Title: [214997] releases/WebKitGTK/webkit-2.14/Source/WebCore
- Revision
- 214997
- Author
- carlo...@webkit.org
- Date
- 2017-04-06 00:34:10 -0700 (Thu, 06 Apr 2017)
Log Message
Merge r210508 - Evaluating window named element may return wrong result
https://bugs.webkit.org/show_bug.cgi?id=166792
<rdar://problem/29801059>
Reviewed by Chris Dumez.
* bindings/js/JSDOMWindowProperties.cpp:
(WebCore::jsDOMWindowPropertiesGetOwnPropertySlotNamedItemGetter):
Modified Paths
Diff
Modified: releases/WebKitGTK/webkit-2.14/Source/WebCore/ChangeLog (214996 => 214997)
--- releases/WebKitGTK/webkit-2.14/Source/WebCore/ChangeLog 2017-04-06 07:32:58 UTC (rev 214996)
+++ releases/WebKitGTK/webkit-2.14/Source/WebCore/ChangeLog 2017-04-06 07:34:10 UTC (rev 214997)
@@ -1,3 +1,14 @@
+2017-01-09 Daniel Bates <daba...@apple.com>
+
+ Evaluating window named element may return wrong result
+ https://bugs.webkit.org/show_bug.cgi?id=166792
+ <rdar://problem/29801059>
+
+ Reviewed by Chris Dumez.
+
+ * bindings/js/JSDOMWindowProperties.cpp:
+ (WebCore::jsDOMWindowPropertiesGetOwnPropertySlotNamedItemGetter):
+
2017-01-06 Chris Dumez <cdu...@apple.com>
Regression(r189230): DOM Callbacks may use wrong global object
Modified: releases/WebKitGTK/webkit-2.14/Source/WebCore/bindings/js/JSDOMWindowProperties.cpp (214996 => 214997)
--- releases/WebKitGTK/webkit-2.14/Source/WebCore/bindings/js/JSDOMWindowProperties.cpp 2017-04-06 07:32:58 UTC (rev 214996)
+++ releases/WebKitGTK/webkit-2.14/Source/WebCore/bindings/js/JSDOMWindowProperties.cpp 2017-04-06 07:34:10 UTC (rev 214997)
@@ -50,6 +50,9 @@
return true;
}
+ if (!BindingSecurity::shouldAllowAccessToFrame(exec, &frame, ThrowSecurityError))
+ return false;
+
// FIXME: Search the whole frame hierarchy somewhere around here.
// We need to test the correct priority order.
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes
