Bug 53444 - Propagate parent document security origin to newly create Document XML response
Summary: Propagate parent document security origin to newly create Document XML response
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebCore Misc. (show other bugs)
Version: 528+ (Nightly build)
Hardware: All All
: P2 Normal
Assignee: anton muhin
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2011-01-31 12:16 PST by anton muhin
Modified: 2011-02-01 06:35 PST (History)
2 users (show)

See Also:

Attachments
Patch (1.37 KB, patch)
2011-01-31 12:21 PST, anton muhin 		no flags Details | Formatted Diff | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description anton muhin 2011-01-31 12:16:59 PST 
Propagate parent document security origin to newly create Document XML response
Comment 1 anton muhin 2011-01-31 12:21:15 PST 
Created attachment 80670 [details]
Patch
Comment 2 Adam Barth 2011-01-31 14:00:01 PST 
Comment on attachment 80670 [details]
Patch

This is tricky.  The problem is that responseXML can be from a cross-origin XMLHttpRequest.  This should be ok, because the DOM nodes created in this way really "belong" to the requester (that's more or less what CORS says).  I'm not really sure how to test this change.
Comment 3 Adam Barth 2011-01-31 14:00:11 PST 
+sam
Comment 4 Adam Barth 2011-01-31 14:01:23 PST 
Comment on attachment 80670 [details]
Patch

I think this is reasonable.  We might want to give Sam a chance to give us his opinion.  (Bug 53440 has some more context.)
Comment 5 Sam Weinig 2011-01-31 18:56:05 PST 
This seems reasonable to me.
Comment 6 anton muhin 2011-02-01 04:36:19 PST 
Comment on attachment 80670 [details]
Patch

Thanks a lot, Adam and Sam.
Comment 7 WebKit Commit Bot 2011-02-01 06:35:22 PST 
Comment on attachment 80670 [details]
Patch

Clearing flags on attachment: 80670

Committed r77246: <http://trac.webkit.org/changeset/77246>
Comment 8 WebKit Commit Bot 2011-02-01 06:35:27 PST 
All reviewed patches have been landed.  Closing bug.