eliott/ladybird
1
0
Fork 0
mirror of https://github.com/LadybirdBrowser/ladybird synced 2026-04-26 01:35:08 +02:00
Code Issues Packages Projects Releases Wiki Activity

LibWeb: <iframe src> same-origin check should be based on host document

Browse Source 
We were basing the src attribute's cross-origin check on whatever was
currently loaded in the iframe, instead of the surrounding document.

Fixes #4236.
This commit is contained in:
Andreas Kling
2020-12-08 17:47:47 +01:00
parent df2a6cb4ab
commit 6496895b16
Notes: sideshowbarker 2024-07-19 00:59:18 +09:00 
Author: https://github.com/awesomekling
Commit: https://github.com/SerenityOS/serenity/commit/6496895b16a
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
Libraries/LibWeb/HTML/HTMLIFrameElement.cpp
View File

@@ -79,8 +79,8 @@ void HTMLIFrameElement::load_src(const String& value)
dbg() << "iframe failed to load URL: Invalid URL: " << value;
return;
}
if (url.protocol() == "file" && content_origin().protocol() != "file") {
dbg() << "iframe failed to load URL: Security violation: " << document().url() << " may not load " << value;
if (url.protocol() == "file" && document().origin().protocol() != "file") {
dbg() << "iframe failed to load URL: Security violation: " << document().url() << " may not load " << url;
return;
}