Bug 154270

Summary:

Do security checks early in JSDOMWindow::put*()

Product:

WebKit

Reporter:

Chris Dumez <cdumez>

Component:

Bindings

Assignee:

Chris Dumez <cdumez>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

barraclough, commit-queue, ggaren, mkwst, sam

Priority:

Version:

WebKit Nightly Build

Hardware:

Unspecified

OS:

Unspecified

Bug Depends on:

Bug Blocks:

154120

Attachments:

Description	Flags
Patch	none

Chris Dumez

Reported 2016-02-15 17:14:43 PST

Do security checks early in JSDOMWindow::put*() to make it less error-prone. Also lock-down further to return early when trying to set cross-origin any other property than "location" instead of relying only on individual setters to do the security checks.

Attachments
Patch (13.26 KB, patch) 2016-02-15 18:54 PST, Chris Dumez	no flags	Details Formatted Diff Diff
View All Add attachment proposed patch, testcase, etc.

Chris Dumez

Comment 1 2016-02-15 18:54:10 PST

Created attachment 271404 [details] Patch

WebKit Commit Bot

Comment 2 2016-02-16 00:11:46 PST

Comment on attachment 271404 [details] Patch Clearing flags on attachment: 271404 Committed r196628: <http://trac.webkit.org/changeset/196628>

WebKit Commit Bot

Comment 3 2016-02-16 00:11:51 PST

All reviewed patches have been landed. Closing bug.

Note You need to log in before you can comment on or make changes to this bug.