eliott/ladybird
1
0
Fork 0
mirror of https://github.com/LadybirdBrowser/ladybird synced 2026-04-26 01:35:08 +02:00
Code Issues Packages Projects Releases Wiki Activity

LibWeb: Disallow cross-origin access to <iframe>.contentDocument

Browse Source 
With this patch, we now enforce basic same-origin policy for this one
<iframe> attribute.

To make it easier to add more attributes like this, I've added an
extended IDL attribute ("[ReturnNullIfCrossOrigin]") that does exactly
what it sounds like. :^)
This commit is contained in:
Andreas Kling
2020-09-22 18:26:33 +02:00
parent 4c1f317572
commit 37c287b1d4
Notes: sideshowbarker 2024-07-19 02:16:20 +09:00 
Author: https://github.com/awesomekling
Commit: https://github.com/SerenityOS/serenity/commit/37c287b1d4b
4 changed files with 28 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
Libraries/LibWeb/HTML/HTMLIFrameElement.h
View File

@@ -44,6 +44,9 @@ public:
const DOM::Document* content_document() const;
Origin content_origin() const;
bool may_access_from_origin(const Origin&) const;
void content_frame_did_load(Badge<FrameLoader>);
private: