2011-01-28 Johnny Ding <jnd@chromium.org>
authorjnd@chromium.org <jnd@chromium.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Sat, 29 Jan 2011 07:06:57 +0000 (07:06 +0000)
committerjnd@chromium.org <jnd@chromium.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Sat, 29 Jan 2011 07:06:57 +0000 (07:06 +0000)
commitdf0c4676076a0a522831ea4fed520cd0de3679e0
tree778a0f65b44aa44569285b5385be345c6632ded1
parent39917629f39233d5cffd2906674000d399666f16
2011-01-28  Johnny Ding  <jnd@chromium.org>

        Reviewed by Adam Barth.

        Gesture API, disallow popup bypass with using iframe src.
        https://bugs.webkit.org/show_bug.cgi?id=53244

        * fast/events/popup-blocked-from-iframe-src-expected.txt: Added.
        * fast/events/popup-blocked-from-iframe-src.html: Added.
2011-01-28  Johnny Ding  <jnd@chromium.org>

        Reviewed by Adam Barth.

        Gesture API: Don't use current gesture status to set "forceUserGesture" parameter when calling ScriptController::executeScript.
        The "forceUserGesture" parameter should be only set when you are definitely sure that the running script is from a hyper-link.
        https://bugs.webkit.org/show_bug.cgi?id=53244

        Test: fast/events/popup-blocked-from-iframe-src.html

        * bindings/ScriptControllerBase.cpp:
        (WebCore::ScriptController::executeIfJavaScriptURL):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@77049 268f45cc-cd09-0410-ab3c-d52691b4dbfc
LayoutTests/ChangeLog
LayoutTests/fast/events/popup-blocked-from-iframe-src-expected.txt [new file with mode: 0644]
LayoutTests/fast/events/popup-blocked-from-iframe-src.html [new file with mode: 0644]
Source/WebCore/ChangeLog
Source/WebCore/bindings/ScriptControllerBase.cpp