Propagate parent document security origin to newly create Document XML response
Created attachment 80670 [details] Patch
Comment on attachment 80670 [details] Patch This is tricky. The problem is that responseXML can be from a cross-origin XMLHttpRequest. This should be ok, because the DOM nodes created in this way really "belong" to the requester (that's more or less what CORS says). I'm not really sure how to test this change.
+sam
Comment on attachment 80670 [details] Patch I think this is reasonable. We might want to give Sam a chance to give us his opinion. (Bug 53440 has some more context.)
This seems reasonable to me.
Comment on attachment 80670 [details] Patch Thanks a lot, Adam and Sam.
Comment on attachment 80670 [details] Patch Clearing flags on attachment: 80670 Committed r77246: <http://trac.webkit.org/changeset/77246>
All reviewed patches have been landed. Closing bug.