Issue 19743002: Cross-origin access to Location::reload() should throw a SecurityError.

Issue 19743002: Cross-origin access to Location::reload() should throw a SecurityError. (Closed)

Created:
7 years, 5 months ago by Mike West

Modified:
7 years, 5 months ago

Reviewers:
abarth-chromium

CC:
blink-reviews, dglazkov+blink, eae+blinkwatch, do-not-use

Base URL:
svn://svn.chromium.org/blink/trunk

Visibility:
Public.

More Reviews

Description

Cross-origin access to Location::reload() should throw a SecurityError. Location's 'reload' property is currently special-cased to be accessible cross-origin, but doesn't actually perform the requested action when executed. Instead, it dumps an error message to the console and returns early. Firefox's implementation throws an exception upon access of the property, and given that we've just changed various other Location properties to match this behavior. This also better aligns our behavior with the spec[1]. [1]: http://www.whatwg.org/specs/web-apps/current-work/multipage/history.html#security-location BUG=17325 Committed: https://src.chromium.org/viewvc/blink?view=rev&revision=154480

Patch Set 1 #

Created: 7 years, 5 months ago

Download [raw] [tar.bz2]

	Unified diffs	Side-by-side diffs	Stats (+18 lines, -19 lines)			Patch
M	LayoutTests/http/tests/security/cross-frame-access-getOwnPropertyDescriptor.html	View	1 chunk	+2 lines, -2 lines	0 comments	Download
M	LayoutTests/http/tests/security/cross-frame-access-getOwnPropertyDescriptor-expected.txt	View	2 chunks	+2 lines, -1 line	0 comments	Download
M	LayoutTests/http/tests/security/cross-frame-access-location-get.html	View	2 chunks	+1 line, -1 line	0 comments	Download
M	LayoutTests/http/tests/security/cross-frame-access-location-get-expected.txt	View	3 chunks	+2 lines, -1 line	0 comments	Download
M	LayoutTests/http/tests/security/cross-frame-access-location-get-override.html	View	1 chunk	+1 line, -2 lines	0 comments	Download
M	LayoutTests/http/tests/security/cross-frame-access-location-get-override-expected.txt	View	1 chunk	+2 lines, -2 lines	0 comments	Download
M	LayoutTests/http/tests/security/cross-frame-access-location-put-expected.txt	View	1 chunk	+1 line, -1 line	0 comments	Download
M	LayoutTests/http/tests/security/xss-DENIED-defineProperty-expected.txt	View	1 chunk	+6 lines, -0 lines	0 comments	Download
M	Source/core/page/Location.cpp	View	1 chunk	+0 lines, -8 lines	0 comments	Download
M	Source/core/page/Location.idl	View	1 chunk	+1 line, -1 line	0 comments	Download

Messages

Total messages: 4 (0 generated)

Expand Messages | Collapse Messages

Mike West

Hi Adam! As briefly discussed in IRC, this patch slightly changes our behavior when dealing ...

7 years, 5 months ago (2013-07-18 07:33:31 UTC) #1

commit-bot: I haz the power

CQ is trying da patch. Follow status at https://chromium-status.appspot.com/cq/mkwst@chromium.org/19743002/1

7 years, 5 months ago (2013-07-18 07:43:13 UTC) #3

Message was sent while issue was closed.

Change committed as 154480

Expand Messages | Collapse Messages