Fixes broken http/tests/security/dataURL/xss-DENIED-* layout tests in Chromium V8 builds by checking node security when accessing document via DOMWindow.
Created attachment 28429 [details] DOMWindow.idl patch I ran all layout tests with and without the patch and saw no regressions. I'm a bit wary of this patch because it *does* affect all builds (it inserts a checkNodeSecurity in JSC's JSDOMWindow document getter), so I'm open to ideas if anyone else knows how to insert a node security check. I couldn't find how WebKit passes the tests without the CheckNodeSecurity. I'm almost wondering if there is some duplicated logic or custom binding code written somewhere that this patch could help remove. The failing tests for Chromium V8 in particular are: LayoutTests/http/tests/security/dataURL/xss-DENIED-from-data-url-sub-frame-to-data-url-sub-frame.html LayoutTests/http/tests/security/dataURL/xss-DENIED-from-data-url-to-data-url.html LayoutTests/http/tests/security/dataURL/xss-DENIED-to-data-url-from-data-url.html
Comment on attachment 28429 [details] DOMWindow.idl patch IIRC, Mads Ager implemented an alternative solution, so this patch is no longer necessary. Marking R-
Correct. I'm not the V8 guru that Mads Ager is and he was able to track down the root of the cause: http://src.chromium.org/viewvc/chrome?view=rev&revision=12444