DOMWindow::open performs a security check on a wrong window qtwebkit-2.2-week28
authorcommit-queue <commit-queue@webkit.org>
Sat, 16 Jul 2011 20:12:51 +0000 (20:12 +0000)
committerAdemar de Souza Reis Jr <ademar.reis@openbossa.org>
Mon, 18 Jul 2011 21:30:52 +0000 (18:30 -0300)
commit5db848f4b58c096a19285804db6c2131c4a6fc6a
tree1ca52852ed9c6936f1169bc6cf66aec278629436
parentbce34be0051479037e4fa69357cfaea68b3d2602
DOMWindow::open performs a security check on a wrong window
https://bugs.webkit.org/show_bug.cgi?id=64651

Patch by Sergey Glazunov <serg.glazunov@gmail.com> on 2011-07-16
Reviewed by Adam Barth.

Source/WebCore:

Test: http/tests/security/xss-DENIED-window-open-parent.html

* page/DOMWindow.cpp:
(WebCore::DOMWindow::open):

LayoutTests:

* http/tests/security/resources/xss-DENIED-window-open-parent-attacker.html: Added.
* http/tests/security/xss-DENIED-window-open-parent-expected.txt: Added.
* http/tests/security/xss-DENIED-window-open-parent.html: Added.

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@91152 268f45cc-cd09-0410-ab3c-d52691b4dbfc
LayoutTests/ChangeLog
LayoutTests/http/tests/security/resources/xss-DENIED-window-open-parent-attacker.html [new file with mode: 0644]
LayoutTests/http/tests/security/xss-DENIED-window-open-parent-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/xss-DENIED-window-open-parent.html [new file with mode: 0644]
Source/WebCore/ChangeLog
Source/WebCore/page/DOMWindow.cpp