WebCore:
authorantti@apple.com <antti@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 5 Feb 2008 19:32:19 +0000 (19:32 +0000)
committerantti@apple.com <antti@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 5 Feb 2008 19:32:19 +0000 (19:32 +0000)
commitfeee826ebcc56a5f592cdb7a8edae963f07551e3
tree7c5da9c77b95103f628dfb7465927fc12967324d
parent9b2442000698c710102c13b8bd49c3cd8d8ca329
WebCore:

        Reviewed by Geoff.

        Fix <rdar://problem/5698200>
        eBay photo uploading hangs and causes slow script warning to pop up

        In a case like this

            var f = window.parent.parentFunction;
            document.domain = document.domain; // this makes window.parent inaccessible
            f();

        Firefox allows parentFunction to access parents properties. Match this behavior.

        In a domain security check against the dynamic global object fails for the specific reason that one of
        the frames has written to the document.domain property and another has not (but they match otherwise),
        then recheck against the lexical global object.

        Test: http/tests/security/cross-frame-access-callback-explicit-domain-ALLOW.html
              http/tests/security/cross-frame-access-callback-explicit-domain-DENY.html

        * bindings/js/kjs_window.cpp:
        (KJS::Window::allowsAccessFrom):
        (KJS::Window::printErrorMessage):
        * bindings/js/kjs_window.h:
        * loader/FrameLoader.cpp:
        (WebCore::FrameLoader::shouldAllowNavigation):
        * platform/SecurityOrigin.cpp:
        (WebCore::SecurityOrigin::canAccess):
        * platform/SecurityOrigin.h:
        (WebCore::SecurityOrigin::):

LayoutTests:

        Reviewed by Geoff.

        Test for <rdar://problem/5698200>
        eBay photo uploading hangs and causes slow script warning to pop up

        * http/tests/security/cross-frame-access-callback-explicit-domain-ALLOW-expected.txt: Added.
        * http/tests/security/cross-frame-access-callback-explicit-domain-ALLOW.html: Added.
        * http/tests/security/cross-frame-access-callback-explicit-domain-DENY-expected.txt: Added.
        * http/tests/security/cross-frame-access-callback-explicit-domain-DENY.html: Added.
        * http/tests/security/resources/cross-frame-iframe-callback-explicit-domain-ALLOW.html: Added.
        * http/tests/security/resources/cross-frame-iframe-callback-explicit-domain-DENY.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@30009 268f45cc-cd09-0410-ab3c-d52691b4dbfc
13 files changed:
LayoutTests/ChangeLog
LayoutTests/http/tests/security/cross-frame-access-callback-explicit-domain-ALLOW-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/cross-frame-access-callback-explicit-domain-ALLOW.html [new file with mode: 0644]
LayoutTests/http/tests/security/cross-frame-access-callback-explicit-domain-DENY-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/cross-frame-access-callback-explicit-domain-DENY.html [new file with mode: 0644]
LayoutTests/http/tests/security/resources/cross-frame-iframe-callback-explicit-domain-ALLOW.html [new file with mode: 0644]
LayoutTests/http/tests/security/resources/cross-frame-iframe-callback-explicit-domain-DENY.html [new file with mode: 0644]
WebCore/ChangeLog
WebCore/bindings/js/kjs_window.cpp
WebCore/bindings/js/kjs_window.h
WebCore/loader/FrameLoader.cpp
WebCore/platform/SecurityOrigin.cpp
WebCore/platform/SecurityOrigin.h