Bug 27887
| Summary: | Worker URL resolution uses wrong scope | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | Andrew Wilson <atwilson> |
| Component: | WebCore JavaScript | Assignee: | Nobody <webkit-unassigned> |
| Status: | NEW | ||
| Severity: | Normal | CC: | dbates |
| Priority: | P2 | ||
| Version: | 528+ (Nightly build) | ||
| Hardware: | PC | ||
| OS: | OS X 10.5 | ||
| See Also: | https://bugs.webkit.org/show_bug.cgi?id=226637 | ||
Andrew Wilson
Section 4.8.2 of the Web Workers spec reads:
>>>
When the Worker(scriptURL) constructor is invoked, the user agent must run the following steps:
Resolve the scriptURL argument relative to the first script's base URL, when the method is invoked.
If this fails, throw a SYNTAX_ERR exception.
If the origin of the resulting absolute URL is not the same as the origin of the script that invoked the constructor, then throw a security exception.
<<<
"first script's base URL" == the base URL of the dynamic global object
"origin of the script that invoked the constructor" == "origin of the lexical global object"
Currently we are using the lexical global object for both. The fail case is somewhat subtle (you end up having to grab constructors cross-frame, while changing your origin via document.domain.
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |