161316 – We should throw a SecurityError when denying access to cross-origin Window properties

Bug 161316 - We should throw a SecurityError when denying access to cross-origin Window properties

Summary: We should throw a SecurityError when denying access to cross-origin Window pr...

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	DOM (show other bugs)
Version:	WebKit Nightly Build
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	Chris Dumez

URL:
Keywords:	WebExposed

Depends on:
Blocks:

Reported:	2016-08-29 10:55 PDT by Chris Dumez
Modified:	2016-08-29 14:12 PDT (History)
CC List:	9 users (show)

See Also:	161270 161248 161339

Attachments
Patch (309.27 KB, patch) 2016-08-29 11:37 PDT, Chris Dumez	no flags	Details \| Formatted Diff \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Chris Dumez 2016-08-29 10:55:49 PDT

We should throw a SecurityError when denying access to cross-origin Window properties:
- https://html.spec.whatwg.org/#crossorigingetownpropertyhelper-(-o,-p-)
- https://html.spec.whatwg.org/#crossoriginproperties-(-o-)

Firefox and Chrome already throw.

Comment 1 Chris Dumez 2016-08-29 11:37:59 PDT

Created attachment 287291 [details]
Patch

Comment 2 WebKit Commit Bot 2016-08-29 12:38:58 PDT

Comment on attachment 287291 [details]
Patch

Clearing flags on attachment: 287291

Committed r205136: <http://trac.webkit.org/changeset/205136>

Comment 3 WebKit Commit Bot 2016-08-29 12:39:03 PDT

All reviewed patches have been landed.  Closing bug.