Added some same-origin-domain checks.

2025-07-22 23:03:42 +01:00 · 2017-02-09 14:28:37 -06:00 · 2017-02-09 14:28:37 -06:00 · 1f61a549a3
commit 1f61a549a3
parent 628cd7de6d
45 changed files with 223 additions and 348 deletions
--- a/components/script/dom/htmliframeelement.rs
+++ b/components/script/dom/htmliframeelement.rs
@ -327,20 +327,6 @@ impl HTMLIFrameElement {
            false
        }
    }
-
-    pub fn get_content_window(&self) -> Option<Root<Window>> {
-        self.pipeline_id.get()
-            .and_then(|pipeline_id| ScriptThread::find_document(pipeline_id))
-            .and_then(|document| {
-                let current_global = GlobalScope::current();
-                let current_document = current_global.as_window().Document();
-                if document.origin().same_origin(current_document.origin()) {
-                    Some(Root::from_ref(document.window()))
-                } else {
-                    None
-                }
-            })
-    }
 }

 pub trait HTMLIFrameElementLayoutMethods {
@ -512,15 +498,33 @@ impl HTMLIFrameElementMethods for HTMLIFrameElement {

    // https://html.spec.whatwg.org/multipage/#dom-iframe-contentwindow
    fn GetContentWindow(&self) -> Option<Root<BrowsingContext>> {
-        match self.get_content_window() {
-            Some(ref window) => Some(window.browsing_context()),
-            None => None
+        if self.pipeline_id.get().is_some() {
+            ScriptThread::find_browsing_context(self.frame_id)
+        } else {
+            None
        }
    }

    // https://html.spec.whatwg.org/multipage/#dom-iframe-contentdocument
+    // https://html.spec.whatwg.org/multipage/#concept-bcc-content-document
    fn GetContentDocument(&self) -> Option<Root<Document>> {
-        self.get_content_window().map(|window| window.Document())
+        // Step 1.
+        let pipeline_id = match self.pipeline_id.get() {
+            None => return None,
+            Some(pipeline_id) => pipeline_id,
+        };
+        // Step 2-3.
+        let document = match ScriptThread::find_document(pipeline_id) {
+            None => return None,
+            Some(document) => document,
+        };
+        // Step 4.
+        let current = GlobalScope::current().as_window().Document();
+        if !current.origin().same_origin_domain(document.origin()) {
+            return None;
+        }
+        // Step 5.
+        Some(document)
    }

    // Experimental mozbrowser implementation is based on the webidl