Summary: | WebGLLoadPolicy should be queried for the top document | ||||||
---|---|---|---|---|---|---|---|
Product: | WebKit | Reporter: | Roger Fong <roger_fong> | ||||
Component: | WebGL | Assignee: | Nobody <webkit-unassigned> | ||||
Status: | RESOLVED FIXED | ||||||
Severity: | Normal | CC: | bfulgham, commit-queue, dino, esprehn+autocc, gyuyoung.kim, jonlee, mmaxfield, roger_fong, thorton, webkit-bug-importer | ||||
Priority: | P2 | Keywords: | InRadar | ||||
Version: | 528+ (Nightly build) | ||||||
Hardware: | Unspecified | ||||||
OS: | Unspecified | ||||||
Attachments: |
|
Description
Roger Fong
2014-01-30 12:55:55 PST
Created attachment 222723 [details]
patch
Comment on attachment 222723 [details] patch View in context: https://bugs.webkit.org/attachment.cgi?id=222723&action=review > Source/WebCore/html/HTMLCanvasElement.cpp:-229 > - Page* page = document().page(); I asked if this was right because it means that trusting the main document's domain would let subdocuments from origins the user doesn't trust run, and he noted that plugins do the same thing, so I think this is fine (but maybe we should revisit this?). Landed: http://trac.webkit.org/changeset/163127 until someone yells at me. |