https://bugs.webkit.org/show_bug.cgi?id=97398 adds the ability for isolated worlds in V8 to bypass the Content Security Policy of the document they're layered on top of. This is useful for extensions, and it seems like a good API to implement in JSC as well.
Unassigning myself; let's be realistic about what I'm actually working on. :/
<rdar://problem/12726714>
Created attachment 197200 [details] Patch
Comment on attachment 197200 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=197200&action=review > Source/WebCore/bindings/js/ScriptController.cpp:477 > + if (!callFrame || callFrame == CallFrame::noCaller()) we do this check a lot, i wonder if we could streamline it? (not in this patch though)
> we do this check a lot, i wonder if we could streamline it? (not in this patch though) Yeah, I think we should: I was surprised to learn that there were two different "null" values you had to test for, and I got it wrong the first time.
Committed r148076: <http://trac.webkit.org/changeset/148076>