diff options
| author | Ms2ger <Ms2ger@gmail.com> | 2016-05-02 12:34:08 +0200 |
|---|---|---|
| committer | Ms2ger <Ms2ger@gmail.com> | 2016-05-02 12:34:08 +0200 |
| commit | eba74554f370c673b67085e55ce480652c52dfb6 (patch) | |
| tree | d21dca35ab759a657d081693dac4ce8e754ec80c | |
| parent | 68076fbd7b4bee75b2a9d01a62d51943681e7786 (diff) | |
| download | servo-eba74554f370c673b67085e55ce480652c52dfb6.tar.gz servo-eba74554f370c673b67085e55ce480652c52dfb6.zip | |
Add and update some FIXME comments about origin handling with iframes.
| -rw-r--r-- | components/compositing/constellation.rs | 3 | ||||
| -rw-r--r-- | components/script/dom/htmliframeelement.rs | 4 |
2 files changed, 6 insertions, 1 deletions
diff --git a/components/compositing/constellation.rs b/components/compositing/constellation.rs index b855885b88a..485485d9c4a 100644 --- a/components/compositing/constellation.rs +++ b/components/compositing/constellation.rs @@ -990,11 +990,12 @@ impl<LTF: LayoutThreadFactory, STF: ScriptThreadFactory> Constellation<LTF, STF> // then reuse the script thread in creating the new pipeline let source_url = &source_pipeline.url; + // FIXME(#10968): this should probably match the origin check in + // HTMLIFrameElement::contentDocument. let same_script = source_url.host() == new_url.host() && source_url.port() == new_url.port() && load_info.sandbox == IFrameSandboxState::IFrameUnsandboxed; - // FIXME(tkuehn): Need to follow the standardized spec for checking same-origin // Reuse the script thread if the URL is same-origin let script_chan = if same_script { debug!("Constellation: loading same-origin iframe, \ diff --git a/components/script/dom/htmliframeelement.rs b/components/script/dom/htmliframeelement.rs index 1910e119c1b..42f5a8e17e7 100644 --- a/components/script/dom/htmliframeelement.rs +++ b/components/script/dom/htmliframeelement.rs @@ -429,6 +429,8 @@ impl HTMLIFrameElementMethods for HTMLIFrameElement { // https://html.spec.whatwg.org/multipage/#dom-iframe-contentdocument fn GetContentDocument(&self) -> Option<Root<Document>> { self.GetContentWindow().and_then(|window| { + // FIXME(#10964): this should use the Document's origin and the + // origin of the incumbent settings object. let self_url = self.get_url(); let win_url = window_from_node(self).get_url(); @@ -582,6 +584,8 @@ impl VirtualMethods for HTMLIFrameElement { // iframes, and since that would cause a deadlock, don't do it. let ConstellationChan(ref chan) = *window.constellation_chan(); let same_origin = { + // FIXME(#10968): this should probably match the origin check in + // HTMLIFrameElement::contentDocument. let self_url = self.get_url(); let win_url = window_from_node(self).get_url(); UrlHelper::SameOrigin(&self_url, &win_url) |