Added some same-origin-domain checks.

This commit is contained in:
Alan Jeffrey 2017-02-09 14:28:37 -06:00
parent 628cd7de6d
commit 1f61a549a3
45 changed files with 223 additions and 348 deletions

View file

@ -42,7 +42,7 @@ use dom::location::Location;
use dom::mediaquerylist::{MediaQueryList, WeakMediaQueryListVec};
use dom::messageevent::MessageEvent;
use dom::navigator::Navigator;
use dom::node::{Node, from_untrusted_node_address, window_from_node, NodeDamage};
use dom::node::{Node, from_untrusted_node_address, document_from_node, window_from_node, NodeDamage};
use dom::performance::Performance;
use dom::promise::Promise;
use dom::screen::Screen;
@ -528,7 +528,20 @@ impl WindowMethods for Window {
// https://html.spec.whatwg.org/multipage/#dom-frameelement
fn GetFrameElement(&self) -> Option<Root<Element>> {
self.browsing_context().frame_element().map(Root::from_ref)
// Steps 1-3.
if let Some(context) = self.browsing_context.get() {
// Step 4-5.
if let Some(container) = context.frame_element() {
// Step 6.
let container_doc = document_from_node(container);
let current_doc = GlobalScope::current().as_window().Document();
if current_doc.origin().same_origin_domain(container_doc.origin()) {
// Step 7.
return Some(Root::from_ref(container));
}
}
}
None
}
// https://html.spec.whatwg.org/multipage/#dom-navigator