| Index: Source/bindings/v8/custom/V8WindowCustom.cpp
|
| diff --git a/Source/bindings/v8/custom/V8WindowCustom.cpp b/Source/bindings/v8/custom/V8WindowCustom.cpp
|
| index 9afddacad8dd47b9fa8e239c1eefb553466bb739..a4afb60c63534e41585d8ffe39727b0a12fe41b6 100644
|
| --- a/Source/bindings/v8/custom/V8WindowCustom.cpp
|
| +++ b/Source/bindings/v8/custom/V8WindowCustom.cpp
|
| @@ -539,17 +539,21 @@ bool V8Window::indexedSecurityCheckCustom(v8::Local<v8::Object> host, uint32_t i
|
| Frame* target = targetWindow->frame();
|
| if (!target)
|
| return false;
|
| - Frame* childFrame = target->tree()->scopedChild(index);
|
|
|
| // Notify the loader's client if the initial document has been accessed.
|
| if (target->loader()->stateMachine()->isDisplayingInitialEmptyDocument())
|
| target->loader()->didAccessInitialDocument();
|
|
|
| + Frame* childFrame = target->tree()->scopedChild(index);
|
| +
|
| // Notice that we can't call HasRealNamedProperty for ACCESS_HAS
|
| // because that would generate infinite recursion.
|
| if (type == v8::ACCESS_HAS && childFrame)
|
| return true;
|
| - if (type == v8::ACCESS_GET && childFrame && !host->HasRealIndexedProperty(index))
|
| + if (type == v8::ACCESS_GET
|
| + && childFrame
|
| + && !host->HasRealIndexedProperty(index)
|
| + && !window->HasRealIndexedProperty(index))
|
| return true;
|
|
|
| return BindingSecurity::shouldAllowAccessToFrame(target, DoNotReportSecurityError);
|
|
|
Chromium Code Reviews
Issue 18558007:
Make indexedSecurityCheckCustom more robust (Closed)
Base URL: svn://svn.chromium.org/blink/trunk