Bug 39830

Summary: [v8] Sandboxed Iframes with the allow-same-origin flag dosn't have a contentWindow attribute
Product: WebKit Reporter: Robert Stopp <rsorama>
Component: WebCore JavaScriptAssignee: Nobody <webkit-unassigned>
Status: RESOLVED INVALID    
Severity: Normal CC: ap
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: PC   
OS: Windows XP   
Attachments:
Description Flags
The testcase shows that the second iframe can't get designmode because it has no valid contentWindow pointer. none

Robert Stopp
Reported 2010-05-27 04:56:52 PDT
Don't know if this is a Webkit or a V8 bug. A chromium developer proposed the usage of sandboxed iframes for disabled scripting in designmode documents. Doing so with the attribute sandbox="allow-same-origin", which should give us the same result like in all other browsers with designmode iframes, the contentWindow reference is absent. Is this a bug or a feature?
Attachments
The testcase shows that the second iframe can't get designmode because it has no valid contentWindow pointer. (2.46 KB, text/html)
2010-05-28 14:22 PDT, Robert Stopp 		no flags
Details
View All Add attachment proposed patch, testcase, etc.
Alexey Proskuryakov
Comment 1 2010-05-28 13:06:56 PDT
Could you please provide a test case or an URL of site where this problem occurs?
Robert Stopp
Comment 2 2010-05-28 14:22:10 PDT
Created attachment 57377 [details] The testcase shows that the second iframe can't get designmode because it has no valid contentWindow pointer.
Alexey Proskuryakov
Comment 3 2010-05-28 14:37:13 PDT
I cannot reproduce this with r60144 nightly, looks like a v8 issue.
Robert Stopp
Comment 4 2010-05-28 15:47:54 PDT
After uninstalling/ reinstalling Safari the Webkit nightlys run on my PC. And i can confirm it's a Chromium issue. The Webkit issue is the not disabled form-elements. Without "allow-forms" the form should not submit. Maybe i file a extra bug for this.
Note You need to log in before you can comment on or make changes to this bug.