RESOLVED FIXED 84865
SecurityOrigin::canDisplay() should return true when m_universalAccess is true 
https://bugs.webkit.org/show_bug.cgi?id=84865
Summary SecurityOrigin::canDisplay() should return true when m_universalAccess is true
Yong Li
Reported 2012-04-25 07:59:43 PDT
At the time m_universalAccess was invented, it was supposed to by-pass all security checks. http://trac.webkit.org/changeset/40449 2009-01-30 Adam Barth < abarth@webkit.org> Reviewed by Sam Weinig. Add a pref to disable web security. Then SecurityOrigin::canLoad() was added later with code moved from FrameLoader, and it doesn't respect m_universalAccess. The result is even m_universalAccess is on, there can still be some contents blocked by canLoad(). I think it makes sense that SecurityOrigin::canLoad() should also check m_universalAccess.
Attachments
the patch (1.45 KB, patch)
2012-04-27 11:56 PDT, Yong Li 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Yong Li
Comment 1 2012-04-25 10:29:54 PDT
Any objection?
Yong Li
Comment 2 2012-04-27 11:47:42 PDT
Actually I mean "canDisplay"
Yong Li
Comment 3 2012-04-27 11:56:34 PDT
Created attachment 139244 [details] the patch
Yong Li
Comment 4 2012-06-20 12:48:13 PDT
Comment on attachment 139244 [details] the patch Thanks!
WebKit Review Bot
Comment 5 2012-06-20 13:24:07 PDT
Comment on attachment 139244 [details] the patch Clearing flags on attachment: 139244 Committed r120855: <http://trac.webkit.org/changeset/120855>
WebKit Review Bot
Comment 6 2012-06-20 13:24:23 PDT
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.