[SCM] WebKit Debian packaging branch, webkit-1.2, updated. upstream/1.1.90-6072-g9a69373

eric at webkit.org eric at webkit.org
Wed Apr 7 23:34:34 UTC 2010 

The following commit has been merged in the webkit-1.2 branch:
commit 8c6bc19982d63a34d4234532572ea6f9479982d3
Author: eric at webkit.org <eric at webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date:   Thu Nov 12 19:56:01 2009 +0000

    2009-11-12  Adam Barth  <abarth at webkit.org>
    
            Reviewed by Dimitri Glazkov.
    
            [Chromium] Sify compose button alerts error
            https://bugs.webkit.org/show_bug.cgi?id=31394
    
            Test that we're using the calling security context in a simple case.
    
            * http/tests/security/calling-versus-current-expected.txt: Added.
            * http/tests/security/calling-versus-current.html: Added.
    2009-11-12  Adam Barth  <abarth at webkit.org>
    
            Reviewed by Dimitri Glazkov.
    
            [Chromium] Sify compose button alerts error
            https://bugs.webkit.org/show_bug.cgi?id=31394
    
            Test: http/tests/security/calling-versus-current.html
    
            We're supposed to use the calling context for security checks.  In JSC
            land, this is the lexicalGlobalObject.
    
            * bindings/v8/V8Proxy.cpp:
            (WebCore::V8Proxy::canAccessPrivate):
    
    git-svn-id: http://svn.webkit.org/repository/webkit/trunk@50890 268f45cc-cd09-0410-ab3c-d52691b4dbfc

diff --git a/LayoutTests/ChangeLog b/LayoutTests/ChangeLog
index fc72da5..06986b7 100644
--- a/LayoutTests/ChangeLog
+++ b/LayoutTests/ChangeLog
@@ -1,3 +1,15 @@
+2009-11-12  Adam Barth  <abarth at webkit.org>
+
+        Reviewed by Dimitri Glazkov.
+
+        [Chromium] Sify compose button alerts error
+        https://bugs.webkit.org/show_bug.cgi?id=31394
+
+        Test that we're using the calling security context in a simple case.
+
+        * http/tests/security/calling-versus-current-expected.txt: Added.
+        * http/tests/security/calling-versus-current.html: Added.
+
 2009-11-12  Daniel Bates  <dbates at webkit.org>
 
         Reviewed by Darin Adler.
diff --git a/LayoutTests/fast/forms/menulist-selection-reset-expected.txt b/LayoutTests/http/tests/security/calling-versus-current-expected.txt
similarity index 100%
copy from LayoutTests/fast/forms/menulist-selection-reset-expected.txt
copy to LayoutTests/http/tests/security/calling-versus-current-expected.txt
diff --git a/LayoutTests/http/tests/security/calling-versus-current.html b/LayoutTests/http/tests/security/calling-versus-current.html
new file mode 100644
index 0000000..7c50e61
--- /dev/null
+++ b/LayoutTests/http/tests/security/calling-versus-current.html
@@ -0,0 +1,13 @@
+<iframe src="resources/innocent-victim.html"></iframe>
+<div id="console">FAIL</div>
+<script>
+if (window.layoutTestController)
+    layoutTestController.dumpAsText();
+
+window.onload = function() {
+    window.f = frames[0].atob;
+    document.domain = "0.0.1";
+    if (btoa(window.f("PASS")) == "PASS")
+        document.getElementById("console").innerHTML = "PASS"
+}
+</script>
diff --git a/WebCore/ChangeLog b/WebCore/ChangeLog
index a69cefd..fd317dd 100644
--- a/WebCore/ChangeLog
+++ b/WebCore/ChangeLog
@@ -1,3 +1,18 @@
+2009-11-12  Adam Barth  <abarth at webkit.org>
+
+        Reviewed by Dimitri Glazkov.
+
+        [Chromium] Sify compose button alerts error
+        https://bugs.webkit.org/show_bug.cgi?id=31394
+
+        Test: http/tests/security/calling-versus-current.html
+
+        We're supposed to use the calling context for security checks.  In JSC
+        land, this is the lexicalGlobalObject.
+
+        * bindings/v8/V8Proxy.cpp:
+        (WebCore::V8Proxy::canAccessPrivate):
+
 2009-11-12  Daniel Bates  <dbates at webkit.org>
 
         Reviewed by Darin Adler.
diff --git a/WebCore/bindings/v8/V8Proxy.cpp b/WebCore/bindings/v8/V8Proxy.cpp
index 161d630..45ac1ea 100644
--- a/WebCore/bindings/v8/V8Proxy.cpp
+++ b/WebCore/bindings/v8/V8Proxy.cpp
@@ -859,14 +859,20 @@ bool V8Proxy::canAccessPrivate(DOMWindow* targetWindow)
 
     String message;
 
-    DOMWindow* originWindow = retrieveWindow(currentContext());
-    if (originWindow == targetWindow)
+    v8::Local<v8::Context> activeContext = v8::Context::GetCalling();
+    if (activeContext.IsEmpty()) {
+        // There is a single activation record on the stack, so that must
+        // be the activeContext.
+        activeContext = v8::Context::GetCurrent();
+    }
+    DOMWindow* activeWindow = retrieveWindow(activeContext);
+    if (activeWindow == targetWindow)
         return true;
 
-    if (!originWindow)
+    if (!activeWindow)
         return false;
 
-    const SecurityOrigin* activeSecurityOrigin = originWindow->securityOrigin();
+    const SecurityOrigin* activeSecurityOrigin = activeWindow->securityOrigin();
     const SecurityOrigin* targetSecurityOrigin = targetWindow->securityOrigin();
 
     // We have seen crashes were the security origin of the target has not been
@@ -879,7 +885,7 @@ bool V8Proxy::canAccessPrivate(DOMWindow* targetWindow)
 
     // Allow access to a "about:blank" page if the dynamic context is a
     // detached context of the same frame as the blank page.
-    if (targetSecurityOrigin->isEmpty() && originWindow->frame() == targetWindow->frame())
+    if (targetSecurityOrigin->isEmpty() && activeWindow->frame() == targetWindow->frame())
         return true;
 
     return false;

-- 
WebKit Debian packaging

More information about the Pkg-webkit-commits mailing list