[webkit-reviews] review granted: [Bug 64079] Sandboxed iframe gives misleading xss-error : [Attachment 163004] Patch
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Sun Sep 9 13:14:05 PDT 2012
Adam Barth <abarth at webkit.org> has granted Mike West <mkwst at chromium.org>'s
request for review:
Bug 64079: Sandboxed iframe gives misleading xss-error
https://bugs.webkit.org/show_bug.cgi?id=64079
Attachment 163004: Patch
https://bugs.webkit.org/attachment.cgi?id=163004&action=review
------- Additional Comments from Adam Barth <abarth at webkit.org>
View in context: https://bugs.webkit.org/attachment.cgi?id=163004&action=review
> Source/WebCore/page/DOMWindow.cpp:1759
> // FIXME: This error message should contain more specifics of why the
same origin check has failed.
> // Perhaps we should involve the security origin object in composing it.
I'd remove this FIXME. We used to keep the sandbox bits in the SecurityOrigin,
which is what this is referring to.
> Source/WebCore/page/DOMWindow.cpp:1765
> + if (document()->isSandboxed(SandboxOrigin))
> + return "Sandbox access violation: " + message + " The former frame
is sandboxed.\n";
> + if (activeWindow->document()->isSandboxed(SandboxOrigin))
> + return "Sandbox access violation: " + message + " The latter frame
is sandboxed.\n";
What if they're both sandboxed? :)
More information about the webkit-reviews
mailing list