189371 – document.open() should throw errors for cross-origin calls

Bug 189371 - document.open() should throw errors for cross-origin calls

Summary: document.open() should throw errors for cross-origin calls

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	DOM (show other bugs)
Version:	WebKit Nightly Build
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	Chris Dumez

URL:
Keywords:	InRadar

Depends on:	190174
Blocks:
	Show dependency tree / graph

Reported:	2018-09-06 14:21 PDT by Timothy Gu
Modified:	2018-10-01 16:25 PDT (History)
CC List:	13 users (show)

See Also:

Attachments
Patch (13.54 KB, patch) 2018-09-27 11:09 PDT, Chris Dumez	no flags	Details \| Formatted Diff \| Diff
Patch (13.48 KB, patch) 2018-09-27 11:44 PDT, Chris Dumez	no flags	Details \| Formatted Diff \| Diff
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Timothy Gu 2018-09-06 14:21:26 PDT

https://html.spec.whatwg.org/multipage/dynamic-markup-insertion.html#document-open-steps has:

> 3. Let entryDocument be the responsible document specified by the entry settings object.
>
> 4. If document's origin is not same origin to entryDocument's origin, then throw a "SecurityError" DOMException.

This also applies to implicit calls to document.open() by way of document.write().

Tests:
- https://github.com/web-platform-tests/wpt/blob/master/html/webappapis/dynamic-markup-insertion/opening-the-input-stream/bailout-exception-vs-return-origin.sub.window.js
- https://github.com/web-platform-tests/wpt/blob/master/html/webappapis/dynamic-markup-insertion/opening-the-input-stream/origin-check-in-document-open-same-origin-domain.sub.html

Comment 1 Timothy Gu 2018-09-06 14:22:19 PDT

Another test:

- https://github.com/web-platform-tests/wpt/blob/master/html/webappapis/dynamic-markup-insertion/opening-the-input-stream/bailout-side-effects-same-origin-domain.sub.window.html

Comment 2 Radar WebKit Bug Importer 2018-09-09 13:28:27 PDT

<rdar://problem/44282700>

Comment 3 Chris Dumez 2018-09-27 11:09:46 PDT

Created attachment 350979 [details]
Patch

Comment 4 Chris Dumez 2018-09-27 11:44:00 PDT

Created attachment 350983 [details]
Patch

Comment 5 Chris Dumez 2018-09-28 09:04:00 PDT

ping review?

Comment 6 WebKit Commit Bot 2018-09-28 14:56:40 PDT

Comment on attachment 350983 [details]
Patch

Clearing flags on attachment: 350983

Committed r236613: <https://trac.webkit.org/changeset/236613>

Comment 7 WebKit Commit Bot 2018-09-28 14:56:42 PDT

All reviewed patches have been landed.  Closing bug.