aboutsummaryrefslogtreecommitdiffstats
path: root/components/script/dom/htmliframeelement.rs
diff options
context:
space:
mode:
authorMs2ger <Ms2ger@gmail.com>2016-11-28 18:36:45 +0100
committerMs2ger <Ms2ger@gmail.com>2016-12-23 11:15:47 +0100
commitd49e34c1b1e6e3759633c9315a3e02dde091546c (patch)
tree9d818432a564ddc84cc68d64192d24b96fe00a6f /components/script/dom/htmliframeelement.rs
parentec5d08c88730ac707368de03528744677a75231d (diff)
downloadservo-d49e34c1b1e6e3759633c9315a3e02dde091546c.tar.gz
servo-d49e34c1b1e6e3759633c9315a3e02dde091546c.zip
Implement correct security checks for HTMLIFrameElement::contentDocument.
Fixes #10964.
Diffstat (limited to 'components/script/dom/htmliframeelement.rs')
-rw-r--r--components/script/dom/htmliframeelement.rs8
1 files changed, 3 insertions, 5 deletions
diff --git a/components/script/dom/htmliframeelement.rs b/components/script/dom/htmliframeelement.rs
index 5bc1a514b81..692598d5339 100644
--- a/components/script/dom/htmliframeelement.rs
+++ b/components/script/dom/htmliframeelement.rs
@@ -332,11 +332,9 @@ impl HTMLIFrameElement {
self.pipeline_id.get()
.and_then(|pipeline_id| ScriptThread::find_document(pipeline_id))
.and_then(|document| {
- // FIXME(#10964): this should use the Document's origin and the
- // origin of the incumbent settings object.
- let contained_url = document.global().get_url();
- if self.global().get_url().origin() == contained_url.origin() ||
- contained_url.as_str() == "about:blank" {
+ let current_global = GlobalScope::current();
+ let current_document = current_global.as_window().Document();
+ if document.origin().same_origin(current_document.origin()) {
Some(Root::from_ref(document.window()))
} else {
None
generated by cgit v1.2.3 (git 2.25.1) at 2025-04-30 09:50:02 +0000