зеркало из https://github.com/mozilla/gecko-dev.git
Allow subframes that come from a different domain to document.write/open
themselves. Bug 362837, r+sr=jst
This commit is contained in:
Родитель
4f42976f6e
Коммит
402faf8c9e
|
@ -1896,14 +1896,16 @@ nsHTMLDocument::OpenCommon(const nsACString& aContentType, PRBool aReplace)
|
|||
|
||||
nsresult rv = NS_OK;
|
||||
|
||||
nsPIDOMWindow *win = GetWindow();
|
||||
if (win) {
|
||||
nsCOMPtr<nsIDOMElement> frameElement;
|
||||
rv = win->GetFrameElement(getter_AddRefs(frameElement));
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
if (!nsContentUtils::CanCallerAccess(NS_STATIC_CAST(nsIDOMHTMLDocument*, this))) {
|
||||
nsPIDOMWindow *win = GetWindow();
|
||||
if (win) {
|
||||
nsCOMPtr<nsIDOMElement> frameElement;
|
||||
rv = win->GetFrameElement(getter_AddRefs(frameElement));
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
|
||||
if (frameElement && !nsContentUtils::CanCallerAccess(frameElement)) {
|
||||
return NS_ERROR_DOM_SECURITY_ERR;
|
||||
if (frameElement && !nsContentUtils::CanCallerAccess(frameElement)) {
|
||||
return NS_ERROR_DOM_SECURITY_ERR;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
|
Загрузка…
Ссылка в новой задаче