Bug 53444

Summary: Propagate parent document security origin to newly create Document XML response
Product: WebKit Reporter: anton muhin <antonm>
Component: WebCore Misc.Assignee: anton muhin <antonm>
Status: RESOLVED FIXED    
Severity: Normal CC: commit-queue, sam
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: All   
OS: All   
Attachments:
Description Flags
Patch none

anton muhin
Reported 2011-01-31 12:16:59 PST
Propagate parent document security origin to newly create Document XML response
Attachments
Patch (1.37 KB, patch)
2011-01-31 12:21 PST, anton muhin 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
anton muhin
Comment 1 2011-01-31 12:21:15 PST
Created attachment 80670 [details] Patch
Adam Barth
Comment 2 2011-01-31 14:00:01 PST
Comment on attachment 80670 [details] Patch This is tricky. The problem is that responseXML can be from a cross-origin XMLHttpRequest. This should be ok, because the DOM nodes created in this way really "belong" to the requester (that's more or less what CORS says). I'm not really sure how to test this change.
Adam Barth
Comment 3 2011-01-31 14:00:11 PST
+sam
Adam Barth
Comment 4 2011-01-31 14:01:23 PST
Comment on attachment 80670 [details] Patch I think this is reasonable. We might want to give Sam a chance to give us his opinion. (Bug 53440 has some more context.)
Sam Weinig
Comment 5 2011-01-31 18:56:05 PST
This seems reasonable to me.
anton muhin
Comment 6 2011-02-01 04:36:19 PST
Comment on attachment 80670 [details] Patch Thanks a lot, Adam and Sam.
WebKit Commit Bot
Comment 7 2011-02-01 06:35:22 PST
Comment on attachment 80670 [details] Patch Clearing flags on attachment: 80670 Committed r77246: <http://trac.webkit.org/changeset/77246>
WebKit Commit Bot
Comment 8 2011-02-01 06:35:27 PST
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.