angler-fishThe Vulnerability History Project

Use Document of callingWindow for access check in isInsecureScriptAccess()

      The Document call was changed to Frame::securityContext() to make the code more
RemoteFrame-friendly. However, callingWindow is guaranteed local. Revert to
getting the SecurityOrigin via Document.

BUG=524074
TEST=http/tests/security/location-change-from-detached-DOMWindow.html

Review URL: https://codereview.chromium.org/1311253005

git-svn-id: svn://svn.chromium.org/blink/trunk@201139 bbb929c8-8fbe-4397-9dbb-9b2b20218538
by Loren the Western Gorilla 2015-08-25 17:20:32 UTC
commit 3134d8a254ebda12ac2972283f724201c2fa326d
Chromium Fix CVE-2015-1293
third_party/WebKit/LayoutTests/http/tests/security/location-change-from-detached-DOMWindow-expected.txt
-1
third_party/WebKit/LayoutTests/http/tests/security/location-change-from-detached-DOMWindow.html
-22
third_party/WebKit/Source/core/frame/DOMWindow.cpp
+1 -1
expand_less