Bug 189371

Summary: document.open() should throw errors for cross-origin calls
Product: WebKit Reporter: Timothy Gu <timothygu99>
Component: DOMAssignee: Chris Dumez <cdumez>
Status: RESOLVED FIXED    
Severity: Normal CC: achristensen, ap, bfulgham, cdumez, commit-queue, dbates, esprehn+autocc, ews-watchlist, ggaren, kangil.han, rniwa, webkit-bug-importer, youennf
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Bug Depends on: 190174    
Bug Blocks:    
Attachments:
Description Flags
Patch
none
Patch none

Description Timothy Gu 2018-09-06 14:21:26 PDT
https://html.spec.whatwg.org/multipage/dynamic-markup-insertion.html#document-open-steps has:

> 3. Let entryDocument be the responsible document specified by the entry settings object.
>
> 4. If document's origin is not same origin to entryDocument's origin, then throw a "SecurityError" DOMException.

This also applies to implicit calls to document.open() by way of document.write().

Tests:
- https://github.com/web-platform-tests/wpt/blob/master/html/webappapis/dynamic-markup-insertion/opening-the-input-stream/bailout-exception-vs-return-origin.sub.window.js
- https://github.com/web-platform-tests/wpt/blob/master/html/webappapis/dynamic-markup-insertion/opening-the-input-stream/origin-check-in-document-open-same-origin-domain.sub.html
Comment 2 Radar WebKit Bug Importer 2018-09-09 13:28:27 PDT
<rdar://problem/44282700>
Comment 3 Chris Dumez 2018-09-27 11:09:46 PDT
Created attachment 350979 [details]
Patch
Comment 4 Chris Dumez 2018-09-27 11:44:00 PDT
Created attachment 350983 [details]
Patch
Comment 5 Chris Dumez 2018-09-28 09:04:00 PDT
ping review?
Comment 6 WebKit Commit Bot 2018-09-28 14:56:40 PDT
Comment on attachment 350983 [details]
Patch

Clearing flags on attachment: 350983

Committed r236613: <https://trac.webkit.org/changeset/236613>
Comment 7 WebKit Commit Bot 2018-09-28 14:56:42 PDT
All reviewed patches have been landed.  Closing bug.