From eba74554f370c673b67085e55ce480652c52dfb6 Mon Sep 17 00:00:00 2001
From: Ms2ger <Ms2ger@gmail.com>
Date: Mon, 2 May 2016 12:34:08 +0200
Subject: [PATCH] Add and update some FIXME comments about origin handling with
 iframes.

---
 components/compositing/constellation.rs    | 3 ++-
 components/script/dom/htmliframeelement.rs | 4 ++++
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/components/compositing/constellation.rs b/components/compositing/constellation.rs
index b855885b88a..485485d9c4a 100644
--- a/components/compositing/constellation.rs
+++ b/components/compositing/constellation.rs
@@ -990,11 +990,12 @@ impl<LTF: LayoutThreadFactory, STF: ScriptThreadFactory> Constellation<LTF, STF>
             // then reuse the script thread in creating the new pipeline
             let source_url = &source_pipeline.url;
 
+            // FIXME(#10968): this should probably match the origin check in
+            //                HTMLIFrameElement::contentDocument.
             let same_script = source_url.host() == new_url.host() &&
                               source_url.port() == new_url.port() &&
                               load_info.sandbox == IFrameSandboxState::IFrameUnsandboxed;
 
-            // FIXME(tkuehn): Need to follow the standardized spec for checking same-origin
             // Reuse the script thread if the URL is same-origin
             let script_chan = if same_script {
                 debug!("Constellation: loading same-origin iframe, \
diff --git a/components/script/dom/htmliframeelement.rs b/components/script/dom/htmliframeelement.rs
index 1910e119c1b..42f5a8e17e7 100644
--- a/components/script/dom/htmliframeelement.rs
+++ b/components/script/dom/htmliframeelement.rs
@@ -429,6 +429,8 @@ impl HTMLIFrameElementMethods for HTMLIFrameElement {
     // https://html.spec.whatwg.org/multipage/#dom-iframe-contentdocument
     fn GetContentDocument(&self) -> Option<Root<Document>> {
         self.GetContentWindow().and_then(|window| {
+            // FIXME(#10964): this should use the Document's origin and the
+            //                origin of the incumbent settings object.
             let self_url = self.get_url();
             let win_url = window_from_node(self).get_url();
 
@@ -582,6 +584,8 @@ impl VirtualMethods for HTMLIFrameElement {
             // iframes, and since that would cause a deadlock, don't do it.
             let ConstellationChan(ref chan) = *window.constellation_chan();
             let same_origin = {
+                // FIXME(#10968): this should probably match the origin check in
+                //                HTMLIFrameElement::contentDocument.
                 let self_url = self.get_url();
                 let win_url = window_from_node(self).get_url();
                 UrlHelper::SameOrigin(&self_url, &win_url)