Bug 154270 - Do security checks early in JSDOMWindow::put*()
Summary: Do security checks early in JSDOMWindow::put*()
Alias: None
Product: WebKit
Classification: Unclassified
Component: Bindings (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Chris Dumez
Depends on:
Blocks: 154120
  Show dependency treegraph
Reported: 2016-02-15 17:14 PST by Chris Dumez
Modified: 2016-02-16 00:11 PST (History)
5 users (show)

See Also:

Patch (13.26 KB, patch)
2016-02-15 18:54 PST, Chris Dumez
no flags Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Chris Dumez 2016-02-15 17:14:43 PST
Do security checks early in JSDOMWindow::put*() to make it less error-prone. Also lock-down further to return early when trying to set cross-origin any other property than "location" instead of relying only on individual setters to do the security checks.
Comment 1 Chris Dumez 2016-02-15 18:54:10 PST
Created attachment 271404 [details]
Comment 2 WebKit Commit Bot 2016-02-16 00:11:46 PST
Comment on attachment 271404 [details]

Clearing flags on attachment: 271404

Committed r196628: <http://trac.webkit.org/changeset/196628>
Comment 3 WebKit Commit Bot 2016-02-16 00:11:51 PST
All reviewed patches have been landed.  Closing bug.