We seem to be doing global object comparison security checks wrong, leading the following layout tests to fail: http/tests/security/cross-frame-access-callback-explicit-domain-ALLOW.htm http/tests/security/listener/xss-JSTargetNode-onclick-shortcut.html http/tests/security/listener/xss-XMLHttpRequest-addEventListener.html http/tests/security/listener/xss-XMLHttpRequest-shortcut.html http/tests/security/listener/xss-window-onclick-addEventListener.html http/tests/security/listener/xss-window-onclick-shortcut.html
Created attachment 20953 [details] patch to fix much of the underlying problem, but not all
Committed revision 32840. We still need to figure out why the exception messages in these tests have changed.
Looks like two issues: - "-CONSOLE MESSAGE: line 6: Value undefined (result of expression alert) is not object." The difference here is a difference of exception message style. - "+CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame..." The difference here seems to be that squirrelfish looks up a global value an extra time. (Seems like a real bug.)
Committed revision 32971.