Calling crossOriginWindow.toString() should not be allowed: - https://html.spec.whatwg.org/#crossoriginproperties-(-o-) In WebKit, we print a security error in the console but return "[object Window]" anyway. In Firefox and Chrome, it throws an exception.
Created attachment 287070 [details] Patch
Comment on attachment 287070 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=287070&action=review > Source/WebCore/bindings/js/JSDOMWindowCustom.cpp:-78 > - // Allow access to toString() cross-domain, but always Object.prototype.toString. This looks like it was intentional at some point in time. Do we at least know why?
Comment on attachment 287070 [details] Patch Rejecting attachment 287070 [details] from commit-queue. Failed to run "['/Volumes/Data/EWS/WebKit/Tools/Scripts/webkit-patch', '--status-host=webkit-queues.webkit.org', '--bot-id=webkit-cq-01', 'apply-attachment', '--no-update', '--non-interactive', 287070, '--port=mac']" exit_code: 2 cwd: /Volumes/Data/EWS/WebKit Last 500 characters of output: ayoutTests/http/tests/security/cross-frame-access-custom-expected.txt.rej patching file LayoutTests/http/tests/security/cross-frame-access-custom.html patching file LayoutTests/http/tests/security/cross-frame-access-object-setPrototypeOf-expected.txt patching file LayoutTests/http/tests/security/cross-frame-access-object-setPrototypeOf.html Failed to run "[u'/Volumes/Data/EWS/WebKit/Tools/Scripts/svn-apply', '--force', '--reviewer', u'Andreas Kling']" exit_code: 1 cwd: /Volumes/Data/EWS/WebKit Full output: http://webkit-queues.webkit.org/results/1948060
Created attachment 287133 [details] Patch
Comment on attachment 287133 [details] Patch Clearing flags on attachment: 287133 Committed r205037: <http://trac.webkit.org/changeset/205037>
All reviewed patches have been landed. Closing bug.