[webkit-reviews] review granted: [Bug 172038] REGRESSION (r209608): Cross-origin plugin document opened in child window blocked by parent window CSP when object-src 'none' is set : [Attachment 310101] Patch and layout tests
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed May 17 14:25:04 PDT 2017
Andy Estes <aestes at apple.com> has granted Daniel Bates <dbates at webkit.org>'s
request for review:
Bug 172038: REGRESSION (r209608): Cross-origin plugin document opened in child
window blocked by parent window CSP when object-src 'none' is set
https://bugs.webkit.org/show_bug.cgi?id=172038
Attachment 310101: Patch and layout tests
https://bugs.webkit.org/attachment.cgi?id=310101&action=review
--- Comment #10 from Andy Estes <aestes at apple.com> ---
Comment on attachment 310101
--> https://bugs.webkit.org/attachment.cgi?id=310101
Patch and layout tests
View in context: https://bugs.webkit.org/attachment.cgi?id=310101&action=review
> Source/WebCore/dom/Document.cpp:5221
> + if (!shouldInheritSecurityOriginFromOwner(m_url) && (!isPluginDocument()
|| (!parentFrame &&
!openerFrame->document()->securityOrigin().canAccess(securityOrigin()))))
This if statement is hard to parse. I think it'd read better with the plug-in
document parts broken out into a function or a local variable with a
descriptive name (e.g. shouldInheritSecurityOriginForPlugInDocument()).
More information about the webkit-reviews
mailing list