161368 – We should throw a SecurityError when denying setting a cross-origin Location property

Bug 161368 - We should throw a SecurityError when denying setting a cross-origin Location property

Summary: We should throw a SecurityError when denying setting a cross-origin Location ...

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	DOM (show other bugs)
Version:	WebKit Nightly Build
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	Chris Dumez

URL:
Keywords:	WebExposed

Duplicates (1):	43504 (view as bug list)
Depends on:
Blocks:

Reported:	2016-08-29 20:43 PDT by Chris Dumez
Modified:	2017-03-30 08:52 PDT (History)
CC List:	7 users (show)

See Also:

Attachments
Patch (21.75 KB, patch) 2016-08-29 21:53 PDT, Chris Dumez	no flags	Details \| Formatted Diff \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Chris Dumez 2016-08-29 20:43:14 PDT

We should throw a SecurityError when denying setting a cross-origin Location property:
- https://html.spec.whatwg.org/#location-set
- https://html.spec.whatwg.org/#crossoriginset-(-o,-p,-v,-receiver-)
- https://html.spec.whatwg.org/#location-getownproperty

Firefox and Chrome already throw. We currently ignore and log an error message.

Comment 1 Chris Dumez 2016-08-29 21:53:27 PDT

Created attachment 287371 [details]
Patch

Comment 2 WebKit Commit Bot 2016-08-29 22:26:03 PDT

Comment on attachment 287371 [details]
Patch

Clearing flags on attachment: 287371

Committed r205171: <http://trac.webkit.org/changeset/205171>

Comment 3 WebKit Commit Bot 2016-08-29 22:26:09 PDT

All reviewed patches have been landed.  Closing bug.

Comment 4 Chris Dumez 2017-03-30 08:52:39 PDT

*** Bug 43504 has been marked as a duplicate of this bug. ***