[webkit-reviews] review granted: [Bug 230194] window.open() uses incorrect global object to determine if navigation is allowed : [Attachment 438829] Patch
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Jan 19 12:49:25 PST 2022
Geoffrey Garen <ggaren at apple.com> has granted Alexey Shvayka
<ashvayka at apple.com>'s request for review:
Bug 230194: window.open() uses incorrect global object to determine if
navigation is allowed
https://bugs.webkit.org/show_bug.cgi?id=230194
Attachment 438829: Patch
https://bugs.webkit.org/attachment.cgi?id=438829&action=review
--- Comment #5 from Geoffrey Garen <ggaren at apple.com> ---
Comment on attachment 438829
--> https://bugs.webkit.org/attachment.cgi?id=438829
Patch
View in context: https://bugs.webkit.org/attachment.cgi?id=438829&action=review
r=me
> Source/WebCore/ChangeLog:21
> + and "allow-same-origin" flags are present. If that's the acse, an
<iframe> can simply
case
> Source/WebCore/ChangeLog:24
> + Although per current spec [4], window.open() uses _entry_ global
object pretty much
Entry global object would be an obvious security / pop-up blocking bug. Seems
worth filing a spec issue to correct this.
> Source/WebCore/page/DOMWindow.cpp:2549
> -ExceptionOr<RefPtr<WindowProxy>> DOMWindow::open(DOMWindow& activeWindow,
DOMWindow& firstWindow, const String& urlStringToOpen, const AtomString&
frameName, const String& windowFeaturesString)
> +ExceptionOr<RefPtr<WindowProxy>> DOMWindow::open(DOMWindow& firstWindow,
const String& urlStringToOpen, const AtomString& frameName, const String&
windowFeaturesString)
What is 'firstWindow'? Is it the entry global object, the incumbent global
object, the top of stack global object, or something else?
More information about the webkit-reviews
mailing list