The new secutiy model code is executed only if the security manager has denied access. On denying access, the security manager, pushes in an exception into the JS exception stack that makes the new security code's decision worthless. To avoid this problem we have to clear the JS exception.
Created attachment 118466 [details] [diff] [review] patch v1.0 Thsi patch does the following: 1) Checks if "UnversalBrowserRead" is set. 2) Clears JS exception if CheckSameOrigin fails.
Created attachment 118483 [details] [diff] [review] patch v1.1
Attachment #118466 - Attachment is obsolete: true
Comment on attachment 118483 [details] [diff] [review] patch v1.1 sr=jst
Attachment #118483 - Flags: superreview?(jst) → superreview+
Comment on attachment 118483 [details] [diff] [review] patch v1.1 r=heikki, but please get in touch with mstoltz later to see if there is a better way to do this.
Attachment #118483 - Flags: review?(heikki) → review+
Assignee: harishd → nobody
Status: ASSIGNED → NEW
QA Contact: ashshbhatt → xml
You need to log in before you can comment on or make changes to this bug.