RESOLVED FIXED 161339
We should throw a SecurityError when denying setting a cross-origin Window property 
https://bugs.webkit.org/show_bug.cgi?id=161339
Summary We should throw a SecurityError when denying setting a cross-origin Window pr...
Chris Dumez
Reported 2016-08-29 14:10:19 PDT
We should throw a SecurityError when denying setting a cross-origin Window property: - https://html.spec.whatwg.org/#crossoriginset-(-o,-p,-v,-receiver-) - https://html.spec.whatwg.org/#crossorigingetownpropertyhelper-(-o,-p-) e.g. crossOriginWindow.name = "" should throw. Firefox and Chrome already throw but WebKit merely ignores the call and logs an error message.
Attachments
Patch (85.17 KB, patch)
2016-08-29 14:12 PDT, Chris Dumez 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Chris Dumez
Comment 1 2016-08-29 14:12:00 PDT
Created attachment 287324 [details] Patch
Geoffrey Garen
Comment 2 2016-08-29 14:16:19 PDT
Comment on attachment 287324 [details] Patch r=me I do not envy you the app compatibility bugs that will track back to this change.
Chris Dumez
Comment 3 2016-08-29 14:19:05 PDT
(In reply to comment #2) > Comment on attachment 287324 [details] > Patch > > r=me > > I do not envy you the app compatibility bugs that will track back to this > change. Well, if it does not work out, we can always scale back the change. Given the behavior of other browsers, I think it is worth giving it a try.
WebKit Commit Bot
Comment 4 2016-08-29 14:37:10 PDT
Comment on attachment 287324 [details] Patch Clearing flags on attachment: 287324 Committed r205148: <http://trac.webkit.org/changeset/205148>
WebKit Commit Bot
Comment 5 2016-08-29 14:37:15 PDT
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.