "*");
+ window._onmessage_ = function (messageEvent) {
+ message = messageEvent.data;
+ shouldBeEqualToString("message", "inner-iframe.html document.webkitCurrentFullScreenElement = null");
+ window._onmessage_ = null;
+ doNextStep();
+ }
+ },
+ ];
+ // doNextStep() called by iframe onload handler.
+</script>
+<script src=""
+</body>
+</html>
Property changes on: trunk/LayoutTests/http/tests/fullscreen/fullscreenelement-different-origin.html
___________________________________________________________________
Added: svn:eol-style
Added: trunk/LayoutTests/http/tests/fullscreen/fullscreenelement-same-origin-expected.txt (0 => 123343)
--- trunk/LayoutTests/http/tests/fullscreen/fullscreenelement-same-origin-expected.txt (rev 0)
+++ trunk/LayoutTests/http/tests/fullscreen/fullscreenelement-same-origin-expected.txt 2012-07-23 15:50:29 UTC (rev 123343)
@@ -0,0 +1,13 @@
+Test iframe from same origin can not access webkitFullscreenElement.
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+PASS document.webkitFullscreenElement is targetDiv1
+PASS document.webkitCurrentFullScreenElement is targetDiv1
+PASS message is "inner-iframe.html document.webkitFullscreenElement = null"
+PASS message is "inner-iframe.html document.webkitCurrentFullScreenElement = null"
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
Property changes on: trunk/LayoutTests/http/tests/fullscreen/fullscreenelement-same-origin-expected.txt
___________________________________________________________________
Added: svn:eol-style
Added: trunk/LayoutTests/http/tests/fullscreen/fullscreenelement-same-origin.html (0 => 123343)
--- trunk/LayoutTests/http/tests/fullscreen/fullscreenelement-same-origin.html (rev 0)
+++ trunk/LayoutTests/http/tests/fullscreen/fullscreenelement-same-origin.html 2012-07-23 15:50:29 UTC (rev 123343)
@@ -0,0 +1,52 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+<script src=""
+<script src=""
+</head>
+<body>
+<div>
+ <div id="target1"></div>
+ <iframe src="" _onload_="doNextStepWithUserGesture()"></iframe>
+</div>
+<script>
+ description("Test iframe from same origin can not access webkitFullscreenElement.")
+ window.jsTestIsAsync = true;
+
+ targetDiv1 = document.getElementById("target1");
+ iframe = document.getElementsByTagName("iframe")[0];
+
+ todo = [
+ function () {
+ document._onwebkitfullscreenchange_ = function () { doNextStep(); document._onwebkitfullscreenchange_ = null; }
+ targetDiv1.webkitRequestFullscreen();
+ },
+ function () {
+ shouldBe("document.webkitFullscreenElement", "targetDiv1");
+ shouldBe("document.webkitCurrentFullScreenElement", "targetDiv1");
+ doNextStep();
+ },
+ function () {
+ iframe.contentWindow.postMessage(["eval", 'parent.postMessage(thisFileName() + " document.webkitFullscreenElement = " + document.webkitFullscreenElement, "*")'], "*");
+ window._onmessage_ = function (messageEvent) {
+ message = messageEvent.data;
+ shouldBeEqualToString("message", "inner-iframe.html document.webkitFullscreenElement = null");
+ window._onmessage_ = null;
+ doNextStep();
+ }
+ },
+ function () {
+ iframe.contentWindow.postMessage(["eval", 'parent.postMessage(thisFileName() + " document.webkitCurrentFullScreenElement = " + document.webkitCurrentFullScreenElement, "*")'], "*");
+ window._onmessage_ = function (messageEvent) {
+ message = messageEvent.data;
+ shouldBeEqualToString("message", "inner-iframe.html document.webkitCurrentFullScreenElement = null");
+ window._onmessage_ = null;
+ doNextStep();
+ }
+ },
+ ];
+ // doNextStep() called by iframe onload handler.
+</script>
+<script src=""
+</body>
+</html>
Property changes on: trunk/LayoutTests/http/tests/fullscreen/fullscreenelement-same-origin.html
___________________________________________________________________
Added: svn:eol-style
Added: trunk/LayoutTests/http/tests/pointer-lock/pointerlockelement-different-origin-expected.txt (0 => 123343)
--- trunk/LayoutTests/http/tests/pointer-lock/pointerlockelement-different-origin-expected.txt (rev 0)
+++ trunk/LayoutTests/http/tests/pointer-lock/pointerlockelement-different-origin-expected.txt 2012-07-23 15:50:29 UTC (rev 123343)
@@ -0,0 +1,13 @@
+Test iframe from different origin can not access webkitPointerLockElement.
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+ Lock targetDiv1.
+PASS onwebkitpointerlockchange received after: Lock targetDiv1.
+PASS document.webkitPointerLockElement is targetDiv1
+PASS message is "inner-iframe.html document.webkitPointerLockElement = null"
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
Property changes on: trunk/LayoutTests/http/tests/pointer-lock/pointerlockelement-different-origin-expected.txt
___________________________________________________________________
Added: svn:eol-style
Added: trunk/LayoutTests/http/tests/pointer-lock/pointerlockelement-different-origin.html (0 => 123343)
--- trunk/LayoutTests/http/tests/pointer-lock/pointerlockelement-different-origin.html (rev 0)
+++ trunk/LayoutTests/http/tests/pointer-lock/pointerlockelement-different-origin.html 2012-07-23 15:50:29 UTC (rev 123343)
@@ -0,0 +1,43 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+<script src=""
+<script src=""
+</head>
+<body>
+<div>
+ <div id="target1"></div>
+ <iframe src="" _onload_="doNextStepWithUserGesture()"></iframe>
+</div>
+<script>
+ description("Test iframe from different origin can not access webkitPointerLockElement.")
+ window.jsTestIsAsync = true;
+
+ targetDiv1 = document.getElementById("target1");
+ iframe = document.getElementsByTagName("iframe")[0];
+
+ todo = [
+ function () {
+ expectOnlyChangeEvent("Lock targetDiv1.");
+ targetDiv1.webkitRequestPointerLock();
+ // doNextStep called by event handler.
+ },
+ function () {
+ shouldBe("document.webkitPointerLockElement", "targetDiv1");
+ doNextStep();
+ },
+ function () {
+ iframe.contentWindow.postMessage(["eval", 'parent.postMessage(thisFileName() + " document.webkitPointerLockElement = " + document.webkitPointerLockElement, "*")'], "*");
+ window._onmessage_ = function (messageEvent) {
+ message = messageEvent.data;
+ shouldBeEqualToString("message", "inner-iframe.html document.webkitPointerLockElement = null");
+ window._onmessage_ = null;
+ doNextStep();
+ }
+ },
+ ];
+ // doNextStep() called by iframe onload handler.
+</script>
+<script src=""
+</body>
+</html>
Property changes on: trunk/LayoutTests/http/tests/pointer-lock/pointerlockelement-different-origin.html
___________________________________________________________________
Added: svn:eol-style
Added: trunk/LayoutTests/http/tests/pointer-lock/pointerlockelement-same-origin-expected.txt (0 => 123343)
--- trunk/LayoutTests/http/tests/pointer-lock/pointerlockelement-same-origin-expected.txt (rev 0)
+++ trunk/LayoutTests/http/tests/pointer-lock/pointerlockelement-same-origin-expected.txt 2012-07-23 15:50:29 UTC (rev 123343)
@@ -0,0 +1,13 @@
+Test iframe from same origin can not access webkitPointerLockElement.
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+ Lock targetDiv1.
+PASS onwebkitpointerlockchange received after: Lock targetDiv1.
+PASS document.webkitPointerLockElement is targetDiv1
+PASS message is "inner-iframe.html document.webkitPointerLockElement = null"
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
Property changes on: trunk/LayoutTests/http/tests/pointer-lock/pointerlockelement-same-origin-expected.txt
___________________________________________________________________
Added: svn:eol-style
Added: trunk/LayoutTests/http/tests/pointer-lock/pointerlockelement-same-origin.html (0 => 123343)
--- trunk/LayoutTests/http/tests/pointer-lock/pointerlockelement-same-origin.html (rev 0)
+++ trunk/LayoutTests/http/tests/pointer-lock/pointerlockelement-same-origin.html 2012-07-23 15:50:29 UTC (rev 123343)
@@ -0,0 +1,43 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+<script src=""
+<script src=""
+</head>
+<body>
+<div>
+ <div id="target1"></div>
+ <iframe src="" _onload_="doNextStepWithUserGesture()"></iframe>
+</div>
+<script>
+ description("Test iframe from same origin can not access webkitPointerLockElement.")
+ window.jsTestIsAsync = true;
+
+ targetDiv1 = document.getElementById("target1");
+ iframe = document.getElementsByTagName("iframe")[0];
+
+ todo = [
+ function () {
+ expectOnlyChangeEvent("Lock targetDiv1.");
+ targetDiv1.webkitRequestPointerLock();
+ // doNextStep called by event handler.
+ },
+ function () {
+ shouldBe("document.webkitPointerLockElement", "targetDiv1");
+ doNextStep();
+ },
+ function () {
+ iframe.contentWindow.postMessage(["eval", 'parent.postMessage(thisFileName() + " document.webkitPointerLockElement = " + document.webkitPointerLockElement, "*")'], "*");
+ window._onmessage_ = function (messageEvent) {
+ message = messageEvent.data;
+ shouldBeEqualToString("message", "inner-iframe.html document.webkitPointerLockElement = null");
+ window._onmessage_ = null;
+ doNextStep();
+ }
+ },
+ ];
+ // doNextStep() called by iframe onload handler.
+</script>
+<script src=""
+</body>
+</html>
Property changes on: trunk/LayoutTests/http/tests/pointer-lock/pointerlockelement-same-origin.html
___________________________________________________________________
Added: svn:eol-style
Added: trunk/LayoutTests/http/tests/resources/pointer-lock/iframe-common.js (0 => 123343)
--- trunk/LayoutTests/http/tests/resources/pointer-lock/iframe-common.js (rev 0)
+++ trunk/LayoutTests/http/tests/resources/pointer-lock/iframe-common.js 2012-07-23 15:50:29 UTC (rev 123343)
@@ -0,0 +1,13 @@
+function thisFileName()
+{
+ return window.location.href.split("/").pop();
+}
+
+window._onmessage_ = function (messageEvent) {
+ switch (messageEvent.data[0]) {
+ case "eval":
+ eval(messageEvent.data[1]);
+ break;
+ }
+}
+
Property changes on: trunk/LayoutTests/http/tests/resources/pointer-lock/iframe-common.js
___________________________________________________________________
Added: svn:eol-style
Added: trunk/LayoutTests/http/tests/resources/pointer-lock/inner-iframe.html (0 => 123343)
--- trunk/LayoutTests/http/tests/resources/pointer-lock/inner-iframe.html (rev 0)
+++ trunk/LayoutTests/http/tests/resources/pointer-lock/inner-iframe.html 2012-07-23 15:50:29 UTC (rev 123343)
@@ -0,0 +1,9 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+<script src=""
+</head>
+<body>
+ inner-iframe.html
+</body>
+</html>
Property changes on: trunk/LayoutTests/http/tests/resources/pointer-lock/inner-iframe.html
___________________________________________________________________
Added: svn:eol-style
Modified: trunk/LayoutTests/http/tests/resources/pointer-lock/pointer-lock-test-harness.js (123342 => 123343)
--- trunk/LayoutTests/http/tests/resources/pointer-lock/pointer-lock-test-harness.js 2012-07-23 15:49:29 UTC (rev 123342)
+++ trunk/LayoutTests/http/tests/resources/pointer-lock/pointer-lock-test-harness.js 2012-07-23 15:50:29 UTC (rev 123343)
@@ -1,21 +1,42 @@
// Automatically add doNextStepButton to document for manual tests.
if (!window.testRunner) {
setTimeout(function () {
+ if (window.doNextStepButtonDisabled)
+ return;
doNextStepButton = document.body.insertBefore(document.createElement("button"), document.body.firstChild);
doNextStepButton._onclick_ = doNextStep;
doNextStepButton.innerText = "doNextStep button for manual testing. Use keyboard to select button and press (TAB, then SPACE).";
}, 0);
}
-function doNextStep()
+function runOnKeyPress(fn)
{
+ function keypressHandler() {
+ document.removeEventListener('keypress', keypressHandler, false);
+ fn();
+ }
+ document.addEventListener('keypress', keypressHandler, false);
+
+ if (window.testRunner)
+ eventSender.keyDown(" ", []);
+}
+
+function doNextStep(args)
+{
+ args = args || {};
+ if (!window.testRunner && args.withUserGesture)
+ return; // Wait for human to press doNextStep button.
+
if (typeof(currentStep) == "undefined")
currentStep = 0;
setTimeout(function () {
var thisStep = currentStep++;
if (thisStep < todo.length)
- todo[thisStep]();
+ if (args.withUserGesture)
+ runOnKeyPress(todo[thisStep]);
+ else
+ todo[thisStep]();
else if (thisStep == todo.length)
setTimeout(function () { finishJSTest(); }, 0); // Deferred so that excessive doNextStep calls will be observed.
else
@@ -25,9 +46,7 @@
function doNextStepWithUserGesture()
{
- if (!window.testRunner)
- return; // Wait for human to press doNextStep button.
- doNextStep();
+ doNextStep({withUserGesture: true});
}
function eventExpected(eventHandlerName, message, expectedCalls, targetHanderNode)
Modified: trunk/LayoutTests/pointer-lock/locked-element-iframe-removed-from-dom-expected.txt (123342 => 123343)
--- trunk/LayoutTests/pointer-lock/locked-element-iframe-removed-from-dom-expected.txt 2012-07-23 15:49:29 UTC (rev 123342)
+++ trunk/LayoutTests/pointer-lock/locked-element-iframe-removed-from-dom-expected.txt 2012-07-23 15:50:29 UTC (rev 123343)
@@ -6,7 +6,7 @@
Lock target in iframe. (main document handler)
Lock target in iframe. (iframe handler)
PASS onwebkitpointerlockchange received after: Lock target in iframe. (iframe handler)
-PASS document.webkitPointerLockElement is targetDiv1
+PASS targetIframe1.contentDocument.webkitPointerLockElement is targetDiv1
PASS targetDiv1.parentElement.parentElement is targetIframe1.contentDocument.body
Remove iframe & immediately lock target2. (main document handler)
Remove iframe & immediately lock target2. (iframe handler)
Modified: trunk/LayoutTests/pointer-lock/locked-element-iframe-removed-from-dom.html (123342 => 123343)
--- trunk/LayoutTests/pointer-lock/locked-element-iframe-removed-from-dom.html 2012-07-23 15:49:29 UTC (rev 123342)
+++ trunk/LayoutTests/pointer-lock/locked-element-iframe-removed-from-dom.html 2012-07-23 15:50:29 UTC (rev 123343)
@@ -32,7 +32,7 @@
// doNextStep called by event handler.
},
function () {
- shouldBe("document.webkitPointerLockElement", "targetDiv1");
+ shouldBe("targetIframe1.contentDocument.webkitPointerLockElement", "targetDiv1");
shouldBe("targetDiv1.parentElement.parentElement", "targetIframe1.contentDocument.body");
expectOnlyChangeEvent("Remove iframe & immediately lock target2. (main document handler)");
expectNoEvents("Remove iframe & immediately lock target2. (iframe handler)", targetIframe1.contentDocument);
Modified: trunk/LayoutTests/pointer-lock/locked-element-removed-from-dom-expected.txt (123342 => 123343)
--- trunk/LayoutTests/pointer-lock/locked-element-removed-from-dom-expected.txt 2012-07-23 15:49:29 UTC (rev 123342)
+++ trunk/LayoutTests/pointer-lock/locked-element-removed-from-dom-expected.txt 2012-07-23 15:50:29 UTC (rev 123343)
@@ -6,7 +6,7 @@
Lock target in iframe. (main document handler).
Lock target in iframe. (iframe handler)
PASS onwebkitpointerlockchange received after: Lock target in iframe. (iframe handler)
-PASS document.webkitPointerLockElement is targetDiv1
+PASS targetIframe1.contentDocument.webkitPointerLockElement is targetDiv1
PASS targetDiv1.parentElement.parentElement is targetIframe1.contentDocument.body
Remove targetDiv1's parent from iframe & immediately lock target2. (main document handler)
Remove targetDiv1's parent from iframe & immediately lock target2. (iframe handler)
Modified: trunk/LayoutTests/pointer-lock/locked-element-removed-from-dom.html (123342 => 123343)
--- trunk/LayoutTests/pointer-lock/locked-element-removed-from-dom.html 2012-07-23 15:49:29 UTC (rev 123342)
+++ trunk/LayoutTests/pointer-lock/locked-element-removed-from-dom.html 2012-07-23 15:50:29 UTC (rev 123343)
@@ -32,7 +32,7 @@
// doNextStep called by event handler.
},
function () {
- shouldBe("document.webkitPointerLockElement", "targetDiv1");
+ shouldBe("targetIframe1.contentDocument.webkitPointerLockElement", "targetDiv1");
shouldBe("targetDiv1.parentElement.parentElement", "targetIframe1.contentDocument.body");
expectOnlyErrorEvent("Remove targetDiv1's parent from iframe & immediately lock target2. (main document handler)");
expectOnlyChangeEvent("Remove targetDiv1's parent from iframe & immediately lock target2. (iframe handler)", targetIframe1.contentDocument);
Modified: trunk/Source/WebCore/ChangeLog (123342 => 123343)
--- trunk/Source/WebCore/ChangeLog 2012-07-23 15:49:29 UTC (rev 123342)
+++ trunk/Source/WebCore/ChangeLog 2012-07-23 15:50:29 UTC (rev 123343)
@@ -1,3 +1,20 @@
+2012-07-21 Vincent Scheib <sch...@chromium.org>
+
+ webkitFullscreenElement, webkitCurrentFullScreenElement, webkitPointerLockElement block cross origin access.
+ https://bugs.webkit.org/show_bug.cgi?id=91892
+
+ Reviewed by Adam Barth.
+
+ PointerLockElement only returned when requested from the document that owns it.
+
+ Tests: http/tests/fullscreen/fullscreenelement-different-origin.html
+ http/tests/fullscreen/fullscreenelement-same-origin.html
+ http/tests/pointer-lock/pointerlockelement-different-origin.html
+ http/tests/pointer-lock/pointerlockelement-same-origin.html
+
+ * dom/Document.cpp:
+ (WebCore::Document::webkitPointerLockElement):
+
2012-07-23 Philippe Normand <pnorm...@igalia.com>
[GTK][jhbuild] Switch to GStreamer 0.11 build
Modified: trunk/Source/WebCore/dom/Document.cpp (123342 => 123343)
--- trunk/Source/WebCore/dom/Document.cpp 2012-07-23 15:49:29 UTC (rev 123342)
+++ trunk/Source/WebCore/dom/Document.cpp 2012-07-23 15:50:29 UTC (rev 123343)
@@ -5821,7 +5821,13 @@
Element* Document::webkitPointerLockElement() const
{
- return page() ? page()->pointerLockController()->element() : 0;
+ if (!page())
+ return 0;
+ if (Element* element = page()->pointerLockController()->element()) {
+ if (element->document() == this)
+ return element;
+ }
+ return 0;
}
#endif
