Unsafe JavaScript attempt errors are ludicrously verbose and annoying
authormkwst@chromium.org <mkwst@chromium.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 13 Mar 2013 09:13:15 +0000 (09:13 +0000)
committermkwst@chromium.org <mkwst@chromium.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 13 Mar 2013 09:13:15 +0000 (09:13 +0000)
commit7a76e8c3dc8805a399b72c6a607b73ff9014a129
tree81c64202964a2f6716681a47e1441e2cd583990d
parentba3f32557bd474fb0b34076502800740a42e5b40
Unsafe JavaScript attempt errors are ludicrously verbose and annoying
https://bugs.webkit.org/show_bug.cgi?id=112042

Reviewed by Timothy Hatcher.

Source/WebCore:

This patch attempts to make the most common case of error message less
ludicrous by adjusting it to include only an origin as opposed to full
URLs for the active and target frames. It now reads: "Blocked a frame
with origin 'http://127.0.0.1:8000' from accessing a frame with origin
'http://localhost:8000'. Protocols, domains, and ports must match."

In the interest of keeping the patch size down, I'll follow up on the
other cases (sandboxed access, 'document.domain' mismatches, etc) in
future patches.

* page/DOMWindow.cpp:
(WebCore::DOMWindow::crossDomainAccessErrorMessage):

LayoutTests:

* fast/xmlhttprequest/xmlhttprequest-no-file-access-expected.txt:
* http/tests/history/cross-origin-replace-history-object-child-expected.txt:
* http/tests/history/cross-origin-replace-history-object-expected.txt:
* http/tests/inspector-protocol/access-inspected-object-expected.txt:
* http/tests/plugins/cross-frame-object-access-expected.txt:
* http/tests/security/aboutBlank/xss-DENIED-navigate-opener-document-write-expected.txt:
* http/tests/security/aboutBlank/xss-DENIED-navigate-opener-javascript-url-expected.txt:
* http/tests/security/aboutBlank/xss-DENIED-set-opener-expected.txt:
* http/tests/security/cross-frame-access-call-expected.txt:
* http/tests/security/cross-frame-access-custom-expected.txt:
* http/tests/security/cross-frame-access-delete-expected.txt:
* http/tests/security/cross-frame-access-enumeration-expected.txt:
* http/tests/security/cross-frame-access-first-time-expected.txt:
* http/tests/security/cross-frame-access-frameelement-expected.txt:
* http/tests/security/cross-frame-access-get-custom-property-cached-expected.txt:
* http/tests/security/cross-frame-access-get-expected.txt:
* http/tests/security/cross-frame-access-getOwnPropertyDescriptor-expected.txt:
* http/tests/security/cross-frame-access-history-get-expected.txt:
* http/tests/security/cross-frame-access-history-put-expected.txt:
* http/tests/security/cross-frame-access-location-get-expected.txt:
* http/tests/security/cross-frame-access-location-put-expected.txt:
* http/tests/security/cross-frame-access-name-getter-expected.txt:
* http/tests/security/cross-frame-access-object-getPrototypeOf-expected.txt:
* http/tests/security/cross-frame-access-object-prototype-expected.txt:
* http/tests/security/cross-frame-access-port-expected.txt:
* http/tests/security/cross-frame-access-put-expected.txt:
* http/tests/security/cross-frame-access-selection-expected.txt:
* http/tests/security/dataURL/xss-DENIED-from-data-url-sub-frame-to-data-url-sub-frame-expected.txt:
* http/tests/security/dataURL/xss-DENIED-from-data-url-to-data-url-expected.txt:
* http/tests/security/dataURL/xss-DENIED-to-data-url-from-data-url-expected.txt:
* http/tests/security/isolatedWorld/bypass-main-world-csp-expected.txt:
* http/tests/security/isolatedWorld/bypass-main-world-csp-for-xhr-expected.txt:
* http/tests/security/javascriptURL/javascriptURL-execution-context-frame-location-htmldom-expected.txt:
* http/tests/security/javascriptURL/javascriptURL-execution-context-frame-src-getAttribute-value-expected.txt:
* http/tests/security/javascriptURL/javascriptURL-execution-context-frame-src-htmldom-expected.txt:
* http/tests/security/javascriptURL/javascriptURL-execution-context-frame-src-setAttribute-expected.txt:
* http/tests/security/javascriptURL/javascriptURL-execution-context-frame-src-setAttributeNS-expected.txt:
* http/tests/security/javascriptURL/javascriptURL-execution-context-frame-src-setAttributeNode-expected.txt:
* http/tests/security/javascriptURL/javascriptURL-execution-context-frame-src-setAttributeNodeNS-expected.txt:
* http/tests/security/javascriptURL/javascriptURL-execution-context-iframe-src-getAttribute-value-expected.txt:
* http/tests/security/javascriptURL/javascriptURL-execution-context-iframe-src-htmldom-expected.txt:
* http/tests/security/javascriptURL/javascriptURL-execution-context-iframe-src-setAttribute-expected.txt:
* http/tests/security/javascriptURL/javascriptURL-execution-context-iframe-src-setAttributeNS-expected.txt:
* http/tests/security/javascriptURL/javascriptURL-execution-context-iframe-src-setAttributeNode-expected.txt:
* http/tests/security/javascriptURL/javascriptURL-execution-context-iframe-src-setAttributeNodeNS-expected.txt:
* http/tests/security/javascriptURL/xss-DENIED-from-javascript-url-in-foreign-domain-subframe-expected.txt:
* http/tests/security/javascriptURL/xss-DENIED-from-javascript-url-in-foreign-domain-window-open-expected.txt:
* http/tests/security/javascriptURL/xss-DENIED-to-javascript-url-in-foreign-domain-subframe-expected.txt:
* http/tests/security/javascriptURL/xss-DENIED-to-javascript-url-in-foreign-domain-window-open-expected.txt:
* http/tests/security/listener/xss-JSTargetNode-onclick-addEventListener-expected.txt:
* http/tests/security/listener/xss-JSTargetNode-onclick-shortcut-expected.txt:
* http/tests/security/listener/xss-XMLHttpRequest-addEventListener-expected.txt:
* http/tests/security/listener/xss-XMLHttpRequest-shortcut-expected.txt:
* http/tests/security/listener/xss-window-onclick-addEventListener-expected.txt:
* http/tests/security/listener/xss-window-onclick-shortcut-expected.txt:
* http/tests/security/mixedContent/redirect-https-to-http-iframe-in-main-frame-expected.txt:
* http/tests/security/xss-DENIED-assign-location-hash-expected.txt:
* http/tests/security/xss-DENIED-assign-location-host-expected.txt:
* http/tests/security/xss-DENIED-assign-location-hostname-expected.txt:
* http/tests/security/xss-DENIED-assign-location-href-javascript-expected.txt:
* http/tests/security/xss-DENIED-assign-location-nonstandardProperty-expected.txt:
* http/tests/security/xss-DENIED-assign-location-pathname-expected.txt:
* http/tests/security/xss-DENIED-assign-location-protocol-expected.txt:
* http/tests/security/xss-DENIED-assign-location-reload-expected.txt:
* http/tests/security/xss-DENIED-assign-location-search-expected.txt:
* http/tests/security/xss-DENIED-defineProperty-expected.txt:
* http/tests/security/xss-DENIED-frame-name-expected.txt:
* http/tests/security/xss-DENIED-getSVGDocument-iframe-expected.txt:
* http/tests/security/xss-DENIED-getSVGDocument-object-expected.txt:
* http/tests/security/xss-DENIED-htmlelelment-with-iframe-proto-expected.txt:
* http/tests/security/xss-DENIED-iframe-src-alias-expected.txt:
* http/tests/security/xss-DENIED-invalid-domain-change-expected.txt:
* http/tests/security/xss-DENIED-javascript-with-spaces-expected.txt:
* http/tests/security/xss-DENIED-method-with-iframe-proto-expected.txt:
* http/tests/security/xss-DENIED-synchronous-form-expected.txt:
* http/tests/security/xss-DENIED-synchronous-frame-load-in-javascript-url-expected.txt:
* http/tests/security/xss-DENIED-window-open-javascript-url-expected.txt:
* http/tests/security/xss-DENIED-window-open-javascript-url-with-spaces-expected.txt:
* http/tests/security/xss-DENIED-window-open-parent-expected.txt:
* http/tests/security/xss-DENIED-xsl-document-securityOrigin-expected.txt:
* http/tests/security/xss-eval-expected.txt:
* http/tests/security/xssAuditor/block-does-not-leak-location-expected.txt:
* platform/chromium/http/tests/inspector/console-cross-origin-iframe-logging-expected.txt:
* platform/chromium/http/tests/security/aboutBlank/xss-DENIED-navigate-opener-document-write-expected.txt:
* platform/chromium/http/tests/security/aboutBlank/xss-DENIED-navigate-opener-javascript-url-expected.txt:
* platform/chromium/http/tests/security/aboutBlank/xss-DENIED-set-opener-expected.txt:
* platform/chromium/http/tests/security/cross-frame-access-call-expected.txt:
* platform/chromium/http/tests/security/cross-frame-access-document-direct-expected.txt:
* platform/chromium/http/tests/security/cross-frame-access-enumeration-expected.txt:
* platform/chromium/http/tests/security/cross-frame-access-history-get-expected.txt:
* platform/chromium/http/tests/security/cross-frame-access-history-put-expected.txt:
* platform/chromium/http/tests/security/cross-frame-access-location-put-expected.txt:
* platform/chromium/http/tests/security/cross-frame-access-put-expected.txt:
* platform/chromium/http/tests/security/dataURL/xss-DENIED-from-data-url-sub-frame-to-data-url-sub-frame-expected.txt:
* platform/chromium/http/tests/security/dataURL/xss-DENIED-from-data-url-to-data-url-expected.txt:
* platform/chromium/http/tests/security/dataURL/xss-DENIED-to-data-url-from-data-url-expected.txt:
* platform/chromium/http/tests/security/javascriptURL/javascriptURL-execution-context-frame-location-htmldom-expected.txt:
* platform/chromium/http/tests/security/javascriptURL/javascriptURL-execution-context-frame-src-getAttribute-value-expected.txt:
* platform/chromium/http/tests/security/javascriptURL/javascriptURL-execution-context-frame-src-htmldom-expected.txt:
* platform/chromium/http/tests/security/javascriptURL/javascriptURL-execution-context-frame-src-setAttribute-expected.txt:
* platform/chromium/http/tests/security/javascriptURL/javascriptURL-execution-context-frame-src-setAttributeNS-expected.txt:
* platform/chromium/http/tests/security/javascriptURL/javascriptURL-execution-context-frame-src-setAttributeNode-expected.txt:
* platform/chromium/http/tests/security/javascriptURL/javascriptURL-execution-context-frame-src-setAttributeNodeNS-expected.txt:
* platform/chromium/http/tests/security/javascriptURL/javascriptURL-execution-context-iframe-src-getAttribute-value-expected.txt:
* platform/chromium/http/tests/security/javascriptURL/javascriptURL-execution-context-iframe-src-htmldom-expected.txt:
* platform/chromium/http/tests/security/javascriptURL/javascriptURL-execution-context-iframe-src-setAttribute-expected.txt:
* platform/chromium/http/tests/security/javascriptURL/javascriptURL-execution-context-iframe-src-setAttributeNS-expected.txt:
* platform/chromium/http/tests/security/javascriptURL/javascriptURL-execution-context-iframe-src-setAttributeNode-expected.txt:
* platform/chromium/http/tests/security/javascriptURL/javascriptURL-execution-context-iframe-src-setAttributeNodeNS-expected.txt:
* platform/chromium/http/tests/security/listener/xss-inactive-closure-expected.txt:
* platform/chromium/http/tests/security/xss-DENIED-assign-location-href-javascript-expected.txt:
* platform/chromium/http/tests/security/xss-DENIED-defineProperty-expected.txt:
* platform/chromium/http/tests/security/xss-DENIED-frame-name-expected.txt:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@145692 268f45cc-cd09-0410-ab3c-d52691b4dbfc
128 files changed:
LayoutTests/ChangeLog
LayoutTests/fast/xmlhttprequest/xmlhttprequest-no-file-access-expected.txt
LayoutTests/http/tests/history/cross-origin-replace-history-object-child-expected.txt
LayoutTests/http/tests/history/cross-origin-replace-history-object-expected.txt
LayoutTests/http/tests/inspector-protocol/access-inspected-object-expected.txt
LayoutTests/http/tests/plugins/cross-frame-object-access-expected.txt
LayoutTests/http/tests/security/aboutBlank/xss-DENIED-navigate-opener-document-write-expected.txt
LayoutTests/http/tests/security/aboutBlank/xss-DENIED-navigate-opener-javascript-url-expected.txt
LayoutTests/http/tests/security/aboutBlank/xss-DENIED-set-opener-expected.txt
LayoutTests/http/tests/security/cross-frame-access-call-expected.txt
LayoutTests/http/tests/security/cross-frame-access-custom-expected.txt
LayoutTests/http/tests/security/cross-frame-access-delete-expected.txt
LayoutTests/http/tests/security/cross-frame-access-enumeration-expected.txt
LayoutTests/http/tests/security/cross-frame-access-first-time-expected.txt
LayoutTests/http/tests/security/cross-frame-access-frameelement-expected.txt
LayoutTests/http/tests/security/cross-frame-access-get-custom-property-cached-expected.txt
LayoutTests/http/tests/security/cross-frame-access-get-expected.txt
LayoutTests/http/tests/security/cross-frame-access-getOwnPropertyDescriptor-expected.txt
LayoutTests/http/tests/security/cross-frame-access-history-get-expected.txt
LayoutTests/http/tests/security/cross-frame-access-history-put-expected.txt
LayoutTests/http/tests/security/cross-frame-access-location-get-expected.txt
LayoutTests/http/tests/security/cross-frame-access-location-put-expected.txt
LayoutTests/http/tests/security/cross-frame-access-name-getter-expected.txt
LayoutTests/http/tests/security/cross-frame-access-object-getPrototypeOf-expected.txt
LayoutTests/http/tests/security/cross-frame-access-object-prototype-expected.txt
LayoutTests/http/tests/security/cross-frame-access-port-expected.txt
LayoutTests/http/tests/security/cross-frame-access-put-expected.txt
LayoutTests/http/tests/security/cross-frame-access-selection-expected.txt
LayoutTests/http/tests/security/dataURL/xss-DENIED-from-data-url-sub-frame-to-data-url-sub-frame-expected.txt
LayoutTests/http/tests/security/dataURL/xss-DENIED-from-data-url-to-data-url-expected.txt
LayoutTests/http/tests/security/dataURL/xss-DENIED-to-data-url-from-data-url-expected.txt
LayoutTests/http/tests/security/javascriptURL/javascriptURL-execution-context-frame-location-htmldom-expected.txt
LayoutTests/http/tests/security/javascriptURL/javascriptURL-execution-context-frame-src-getAttribute-value-expected.txt
LayoutTests/http/tests/security/javascriptURL/javascriptURL-execution-context-frame-src-htmldom-expected.txt
LayoutTests/http/tests/security/javascriptURL/javascriptURL-execution-context-frame-src-setAttribute-expected.txt
LayoutTests/http/tests/security/javascriptURL/javascriptURL-execution-context-frame-src-setAttributeNS-expected.txt
LayoutTests/http/tests/security/javascriptURL/javascriptURL-execution-context-frame-src-setAttributeNode-expected.txt
LayoutTests/http/tests/security/javascriptURL/javascriptURL-execution-context-frame-src-setAttributeNodeNS-expected.txt
LayoutTests/http/tests/security/javascriptURL/javascriptURL-execution-context-iframe-src-getAttribute-value-expected.txt
LayoutTests/http/tests/security/javascriptURL/javascriptURL-execution-context-iframe-src-htmldom-expected.txt
LayoutTests/http/tests/security/javascriptURL/javascriptURL-execution-context-iframe-src-setAttribute-expected.txt
LayoutTests/http/tests/security/javascriptURL/javascriptURL-execution-context-iframe-src-setAttributeNS-expected.txt
LayoutTests/http/tests/security/javascriptURL/javascriptURL-execution-context-iframe-src-setAttributeNode-expected.txt
LayoutTests/http/tests/security/javascriptURL/javascriptURL-execution-context-iframe-src-setAttributeNodeNS-expected.txt
LayoutTests/http/tests/security/javascriptURL/xss-DENIED-from-javascript-url-in-foreign-domain-subframe-expected.txt
LayoutTests/http/tests/security/javascriptURL/xss-DENIED-from-javascript-url-in-foreign-domain-window-open-expected.txt
LayoutTests/http/tests/security/javascriptURL/xss-DENIED-to-javascript-url-in-foreign-domain-subframe-expected.txt
LayoutTests/http/tests/security/javascriptURL/xss-DENIED-to-javascript-url-in-foreign-domain-window-open-expected.txt
LayoutTests/http/tests/security/listener/xss-JSTargetNode-onclick-addEventListener-expected.txt
LayoutTests/http/tests/security/listener/xss-JSTargetNode-onclick-shortcut-expected.txt
LayoutTests/http/tests/security/listener/xss-XMLHttpRequest-addEventListener-expected.txt
LayoutTests/http/tests/security/listener/xss-XMLHttpRequest-shortcut-expected.txt
LayoutTests/http/tests/security/listener/xss-window-onclick-addEventListener-expected.txt
LayoutTests/http/tests/security/listener/xss-window-onclick-shortcut-expected.txt
LayoutTests/http/tests/security/xss-DENIED-assign-location-hash-expected.txt
LayoutTests/http/tests/security/xss-DENIED-assign-location-host-expected.txt
LayoutTests/http/tests/security/xss-DENIED-assign-location-hostname-expected.txt
LayoutTests/http/tests/security/xss-DENIED-assign-location-href-javascript-expected.txt
LayoutTests/http/tests/security/xss-DENIED-assign-location-nonstandardProperty-expected.txt
LayoutTests/http/tests/security/xss-DENIED-assign-location-pathname-expected.txt
LayoutTests/http/tests/security/xss-DENIED-assign-location-protocol-expected.txt
LayoutTests/http/tests/security/xss-DENIED-assign-location-reload-expected.txt
LayoutTests/http/tests/security/xss-DENIED-assign-location-search-expected.txt
LayoutTests/http/tests/security/xss-DENIED-defineProperty-expected.txt
LayoutTests/http/tests/security/xss-DENIED-frame-name-expected.txt
LayoutTests/http/tests/security/xss-DENIED-getSVGDocument-iframe-expected.txt
LayoutTests/http/tests/security/xss-DENIED-getSVGDocument-object-expected.txt
LayoutTests/http/tests/security/xss-DENIED-htmlelelment-with-iframe-proto-expected.txt
LayoutTests/http/tests/security/xss-DENIED-iframe-src-alias-expected.txt
LayoutTests/http/tests/security/xss-DENIED-invalid-domain-change-expected.txt
LayoutTests/http/tests/security/xss-DENIED-javascript-with-spaces-expected.txt
LayoutTests/http/tests/security/xss-DENIED-method-with-iframe-proto-expected.txt
LayoutTests/http/tests/security/xss-DENIED-synchronous-form-expected.txt
LayoutTests/http/tests/security/xss-DENIED-synchronous-frame-load-in-javascript-url-expected.txt
LayoutTests/http/tests/security/xss-DENIED-window-open-javascript-url-expected.txt
LayoutTests/http/tests/security/xss-DENIED-window-open-javascript-url-with-spaces-expected.txt
LayoutTests/http/tests/security/xss-DENIED-window-open-parent-expected.txt
LayoutTests/http/tests/security/xss-DENIED-xsl-document-securityOrigin-expected.txt
LayoutTests/http/tests/security/xss-eval-expected.txt
LayoutTests/http/tests/security/xssAuditor/block-does-not-leak-location-expected.txt
LayoutTests/platform/chromium-linux/http/tests/security/javascriptURL/javascriptURL-execution-context-frame-location-htmldom-expected.txt
LayoutTests/platform/chromium-linux/http/tests/security/javascriptURL/javascriptURL-execution-context-frame-src-getAttribute-value-expected.txt
LayoutTests/platform/chromium-linux/http/tests/security/javascriptURL/javascriptURL-execution-context-frame-src-htmldom-expected.txt
LayoutTests/platform/chromium-linux/http/tests/security/javascriptURL/javascriptURL-execution-context-frame-src-setAttribute-expected.txt
LayoutTests/platform/chromium-linux/http/tests/security/javascriptURL/javascriptURL-execution-context-frame-src-setAttributeNS-expected.txt
LayoutTests/platform/chromium-linux/http/tests/security/javascriptURL/javascriptURL-execution-context-frame-src-setAttributeNode-expected.txt
LayoutTests/platform/chromium-linux/http/tests/security/javascriptURL/javascriptURL-execution-context-frame-src-setAttributeNodeNS-expected.txt
LayoutTests/platform/chromium-linux/http/tests/security/javascriptURL/javascriptURL-execution-context-iframe-src-getAttribute-value-expected.txt
LayoutTests/platform/chromium-linux/http/tests/security/javascriptURL/javascriptURL-execution-context-iframe-src-htmldom-expected.txt
LayoutTests/platform/chromium-linux/http/tests/security/javascriptURL/javascriptURL-execution-context-iframe-src-setAttribute-expected.txt
LayoutTests/platform/chromium-linux/http/tests/security/javascriptURL/javascriptURL-execution-context-iframe-src-setAttributeNS-expected.txt
LayoutTests/platform/chromium-linux/http/tests/security/javascriptURL/javascriptURL-execution-context-iframe-src-setAttributeNode-expected.txt
LayoutTests/platform/chromium-linux/http/tests/security/javascriptURL/javascriptURL-execution-context-iframe-src-setAttributeNodeNS-expected.txt
LayoutTests/platform/chromium-mac/http/tests/security/401-logout/401-logout-expected.txt [deleted file]
LayoutTests/platform/chromium-win/fast/xmlhttprequest/xmlhttprequest-no-file-access-expected.txt
LayoutTests/platform/chromium/http/tests/inspector/console-cross-origin-iframe-logging-expected.txt
LayoutTests/platform/chromium/http/tests/security/aboutBlank/xss-DENIED-navigate-opener-document-write-expected.txt
LayoutTests/platform/chromium/http/tests/security/aboutBlank/xss-DENIED-navigate-opener-javascript-url-expected.txt
LayoutTests/platform/chromium/http/tests/security/aboutBlank/xss-DENIED-set-opener-expected.txt
LayoutTests/platform/chromium/http/tests/security/cross-frame-access-call-expected.txt
LayoutTests/platform/chromium/http/tests/security/cross-frame-access-document-direct-expected.txt
LayoutTests/platform/chromium/http/tests/security/cross-frame-access-enumeration-expected.txt
LayoutTests/platform/chromium/http/tests/security/cross-frame-access-history-get-expected.txt
LayoutTests/platform/chromium/http/tests/security/cross-frame-access-history-put-expected.txt
LayoutTests/platform/chromium/http/tests/security/cross-frame-access-location-put-expected.txt
LayoutTests/platform/chromium/http/tests/security/cross-frame-access-put-expected.txt
LayoutTests/platform/chromium/http/tests/security/dataURL/xss-DENIED-from-data-url-sub-frame-to-data-url-sub-frame-expected.txt
LayoutTests/platform/chromium/http/tests/security/dataURL/xss-DENIED-from-data-url-to-data-url-expected.txt
LayoutTests/platform/chromium/http/tests/security/dataURL/xss-DENIED-to-data-url-from-data-url-expected.txt
LayoutTests/platform/chromium/http/tests/security/javascriptURL/javascriptURL-execution-context-frame-location-htmldom-expected.txt
LayoutTests/platform/chromium/http/tests/security/javascriptURL/javascriptURL-execution-context-frame-src-getAttribute-value-expected.txt
LayoutTests/platform/chromium/http/tests/security/javascriptURL/javascriptURL-execution-context-frame-src-htmldom-expected.txt
LayoutTests/platform/chromium/http/tests/security/javascriptURL/javascriptURL-execution-context-frame-src-setAttribute-expected.txt
LayoutTests/platform/chromium/http/tests/security/javascriptURL/javascriptURL-execution-context-frame-src-setAttributeNS-expected.txt
LayoutTests/platform/chromium/http/tests/security/javascriptURL/javascriptURL-execution-context-frame-src-setAttributeNode-expected.txt
LayoutTests/platform/chromium/http/tests/security/javascriptURL/javascriptURL-execution-context-frame-src-setAttributeNodeNS-expected.txt
LayoutTests/platform/chromium/http/tests/security/javascriptURL/javascriptURL-execution-context-iframe-src-getAttribute-value-expected.txt
LayoutTests/platform/chromium/http/tests/security/javascriptURL/javascriptURL-execution-context-iframe-src-htmldom-expected.txt
LayoutTests/platform/chromium/http/tests/security/javascriptURL/javascriptURL-execution-context-iframe-src-setAttribute-expected.txt
LayoutTests/platform/chromium/http/tests/security/javascriptURL/javascriptURL-execution-context-iframe-src-setAttributeNS-expected.txt
LayoutTests/platform/chromium/http/tests/security/javascriptURL/javascriptURL-execution-context-iframe-src-setAttributeNode-expected.txt
LayoutTests/platform/chromium/http/tests/security/javascriptURL/javascriptURL-execution-context-iframe-src-setAttributeNodeNS-expected.txt
LayoutTests/platform/chromium/http/tests/security/listener/xss-inactive-closure-expected.txt
LayoutTests/platform/chromium/http/tests/security/xss-DENIED-assign-location-href-javascript-expected.txt
LayoutTests/platform/chromium/http/tests/security/xss-DENIED-defineProperty-expected.txt
LayoutTests/platform/chromium/http/tests/security/xss-DENIED-frame-name-expected.txt
Source/WebCore/ChangeLog
Source/WebCore/page/DOMWindow.cpp