43892 – location.href does not throw SECURITY_ERR when accessed across origins with V8 bindings

Bug 43892 - location.href does not throw SECURITY_ERR when accessed across origins with V8 bindings

Summary: location.href does not throw SECURITY_ERR when accessed across origins with V...

Status:	RESOLVED INVALID

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	WebCore JavaScript (show other bugs)
Version:	528+ (Nightly build)
Hardware:	All All

Importance:	P2 Normal
Assignee:	Mike West

URL:
Keywords:

Depends on:
Blocks:	43504
	Show dependency tree / graph

Reported:	2010-08-11 18:33 PDT by Mihai Parparita
Modified:	2013-08-15 20:56 PDT (History)
CC List:	3 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Mihai Parparita 2010-08-11 18:33:47 PDT

See bug 43504 for details and test case. This is about fixing the V8 bindings.

Comment 1 Mihai Parparita 2010-08-13 08:35:43 PDT

Once Chromium picks up the V8 change to allow allocations in the failed access check callback (code.google.com/p/v8/source/detail?r=5257), this should be pretty straightforward.

Comment 2 Mike West 2013-02-04 05:12:05 PST

So, looks like the initial V8 bit rolled in, but it's still not possible to directly throw an exception from the FailedAccessCheckCallback. Filed http://code.google.com/p/v8/issues/detail?id=2524, I'll poke at the V8 folks once the next round of discussion on the topic goes somewhere.

Comment 3 David Levin 2013-08-15 20:56:07 PDT

no v8 bindings in webkit