<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[204832] releases/WebKitGTK/webkit-2.12</title>
</head>
<body>
<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; }
#msg dl a { font-weight: bold}
#msg dl a:link { color:#fc3; }
#msg dl a:active { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta">
<dt>Revision</dt> <dd><a href="http://trac.webkit.org/projects/webkit/changeset/204832">204832</a></dd>
<dt>Author</dt> <dd>carlosgc@webkit.org</dd>
<dt>Date</dt> <dd>2016-08-23 06:43:37 -0700 (Tue, 23 Aug 2016)</dd>
</dl>
<h3>Log Message</h3>
<pre>Merge <a href="http://trac.webkit.org/projects/webkit/changeset/202151">r202151</a> - Restrict security origin inheritance to empty, about:blank, and about:srcdoc URLs
https://bugs.webkit.org/show_bug.cgi?id=158855
<rdar://problem/26142632>
Reviewed by Alex Christensen.
Source/WebCore:
Tests: http/tests/dom/window-open-about-blank-and-access-document.html
http/tests/dom/window-open-about-webkit-org-and-access-document.html
Document.cpp previously checked whether a document should inherit its owner's
security origin by checking if the URL is either empty or blank. URL.cpp in
turn only checks if the protocol is "about:" in the isBlankURL() function.
Thus all about:* URLs inherited security origin. This patch restricts
security origin inheritance to empty, about:blank, and about:srcdoc URLs.
Quotes and links from the WHATWG spec regarding about:srcdoc:
7.1 Browsing contexts
A browsing context can have a creator browsing context, the browsing context
that was responsible for its creation. If a browsing context has a parent
browsing context, then that is its creator browsing context. Otherwise, if the
browsing context has an opener browsing context, then that is its creator
browsing context. Otherwise, the browsing context has no creator browsing
context.
https://html.spec.whatwg.org/multipage/browsers.html#concept-document-bc
7.1.1 Nested browsing contexts
Certain elements (for example, iframe elements) can instantiate further
browsing contexts. These are called nested browsing contexts. If a browsing
context P has a Document D with an element E that nests another browsing
context C inside it, then C is said to be nested through D, and E is said to
be the browsing context container of C. If the browsing context container
element E is in the Document D, then P is said to be the parent browsing
context of C and C is said to be a child browsing context of P. Otherwise,
the nested browsing context C has no parent browsing context.
https://html.spec.whatwg.org/multipage/browsers.html#nested-browsing-context
4.8.5 The iframe element
The iframe element represents a nested browsing context.
...
If the srcdoc attribute is specified
Navigate the element's child browsing context to a new response whose
url list consists of about:srcdoc ...
https://html.spec.whatwg.org/multipage/embedded-content.html#attr-iframe-srcdoc
* dom/Document.cpp:
(WebCore::Document::initSecurityContext):
Now uses the URL::shouldInheritSecurityOriginFromOwner() function instead.
(WebCore::Document::initContentSecurityPolicy):
Now uses the URL::shouldInheritSecurityOriginFromOwner() function instead.
(WebCore::shouldInheritSecurityOriginFromOwner): Deleted.
Moved to URL::shouldInheritSecurityOriginFromOwner() and restricted the check.
* platform/URL.cpp:
(WebCore::URL::shouldInheritSecurityOriginFromOwner):
* platform/URL.h:
Moved the function from Document and restricted the check to only allow
security origin inheritance for empty, about:blank, and about:srcdoc URLs.
LayoutTests:
* http/tests/dom/window-open-about-blank-and-access-document-expected.txt: Added.
* http/tests/dom/window-open-about-blank-and-access-document.html: Added.
* http/tests/dom/window-open-about-webkit-org-and-access-document-expected.txt: Added.
* http/tests/dom/window-open-about-webkit-org-and-access-document.html: Added.</pre>
<h3>Modified Paths</h3>
<ul>
<li><a href="#releasesWebKitGTKwebkit212LayoutTestsChangeLog">releases/WebKitGTK/webkit-2.12/LayoutTests/ChangeLog</a></li>
<li><a href="#releasesWebKitGTKwebkit212SourceWebCoreChangeLog">releases/WebKitGTK/webkit-2.12/Source/WebCore/ChangeLog</a></li>
<li><a href="#releasesWebKitGTKwebkit212SourceWebCoredomDocumentcpp">releases/WebKitGTK/webkit-2.12/Source/WebCore/dom/Document.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit212SourceWebCoreplatformURLcpp">releases/WebKitGTK/webkit-2.12/Source/WebCore/platform/URL.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit212SourceWebCoreplatformURLh">releases/WebKitGTK/webkit-2.12/Source/WebCore/platform/URL.h</a></li>
</ul>
<h3>Added Paths</h3>
<ul>
<li><a href="#releasesWebKitGTKwebkit212LayoutTestshttptestsdomwindowopenaboutblankandaccessdocumentexpectedtxt">releases/WebKitGTK/webkit-2.12/LayoutTests/http/tests/dom/window-open-about-blank-and-access-document-expected.txt</a></li>
<li><a href="#releasesWebKitGTKwebkit212LayoutTestshttptestsdomwindowopenaboutblankandaccessdocumenthtml">releases/WebKitGTK/webkit-2.12/LayoutTests/http/tests/dom/window-open-about-blank-and-access-document.html</a></li>
<li><a href="#releasesWebKitGTKwebkit212LayoutTestshttptestsdomwindowopenaboutwebkitorgandaccessdocumentexpectedtxt">releases/WebKitGTK/webkit-2.12/LayoutTests/http/tests/dom/window-open-about-webkit-org-and-access-document-expected.txt</a></li>
<li><a href="#releasesWebKitGTKwebkit212LayoutTestshttptestsdomwindowopenaboutwebkitorgandaccessdocumenthtml">releases/WebKitGTK/webkit-2.12/LayoutTests/http/tests/dom/window-open-about-webkit-org-and-access-document.html</a></li>
</ul>
</div>
<div id="patch">
<h3>Diff</h3>
<a id="releasesWebKitGTKwebkit212LayoutTestsChangeLog"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.12/LayoutTests/ChangeLog (204831 => 204832)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.12/LayoutTests/ChangeLog 2016-08-23 13:39:30 UTC (rev 204831)
+++ releases/WebKitGTK/webkit-2.12/LayoutTests/ChangeLog 2016-08-23 13:43:37 UTC (rev 204832)
</span><span class="lines">@@ -1,3 +1,16 @@
</span><ins>+2016-06-16 John Wilander <wilander@apple.com>
+
+ Restrict security origin inheritance to empty, about:blank, and about:srcdoc URLs
+ https://bugs.webkit.org/show_bug.cgi?id=158855
+ <rdar://problem/26142632>
+
+ Reviewed by Alex Christensen.
+
+ * http/tests/dom/window-open-about-blank-and-access-document-expected.txt: Added.
+ * http/tests/dom/window-open-about-blank-and-access-document.html: Added.
+ * http/tests/dom/window-open-about-webkit-org-and-access-document-expected.txt: Added.
+ * http/tests/dom/window-open-about-webkit-org-and-access-document.html: Added.
+
</ins><span class="cx"> 2016-05-25 Chris Dumez <cdumez@apple.com>
</span><span class="cx">
</span><span class="cx"> Update dom/Window/messageevent-source-postmessage-reified.html after r201315
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit212LayoutTestshttptestsdomwindowopenaboutblankandaccessdocumentexpectedtxt"></a>
<div class="addfile"><h4>Added: releases/WebKitGTK/webkit-2.12/LayoutTests/http/tests/dom/window-open-about-blank-and-access-document-expected.txt (0 => 204832)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.12/LayoutTests/http/tests/dom/window-open-about-blank-and-access-document-expected.txt (rev 0)
+++ releases/WebKitGTK/webkit-2.12/LayoutTests/http/tests/dom/window-open-about-blank-and-access-document-expected.txt 2016-08-23 13:43:37 UTC (rev 204832)
</span><span class="lines">@@ -0,0 +1,4 @@
</span><ins>+CONSOLE MESSAGE: line 1: Injected script running.
+
+PASS newWindow.document is defined.
+
</ins></span></pre></div>
<a id="releasesWebKitGTKwebkit212LayoutTestshttptestsdomwindowopenaboutblankandaccessdocumenthtml"></a>
<div class="addfile"><h4>Added: releases/WebKitGTK/webkit-2.12/LayoutTests/http/tests/dom/window-open-about-blank-and-access-document.html (0 => 204832)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.12/LayoutTests/http/tests/dom/window-open-about-blank-and-access-document.html (rev 0)
+++ releases/WebKitGTK/webkit-2.12/LayoutTests/http/tests/dom/window-open-about-blank-and-access-document.html 2016-08-23 13:43:37 UTC (rev 204832)
</span><span class="lines">@@ -0,0 +1,49 @@
</span><ins>+<!DOCTYPE html>
+<html lang="en">
+<head>
+ <meta charset="UTF-8">
+ <title>Tests opening a new about:blank window and accessing its document</title>
+ <script src="../resources/js-test-pre.js"></script>
+ <script>
+ var newWindow;
+
+ if (window.testRunner) {
+ testRunner.setCanOpenWindows();
+ testRunner.waitUntilDone();
+ }
+
+ function checkNewWindowDocumentIsUndefined () {
+ shouldBeDefined("newWindow.document");
+ if (window.testRunner)
+ testRunner.notifyDone();
+ }
+
+ function clickHandler() {
+ newWindow = window.open("about:blank");
+ try {
+ newWindow.document.write("<scri" + "pt>console.log('Injected script running.')</sc" + "ript>");
+ setTimeout(checkNewWindowDocumentIsUndefined, 500);
+ } catch (e) {
+ testFailed("Was not able to write to the new window's document.");
+ if (window.testRunner)
+ testRunner.notifyDone();
+ }
+ }
+
+ function clickButton() {
+ var button = document.getElementById("test");
+ var buttonX = button.offsetLeft + button.offsetWidth / 2;
+ var buttonY = button.offsetTop + button.offsetHeight / 2;
+ if (window.eventSender) {
+ eventSender.mouseMoveTo(buttonX, buttonY);
+ eventSender.mouseDown();
+ eventSender.mouseUp();
+ }
+ }
+ </script>
+</head>
+<body onload="clickButton()">
+<button id="test" onclick="clickHandler()"></button>
+<div id="console"></div>
+</body>
+</html>
</ins><span class="cx">\ No newline at end of file
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit212LayoutTestshttptestsdomwindowopenaboutwebkitorgandaccessdocumentexpectedtxt"></a>
<div class="addfile"><h4>Added: releases/WebKitGTK/webkit-2.12/LayoutTests/http/tests/dom/window-open-about-webkit-org-and-access-document-expected.txt (0 => 204832)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.12/LayoutTests/http/tests/dom/window-open-about-webkit-org-and-access-document-expected.txt (rev 0)
+++ releases/WebKitGTK/webkit-2.12/LayoutTests/http/tests/dom/window-open-about-webkit-org-and-access-document-expected.txt 2016-08-23 13:43:37 UTC (rev 204832)
</span><span class="lines">@@ -0,0 +1,7 @@
</span><ins>+CONSOLE MESSAGE: line 45: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "null". The frame requesting access has a protocol of "http", the frame being accessed has a protocol of "about". Protocols must match.
+
+CONSOLE MESSAGE: line 347: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "null". The frame requesting access has a protocol of "http", the frame being accessed has a protocol of "about". Protocols must match.
+
+
+PASS newWindow.document is undefined.
+
</ins></span></pre></div>
<a id="releasesWebKitGTKwebkit212LayoutTestshttptestsdomwindowopenaboutwebkitorgandaccessdocumenthtml"></a>
<div class="addfile"><h4>Added: releases/WebKitGTK/webkit-2.12/LayoutTests/http/tests/dom/window-open-about-webkit-org-and-access-document.html (0 => 204832)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.12/LayoutTests/http/tests/dom/window-open-about-webkit-org-and-access-document.html (rev 0)
+++ releases/WebKitGTK/webkit-2.12/LayoutTests/http/tests/dom/window-open-about-webkit-org-and-access-document.html 2016-08-23 13:43:37 UTC (rev 204832)
</span><span class="lines">@@ -0,0 +1,48 @@
</span><ins>+<!DOCTYPE html>
+<html lang="en">
+<head>
+ <title>Tests opening a new about://webkit.org window and accessing its document</title>
+ <script src="../resources/js-test-pre.js"></script>
+ <script>
+ var newWindow;
+
+ if (window.testRunner) {
+ testRunner.setCanOpenWindows();
+ testRunner.waitUntilDone();
+ }
+
+ function checkNewWindowDocumentIsUndefined () {
+ shouldBeUndefined("newWindow.document");
+ if (window.testRunner)
+ testRunner.notifyDone();
+ }
+
+ function clickHandler() {
+ newWindow = window.open("about://webkit.org");
+ try {
+ newWindow.document.write("<scri" + "pt>console.log('Injected script running.')</sc" + "ript>");
+ testFailed("Was able to write to the new window's document.");
+ if (window.testRunner)
+ testRunner.notifyDone();
+ } catch (e) {
+ setTimeout(checkNewWindowDocumentIsUndefined, 500);
+ }
+ }
+
+ function clickButton() {
+ var button = document.getElementById("test");
+ var buttonX = button.offsetLeft + button.offsetWidth / 2;
+ var buttonY = button.offsetTop + button.offsetHeight / 2;
+ if (window.eventSender) {
+ eventSender.mouseMoveTo(buttonX, buttonY);
+ eventSender.mouseDown();
+ eventSender.mouseUp();
+ }
+ }
+ </script>
+</head>
+<body onload="clickButton()">
+<button id="test" onclick="clickHandler()"></button>
+<div id="console"></div>
+</body>
+</html>
</ins><span class="cx">\ No newline at end of file
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit212SourceWebCoreChangeLog"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.12/Source/WebCore/ChangeLog (204831 => 204832)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.12/Source/WebCore/ChangeLog 2016-08-23 13:39:30 UTC (rev 204831)
+++ releases/WebKitGTK/webkit-2.12/Source/WebCore/ChangeLog 2016-08-23 13:43:37 UTC (rev 204832)
</span><span class="lines">@@ -1,3 +1,63 @@
</span><ins>+2016-06-16 John Wilander <wilander@apple.com>
+
+ Restrict security origin inheritance to empty, about:blank, and about:srcdoc URLs
+ https://bugs.webkit.org/show_bug.cgi?id=158855
+ <rdar://problem/26142632>
+
+ Reviewed by Alex Christensen.
+
+ Tests: http/tests/dom/window-open-about-blank-and-access-document.html
+ http/tests/dom/window-open-about-webkit-org-and-access-document.html
+
+ Document.cpp previously checked whether a document should inherit its owner's
+ security origin by checking if the URL is either empty or blank. URL.cpp in
+ turn only checks if the protocol is "about:" in the isBlankURL() function.
+ Thus all about:* URLs inherited security origin. This patch restricts
+ security origin inheritance to empty, about:blank, and about:srcdoc URLs.
+
+ Quotes and links from the WHATWG spec regarding about:srcdoc:
+
+ 7.1 Browsing contexts
+ A browsing context can have a creator browsing context, the browsing context
+ that was responsible for its creation. If a browsing context has a parent
+ browsing context, then that is its creator browsing context. Otherwise, if the
+ browsing context has an opener browsing context, then that is its creator
+ browsing context. Otherwise, the browsing context has no creator browsing
+ context.
+ https://html.spec.whatwg.org/multipage/browsers.html#concept-document-bc
+
+ 7.1.1 Nested browsing contexts
+ Certain elements (for example, iframe elements) can instantiate further
+ browsing contexts. These are called nested browsing contexts. If a browsing
+ context P has a Document D with an element E that nests another browsing
+ context C inside it, then C is said to be nested through D, and E is said to
+ be the browsing context container of C. If the browsing context container
+ element E is in the Document D, then P is said to be the parent browsing
+ context of C and C is said to be a child browsing context of P. Otherwise,
+ the nested browsing context C has no parent browsing context.
+ https://html.spec.whatwg.org/multipage/browsers.html#nested-browsing-context
+
+ 4.8.5 The iframe element
+ The iframe element represents a nested browsing context.
+ ...
+ If the srcdoc attribute is specified
+ Navigate the element's child browsing context to a new response whose
+ url list consists of about:srcdoc ...
+ https://html.spec.whatwg.org/multipage/embedded-content.html#attr-iframe-srcdoc
+
+ * dom/Document.cpp:
+ (WebCore::Document::initSecurityContext):
+ Now uses the URL::shouldInheritSecurityOriginFromOwner() function instead.
+ (WebCore::Document::initContentSecurityPolicy):
+ Now uses the URL::shouldInheritSecurityOriginFromOwner() function instead.
+ (WebCore::shouldInheritSecurityOriginFromOwner): Deleted.
+ Moved to URL::shouldInheritSecurityOriginFromOwner() and restricted the check.
+ * platform/URL.cpp:
+ (WebCore::URL::shouldInheritSecurityOriginFromOwner):
+ * platform/URL.h:
+ Moved the function from Document and restricted the check to only allow
+ security origin inheritance for empty, about:blank, and about:srcdoc URLs.
+
</ins><span class="cx"> 2016-05-24 Antti Koivisto <antti@apple.com>
</span><span class="cx">
</span><span class="cx"> REGRESSION (r196629): Safari can get into a state where switching Reader theme doesn't apply to the webpage
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit212SourceWebCoredomDocumentcpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.12/Source/WebCore/dom/Document.cpp (204831 => 204832)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.12/Source/WebCore/dom/Document.cpp 2016-08-23 13:39:30 UTC (rev 204831)
+++ releases/WebKitGTK/webkit-2.12/Source/WebCore/dom/Document.cpp 2016-08-23 13:43:37 UTC (rev 204832)
</span><span class="lines">@@ -343,19 +343,6 @@
</span><span class="cx"> return true;
</span><span class="cx"> }
</span><span class="cx">
</span><del>-static bool shouldInheritSecurityOriginFromOwner(const URL& url)
-{
- // http://www.whatwg.org/specs/web-apps/current-work/#origin-0
- //
- // If a Document has the address "about:blank"
- // The origin of the Document is the origin it was assigned when its browsing context was created.
- //
- // Note: We generalize this to all "blank" URLs and invalid URLs because we
- // treat all of these URLs as about:blank.
- //
- return url.isEmpty() || url.isBlankURL();
-}
-
</del><span class="cx"> static Widget* widgetForElement(Element* focusedElement)
</span><span class="cx"> {
</span><span class="cx"> if (!focusedElement)
</span><span class="lines">@@ -5131,7 +5118,7 @@
</span><span class="cx"> setBaseURLOverride(parentDocument->baseURL());
</span><span class="cx"> }
</span><span class="cx">
</span><del>- if (!shouldInheritSecurityOriginFromOwner(m_url))
</del><ins>+ if (!m_url.shouldInheritSecurityOriginFromOwner())
</ins><span class="cx"> return;
</span><span class="cx">
</span><span class="cx"> // If we do not obtain a meaningful origin from the URL, then we try to
</span><span class="lines">@@ -5164,7 +5151,7 @@
</span><span class="cx">
</span><span class="cx"> void Document::initContentSecurityPolicy()
</span><span class="cx"> {
</span><del>- if (!m_frame->tree().parent() || (!shouldInheritSecurityOriginFromOwner(m_url) && !isPluginDocument()))
</del><ins>+ if (!m_frame->tree().parent() || (!m_url.shouldInheritSecurityOriginFromOwner() && !isPluginDocument()))
</ins><span class="cx"> return;
</span><span class="cx">
</span><span class="cx"> contentSecurityPolicy()->copyStateFrom(m_frame->tree().parent()->document()->contentSecurityPolicy());
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit212SourceWebCoreplatformURLcpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.12/Source/WebCore/platform/URL.cpp (204831 => 204832)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.12/Source/WebCore/platform/URL.cpp 2016-08-23 13:39:30 UTC (rev 204831)
+++ releases/WebKitGTK/webkit-2.12/Source/WebCore/platform/URL.cpp 2016-08-23 13:43:37 UTC (rev 204832)
</span><span class="lines">@@ -2022,6 +2022,13 @@
</span><span class="cx"> return protocolIs("about");
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+bool URL::shouldInheritSecurityOriginFromOwner() const
+{
+ return isEmpty()
+ || m_string == blankURL().string()
+ || m_string == "about:srcdoc";
+}
+
</ins><span class="cx"> typedef HashMap<String, unsigned short, ASCIICaseInsensitiveHash> DefaultPortsMap;
</span><span class="cx"> static const DefaultPortsMap& defaultPortsMap()
</span><span class="cx"> {
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit212SourceWebCoreplatformURLh"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.12/Source/WebCore/platform/URL.h (204831 => 204832)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.12/Source/WebCore/platform/URL.h 2016-08-23 13:39:30 UTC (rev 204831)
+++ releases/WebKitGTK/webkit-2.12/Source/WebCore/platform/URL.h 2016-08-23 13:43:37 UTC (rev 204832)
</span><span class="lines">@@ -134,6 +134,7 @@
</span><span class="cx"> bool protocolIsInHTTPFamily() const;
</span><span class="cx"> WEBCORE_EXPORT bool isLocalFile() const;
</span><span class="cx"> bool isBlankURL() const;
</span><ins>+ bool shouldInheritSecurityOriginFromOwner() const;
</ins><span class="cx">
</span><span class="cx"> WEBCORE_EXPORT bool setProtocol(const String&);
</span><span class="cx"> void setHost(const String&);
</span></span></pre>
</div>
</div>
</body>
</html>