Revision: 5387
Author: [email protected]
Date: Tue Apr 30 15:24:53 2013
Log: Make ES5 directConstructor robust against other-origin frames.
https://codereview.appspot.com/9063043
Was causing the playground to fail on Firefox.
[email protected]
http://code.google.com/p/google-caja/source/detail?r=5387
Modified:
/trunk/src/com/google/caja/plugin/ses-frame-group.js
/trunk/tests/com/google/caja/plugin/browser-test-case.html
=======================================
--- /trunk/src/com/google/caja/plugin/ses-frame-group.js Thu Apr 11
19:45:31 2013
+++ /trunk/src/com/google/caja/plugin/ses-frame-group.js Tue Apr 30
15:24:53 2013
@@ -146,7 +146,14 @@
if (!directCtor) { return void 0; }
if (directCtor === feralWin.Object) { return BASE_OBJECT_CONSTRUCTOR; }
Array.prototype.slice.call(feralWin.frames).forEach(function(w) {
- if (directCtor === w.Object) {
+ var O;
+ try {
+ O = w.Object;
+ } catch (e) {
+ // met a different-origin frame, probably
+ return;
+ }
+ if (directCtor === O) {
directCtor = BASE_OBJECT_CONSTRUCTOR;
}
});
=======================================
--- /trunk/tests/com/google/caja/plugin/browser-test-case.html Tue Mar 19
15:42:39 2013
+++ /trunk/tests/com/google/caja/plugin/browser-test-case.html Tue Apr 30
15:24:53 2013
@@ -63,6 +63,11 @@
--></div>
<div id="automatedTestingReadyIndicator" style="display: none;"></div>
+ <!-- cause code which fails due to cross-origin frame access policies
+ to fail in testing. URL doesn't matter but it must be
other-origin -->
+ <iframe src="http://caja-cross-frame-test.invalid";
+ style="display: none;"></iframe>
+
<!-- in es53 mode, testImageElement() is reliably fired
before the browser has loaded the image, because js runs
continuously without yielding: html-emitter sets the img
--
---
You received this message because you are subscribed to the Google Groups "Google Caja Discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
