[webkit-changes] [148471] branches/safari-536.30-branch/Source/WebCore

Mon, 15 Apr 2013 15:17:29 -0700

Title: [148471] branches/safari-536.30-branch/Source/WebCore
Revision
148471
Author
aes...@apple.com
Date
2013-04-15 15:19:19 -0700 (Mon, 15 Apr 2013)

Log Message

Merged r138990.

    2013-01-07  Tom Sepez  <tse...@chromium.org>

Document::initSecurityContext() gives parent security context to iframes with invalid URLs.
https://bugs.webkit.org/show_bug.cgi?id=104960

Reviewed by Adam Barth.

Change covers the case of an invalid non-empty URL.  We know nothing
about that kind of URL and choose not to inherit origins.

* dom/Document.cpp:
(WebCore::shouldInheritSecurityOriginFromOwner):

Modified Paths

Diff

Modified: branches/safari-536.30-branch/Source/WebCore/ChangeLog (148470 => 148471)


--- branches/safari-536.30-branch/Source/WebCore/ChangeLog	2013-04-15 22:07:16 UTC (rev 148470)
+++ branches/safari-536.30-branch/Source/WebCore/ChangeLog	2013-04-15 22:19:19 UTC (rev 148471)
@@ -1,3 +1,20 @@
+2013-04-15  Andy Estes  <aes...@apple.com>
+
+        Merged r138990.
+
+    2013-01-07  Tom Sepez  <tse...@chromium.org>
+
+        Document::initSecurityContext() gives parent security context to iframes with invalid URLs.
+        https://bugs.webkit.org/show_bug.cgi?id=104960
+
+        Reviewed by Adam Barth.
+
+        Change covers the case of an invalid non-empty URL.  We know nothing
+        about that kind of URL and choose not to inherit origins.
+        
+        * dom/Document.cpp:
+        (WebCore::shouldInheritSecurityOriginFromOwner):
+
 2013-04-15  Tim Horton  <timothy_hor...@apple.com>
 
     Merge r138460.

Modified: branches/safari-536.30-branch/Source/WebCore/dom/Document.cpp (148470 => 148471)


--- branches/safari-536.30-branch/Source/WebCore/dom/Document.cpp	2013-04-15 22:07:16 UTC (rev 148470)
+++ branches/safari-536.30-branch/Source/WebCore/dom/Document.cpp	2013-04-15 22:19:19 UTC (rev 148471)
@@ -306,7 +306,7 @@
     // Note: We generalize this to all "about" URLs and invalid URLs because we
     // treat all of these URLs as about:blank.
     //
-    return !url.isValid() || url.protocolIs("about");
+    return url.isEmpty() || url.protocolIs("about");
 }
 
 static Widget* widgetForNode(Node* focusedNode)

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to