Summary: | [JSC] Script run from an isolated world should bypass a page's CSP | ||||||
---|---|---|---|---|---|---|---|
Product: | WebKit | Reporter: | Mike West <mkwst> | ||||
Component: | WebCore Misc. | Assignee: | Geoffrey Garen <ggaren> | ||||
Status: | RESOLVED FIXED | ||||||
Severity: | Normal | CC: | abarth, eric.carlson, felipe, ggaren, jberlin, oliver, rakuco, timothy | ||||
Priority: | P2 | Keywords: | InRadar | ||||
Version: | 528+ (Nightly build) | ||||||
Hardware: | Unspecified | ||||||
OS: | Unspecified | ||||||
Bug Depends on: | 97398 | ||||||
Bug Blocks: | |||||||
Attachments: |
|
Description
Mike West
2012-10-30 23:11:24 PDT
Unassigning myself; let's be realistic about what I'm actually working on. :/ Created attachment 197200 [details]
Patch
Comment on attachment 197200 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=197200&action=review > Source/WebCore/bindings/js/ScriptController.cpp:477 > + if (!callFrame || callFrame == CallFrame::noCaller()) we do this check a lot, i wonder if we could streamline it? (not in this patch though) > we do this check a lot, i wonder if we could streamline it? (not in this patch though)
Yeah, I think we should: I was surprised to learn that there were two different "null" values you had to test for, and I got it wrong the first time.
Committed r148076: <http://trac.webkit.org/changeset/148076> |