[SCM] WebKit Debian packaging branch, webkit-1.2, updated. upstream/1.1.90-6072-g9a69373

abarth at webkit.org abarth at webkit.org
Wed Apr 7 23:59:11 UTC 2010 

The following commit has been merged in the webkit-1.2 branch:
commit 6c9e76ee2c8f2b3ef368d1a7835b185aae6a8166
Author: abarth at webkit.org <abarth at webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date:   Sat Nov 28 16:39:11 2009 +0000

    2009-11-28  Adam Barth  <abarth at webkit.org>
    
            Reviewed by Dimitri Glazkov.
    
            [Chromium] Sify compose button alerts error
            https://bugs.webkit.org/show_bug.cgi?id=31394
    
            Test: http/tests/security/calling-versus-current.html
    
            We're supposed to use the calling context for security checks.  In JSC
            land, this is the lexicalGlobalObject.
    
            * bindings/v8/V8Proxy.cpp:
            (WebCore::V8Proxy::canAccessPrivate):
    2009-11-28  Adam Barth  <abarth at webkit.org>
    
            Reviewed by Dimitri Glazkov.
    
            [Chromium] Sify compose button alerts error
            https://bugs.webkit.org/show_bug.cgi?id=31394
    
            Test that we're using the calling security context in a simple case.
    
            * http/tests/security/calling-versus-current-expected.txt: Added.
            * http/tests/security/calling-versus-current.html: Added.
    
    
    git-svn-id: http://svn.webkit.org/repository/webkit/trunk@51459 268f45cc-cd09-0410-ab3c-d52691b4dbfc

diff --git a/LayoutTests/ChangeLog b/LayoutTests/ChangeLog
index 02f962a..c8a3bec 100644
--- a/LayoutTests/ChangeLog
+++ b/LayoutTests/ChangeLog
@@ -1,3 +1,15 @@
+2009-11-28  Adam Barth  <abarth at webkit.org>
+
+        Reviewed by Dimitri Glazkov.
+
+        [Chromium] Sify compose button alerts error
+        https://bugs.webkit.org/show_bug.cgi?id=31394
+
+        Test that we're using the calling security context in a simple case.
+
+        * http/tests/security/calling-versus-current-expected.txt: Added.
+        * http/tests/security/calling-versus-current.html: Added.
+
 2009-11-27  Daniel Bates  <dbates at webkit.org>
 
         Reviewed by Adam Barth.
diff --git a/LayoutTests/fast/forms/menulist-selection-reset-expected.txt b/LayoutTests/http/tests/security/calling-versus-current-expected.txt
similarity index 100%
copy from LayoutTests/fast/forms/menulist-selection-reset-expected.txt
copy to LayoutTests/http/tests/security/calling-versus-current-expected.txt
diff --git a/LayoutTests/http/tests/security/calling-versus-current.html b/LayoutTests/http/tests/security/calling-versus-current.html
new file mode 100644
index 0000000..7c50e61
--- /dev/null
+++ b/LayoutTests/http/tests/security/calling-versus-current.html
@@ -0,0 +1,13 @@
+<iframe src="resources/innocent-victim.html"></iframe>
+<div id="console">FAIL</div>
+<script>
+if (window.layoutTestController)
+    layoutTestController.dumpAsText();
+
+window.onload = function() {
+    window.f = frames[0].atob;
+    document.domain = "0.0.1";
+    if (btoa(window.f("PASS")) == "PASS")
+        document.getElementById("console").innerHTML = "PASS"
+}
+</script>
diff --git a/WebCore/ChangeLog b/WebCore/ChangeLog
index 5e0b970..8b57aba 100644
--- a/WebCore/ChangeLog
+++ b/WebCore/ChangeLog
@@ -1,3 +1,18 @@
+2009-11-28  Adam Barth  <abarth at webkit.org>
+
+        Reviewed by Dimitri Glazkov.
+
+        [Chromium] Sify compose button alerts error
+        https://bugs.webkit.org/show_bug.cgi?id=31394
+
+        Test: http/tests/security/calling-versus-current.html
+
+        We're supposed to use the calling context for security checks.  In JSC
+        land, this is the lexicalGlobalObject.
+
+        * bindings/v8/V8Proxy.cpp:
+        (WebCore::V8Proxy::canAccessPrivate):
+
 2009-11-27  Shinichiro Hamaji  <hamaji at chromium.org>
 
         Unreviewed Chromium build fix introduced by r51428.
diff --git a/WebCore/bindings/v8/V8Proxy.cpp b/WebCore/bindings/v8/V8Proxy.cpp
index 6764d0d..b05aa58 100644
--- a/WebCore/bindings/v8/V8Proxy.cpp
+++ b/WebCore/bindings/v8/V8Proxy.cpp
@@ -888,14 +888,20 @@ bool V8Proxy::canAccessPrivate(DOMWindow* targetWindow)
 
     String message;
 
-    DOMWindow* originWindow = retrieveWindow(currentContext());
-    if (originWindow == targetWindow)
+    v8::Local<v8::Context> activeContext = v8::Context::GetCalling();
+    if (activeContext.IsEmpty()) {
+        // There is a single activation record on the stack, so that must
+        // be the activeContext.
+        activeContext = v8::Context::GetCurrent();
+    }
+    DOMWindow* activeWindow = retrieveWindow(activeContext);
+    if (activeWindow == targetWindow)
         return true;
 
-    if (!originWindow)
+    if (!activeWindow)
         return false;
 
-    const SecurityOrigin* activeSecurityOrigin = originWindow->securityOrigin();
+    const SecurityOrigin* activeSecurityOrigin = activeWindow->securityOrigin();
     const SecurityOrigin* targetSecurityOrigin = targetWindow->securityOrigin();
 
     // We have seen crashes were the security origin of the target has not been
@@ -908,7 +914,7 @@ bool V8Proxy::canAccessPrivate(DOMWindow* targetWindow)
 
     // Allow access to a "about:blank" page if the dynamic context is a
     // detached context of the same frame as the blank page.
-    if (targetSecurityOrigin->isEmpty() && originWindow->frame() == targetWindow->frame())
+    if (targetSecurityOrigin->isEmpty() && activeWindow->frame() == targetWindow->frame())
         return true;
 
     return false;

-- 
WebKit Debian packaging

More information about the Pkg-webkit-commits mailing list