Mirrors/servo
1
0
Fork 0
mirror of https://github.com/servo/servo.git synced 2025-06-08 08:33:26 +00:00
Code Issues Projects Releases Packages Wiki Activity

Implement correct security checks for HTMLIFrameElement::contentDocument.

Browse source 
Fixes #10964.
This commit is contained in:
Ms2ger 2016-11-28 18:36:45 +01:00
parent ec5d08c887
commit d49e34c1b1
1 changed files with 3 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

8
components/script/dom/htmliframeelement.rs
View file

@ -332,11 +332,9 @@ impl HTMLIFrameElement {
self.pipeline_id.get() self.pipeline_id.get()
.and_then(|pipeline_id| ScriptThread::find_document(pipeline_id)) .and_then(|pipeline_id| ScriptThread::find_document(pipeline_id))
.and_then(|document| { .and_then(|document| {
// FIXME(#10964): this should use the Document's origin and the let current_global = GlobalScope::current();
// origin of the incumbent settings object. let current_document = current_global.as_window().Document();
let contained_url = document.global().get_url(); if document.origin().same_origin(current_document.origin()) {
if self.global().get_url().origin() == contained_url.origin() ||
contained_url.as_str() == "about:blank" {
Some(Root::from_ref(document.window())) Some(Root::from_ref(document.window()))
} else { } else {
None None