Closed Bug 968003 Opened 10 years ago Closed 10 years ago

Window.frameElement getter should do return null if the caller does not subsumes the origin of the frameElement

Categories

(Core :: DOM: Core & HTML, defect)

Product:
Core
Component:
DOM: Core & HTML
Platform:
x86
macOS
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla30

People

(Reporter: bholley, Assigned: bholley)

References

Details

Attachments

(1 file)

Return null for frameElement with a cross-origin parent. v1
3.08 KB, patch
bzbarsky
: review+
Details | Diff | Splinter Review 
Currently, we rely on security wrappers to give us an opaque object in this case. But the spec says to return null. We should fix that at some point.

The spec currently has this as a document.domain-considering check, so we should make sure to do the right thing if this lands after bug 956382.
This is fairly trivial to fix, but let's just get bug 956382 landed first and then do this.

For the record, all that's needed is to change this line of nsGlobalWindow::GetFrameElement:

  return GetRealFrameElement(aError);

to be:

  Element* element = GetRealFrameElement(aError);
  if (aError.Failed() || !element) {
    return nullptr;
  }
  if (!nsContentUtils::GetSubjectPrincipal()->
        SubsumesConsideringDomain(element->NodePrincipal())) {
    return nullptr;
  }
  return element;

or so.
Depends on: 956382
Assignee: nobody → bobbyholley
Comment on attachment 8376397 [details] [diff] [review]
Return null for frameElement with a cross-origin parent. v1

r=I-believe-the-code-I-suggested?  ;)
Attachment #8376397 - Flags: review?(bzbarsky) → review+
https://hg.mozilla.org/mozilla-central/rev/da8ce1721f25
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla30
Component: DOM → DOM: Core & HTML
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: