Bug 127937

Summary: WebGLLoadPolicy should be queried for the top document
Product: WebKit Reporter: Roger Fong <roger_fong>
Component: WebGLAssignee: Nobody <webkit-unassigned>
Status: RESOLVED FIXED    
Severity: Normal CC: bfulgham, commit-queue, dino, esprehn+autocc, gyuyoung.kim, jonlee, mmaxfield, roger_fong, thorton, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: 528+ (Nightly build)   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
patch thorton: review+

Description Roger Fong 2014-01-30 12:55:55 PST
If an iframe loads a webgl context we need to make sure that we query for the load policy of the top document's url, not the iframe's.
Comment 1 Roger Fong 2014-01-30 13:19:22 PST
<rdar://problem/15950122>
Comment 2 Roger Fong 2014-01-30 13:26:19 PST
Created attachment 222723 [details]
patch
Comment 3 Tim Horton 2014-01-30 14:55:46 PST
Comment on attachment 222723 [details]
patch

View in context: https://bugs.webkit.org/attachment.cgi?id=222723&action=review

> Source/WebCore/html/HTMLCanvasElement.cpp:-229
> -                Page* page = document().page();

I asked if this was right because it means that trusting the main document's domain would let subdocuments from origins the user doesn't trust run, and he noted that plugins do the same thing, so I think this is fine (but maybe we should revisit this?).
Comment 4 Roger Fong 2014-01-30 15:13:33 PST
Landed: http://trac.webkit.org/changeset/163127
until someone yells at me.