Bug 84865 - SecurityOrigin::canDisplay() should return true when m_universalAccess is true
Summary: SecurityOrigin::canDisplay() should return true when m_universalAccess is true
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebCore Misc. (show other bugs)
Version: 528+ (Nightly build)
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Nobody
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2012-04-25 07:59 PDT by Yong Li
Modified: 2012-06-20 13:24 PDT (History)
4 users (show)

See Also:

Attachments
the patch (1.45 KB, patch)
2012-04-27 11:56 PDT, Yong Li 		no flags Details | Formatted Diff | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Yong Li 2012-04-25 07:59:43 PDT 
At the time m_universalAccess was invented, it was supposed to by-pass all security checks.

http://trac.webkit.org/changeset/40449

2009-01-30 Adam Barth < abarth@webkit.org>

    Reviewed by Sam Weinig.

    Add a pref to disable web security.

Then SecurityOrigin::canLoad() was added later with code moved from FrameLoader, and it doesn't respect m_universalAccess. The result is even m_universalAccess is on, there can still be some contents blocked by canLoad().

I think it makes sense that SecurityOrigin::canLoad() should also check m_universalAccess.
Comment 1 Yong Li 2012-04-25 10:29:54 PDT 
Any objection?
Comment 2 Yong Li 2012-04-27 11:47:42 PDT 
Actually I mean "canDisplay"
Comment 3 Yong Li 2012-04-27 11:56:34 PDT 
Created attachment 139244 [details]
the patch
Comment 4 Yong Li 2012-06-20 12:48:13 PDT 
Comment on attachment 139244 [details]
the patch

Thanks!
Comment 5 WebKit Review Bot 2012-06-20 13:24:07 PDT 
Comment on attachment 139244 [details]
the patch

Clearing flags on attachment: 139244

Committed r120855: <http://trac.webkit.org/changeset/120855>
Comment 6 WebKit Review Bot 2012-06-20 13:24:23 PDT 
All reviewed patches have been landed.  Closing bug.