From d49e34c1b1e6e3759633c9315a3e02dde091546c Mon Sep 17 00:00:00 2001
From: Ms2ger <Ms2ger@gmail.com>
Date: Mon, 28 Nov 2016 18:36:45 +0100
Subject: [PATCH] Implement correct security checks for
 HTMLIFrameElement::contentDocument.

Fixes #10964.
---
 components/script/dom/htmliframeelement.rs | 8 +++-----
 1 file changed, 3 insertions(+), 5 deletions(-)

diff --git a/components/script/dom/htmliframeelement.rs b/components/script/dom/htmliframeelement.rs
index 5bc1a514b81..692598d5339 100644
--- a/components/script/dom/htmliframeelement.rs
+++ b/components/script/dom/htmliframeelement.rs
@@ -332,11 +332,9 @@ impl HTMLIFrameElement {
         self.pipeline_id.get()
             .and_then(|pipeline_id| ScriptThread::find_document(pipeline_id))
             .and_then(|document| {
-                // FIXME(#10964): this should use the Document's origin and the
-                //                origin of the incumbent settings object.
-                let contained_url = document.global().get_url();
-                if self.global().get_url().origin() == contained_url.origin() ||
-                   contained_url.as_str() == "about:blank" {
+                let current_global = GlobalScope::current();
+                let current_document = current_global.as_window().Document();
+                if document.origin().same_origin(current_document.origin()) {
                     Some(Root::from_ref(document.window()))
                 } else {
                     None