On Aug 31, 2007, at 2:24 PM, Anyang Ren wrote:
In kjs_window.cpp, Window::isSafeScript(ExecState *exec), we have:
KURL actURL = activeFrame-loader()-url();
WebCore::String actDomain = actURL.host();
...
KURL thisURL = frame-loader()-url();
...
WebCore::String thisDomain = thisURL.host();
if (actDomain == thisDomain actURL.protocol() ==
thisURL.protocol() actURL.port() == thisURL.port())
return true;
if (Interpreter::shouldPrintExceptions()) {
printf(Unsafe JavaScript attempt to access frame with URL %s
from frame with URL %s. Domains, protocols and ports must match.\n,
thisDocument-URL().latin1(), actDocument-
URL().latin1());
}
String message = String::format(Unsafe JavaScript attempt to access
frame with URL %s from frame with URL %s. Domains, protocols and ports
must match.\n,
thisDocument-URL().latin1(), actDocument-
URL().latin1());
Since thisURL and actURL are the URLs used in the test, why are
we using thisDocument-URL() and actDocument-URL() in the
error messages?
I think perhaps the message should mention both. thisURL and actURL
(not such great names!) may identify the frame that is considered to
own this frame in cases like about:blank or javascript: frame source,
but they are not the true URL of the frame, so may not be very helpful
in the error message. I think the format should be something like:
Unsafe JavaScript attempt to access frame with URL %s (owned by %s)
from frame with URL %s (owned by %s). Domains, protocols and ports
must match.\n
But the owned by part should probably be dropped entirely in the
common case where the URLs are the same.
We'd take a patch to improve this.
In fact, actDocument could be NULL. Earlier in this function, we
have:
WebCore::Document* actDocument = activeFrame-document();
if (actDocument) {
if (thisDocument-domainWasSetInDOM() actDocument-
domainWasSetInDOM()) {
if (thisDocument-domain() == actDocument-domain())
return true;
}
}
The if (actDocument) test suggests that actDocument could
be NULL.
I'm not sure it's possible for a frame to be executing script with a
null document, so I don't think this is actually possible. In fact, in
current trunk, I don't think it is ever possible for any frame to have
a null document.
Regards,
Maciej
___
webkit-dev mailing list
webkit-dev@lists.webkit.org
http://lists.webkit.org/mailman/listinfo/webkit-dev