Title: [210508] trunk/Source/WebCore
- Revision
- 210508
- Author
- dba...@webkit.org
- Date
- 2017-01-09 09:19:46 -0800 (Mon, 09 Jan 2017)
Log Message
Evaluating window named element may return wrong result
https://bugs.webkit.org/show_bug.cgi?id=166792
<rdar://problem/29801059>
Reviewed by Chris Dumez.
* bindings/js/JSDOMWindowProperties.cpp:
(WebCore::jsDOMWindowPropertiesGetOwnPropertySlotNamedItemGetter):
Modified Paths
Diff
Modified: trunk/Source/WebCore/ChangeLog (210507 => 210508)
--- trunk/Source/WebCore/ChangeLog 2017-01-09 16:54:59 UTC (rev 210507)
+++ trunk/Source/WebCore/ChangeLog 2017-01-09 17:19:46 UTC (rev 210508)
@@ -1,3 +1,14 @@
+2017-01-09 Daniel Bates <daba...@apple.com>
+
+ Evaluating window named element may return wrong result
+ https://bugs.webkit.org/show_bug.cgi?id=166792
+ <rdar://problem/29801059>
+
+ Reviewed by Chris Dumez.
+
+ * bindings/js/JSDOMWindowProperties.cpp:
+ (WebCore::jsDOMWindowPropertiesGetOwnPropertySlotNamedItemGetter):
+
2017-01-09 Chris Dumez <cdu...@apple.com>
REGRESSION(r178955): Touching Settings.in doesn't cause JSInternalSettingsGenerated.cpp to be updated on first build
Modified: trunk/Source/WebCore/bindings/js/JSDOMWindowProperties.cpp (210507 => 210508)
--- trunk/Source/WebCore/bindings/js/JSDOMWindowProperties.cpp 2017-01-09 16:54:59 UTC (rev 210507)
+++ trunk/Source/WebCore/bindings/js/JSDOMWindowProperties.cpp 2017-01-09 17:19:46 UTC (rev 210508)
@@ -50,6 +50,9 @@
return true;
}
+ if (!BindingSecurity::shouldAllowAccessToFrame(exec, &frame, ThrowSecurityError))
+ return false;
+
// FIXME: Search the whole frame hierarchy somewhere around here.
// We need to test the correct priority order.
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes
