Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Define getSVGDocument() in terms of content document #5109

Merged
merged 2 commits into from
Dec 13, 2019
Merged

Define getSVGDocument() in terms of content document #5109

merged 2 commits into from
Dec 13, 2019

Conversation

annevk
Copy link
Member

@annevk annevk commented Nov 25, 2019
edited by pr-preview bot
Loading

Additionally, make content document (also used by contentDocument) perform the same origin-domain comparison on the two documents involved.

Tests: web-platform-tests/wpt#20432.

Fixes #5094.

/browsers.html ( diff )
/embedded-content-other.html ( diff )

@annevk
Define getSVGDocument() in terms of content document
88cbe99 
Additionally, make content document (also used by contentDocument) perform the same origin-domain comparison on the two documents involved.

Tests: web-platform-tests/wpt#20432.

Fixes #5094.
@annevk
ty ci
8bd17f6
@annevk annevk requested a review from domenic December 3, 2019 13:25
domenic
domenic reviewed Dec 3, 2019
View reviewed changes
source
object</span> are not <span>same origin-domain</span>, then return null.</p></li>
<li><p>If <var>document</var>'s <span>origin</span> and <var>container</var>'s <span>node
document</span>'s <span>origin</span> are not <span>same origin-domain</span>, then return
null.</p></li>
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What is the motivation for this change from checking the current settings object to checking container's node document? Did you mean to check both? Or is there a reason why checking both would be redundant?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It aligns it with getSVGDocument() which is how implementations do it, as far as I can tell.

@annevk annevk requested a review from domenic December 9, 2019 08:58
@zcorpan zcorpan mentioned this pull request Dec 9, 2019
Merged
domenic
domenic approved these changes Dec 9, 2019
View reviewed changes
Copy link
Member

@domenic domenic left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM although we'll want to be sure the current vs. container settings object check is tested.

@annevk annevk merged commit 2e317cf into master Dec 13, 2019
@annevk annevk deleted the annevk/getSVGDocument branch December 13, 2019 09:21
annevk added a commit to web-platform-tests/wpt that referenced this pull request Dec 13, 2019
@annevk
HTML: getSVGDocument() / contentDocument
b5f3eaf 
For whatwg/html#5094 and whatwg/html#5109.
moz-v2v-gh pushed a commit to mozilla/gecko-dev that referenced this pull request Dec 19, 2019
@annevk @moz-wptsync-bot
Bug 1599091 [wpt PR 20432] - HTML: getSVGDocument() / contentDocument…
7dac5d2 
…, a=testonly

Automatic update from web-platform-tests
HTML: getSVGDocument() / contentDocument

For whatwg/html#5094 and whatwg/html#5109.
--

wpt-commits: b5f3eafc45e9e2aa2d502af321d0e8aa704ac5f9
wpt-pr: 20432
gecko-dev-updater pushed a commit to marco-c/gecko-dev-wordified that referenced this pull request Dec 20, 2019
@marco-c
Bug 1599091 [wpt PR 20432] - HTML: getSVGDocument() / contentDocument…
2a2d213 
…, a=testonly

Automatic update from web-platform-tests
HTML: getSVGDocument() / contentDocument

For whatwg/html#5094 and whatwg/html#5109.
--

wpt-commits: b5f3eafc45e9e2aa2d502af321d0e8aa704ac5f9
wpt-pr: 20432

UltraBlame original commit: 9d599fcfcf1f233f299313f4c2b28e2ce31aca43
gecko-dev-updater pushed a commit to marco-c/gecko-dev-comments-removed that referenced this pull request Dec 20, 2019
@marco-c
Bug 1599091 [wpt PR 20432] - HTML: getSVGDocument() / contentDocument…
f1df2fb 
…, a=testonly

Automatic update from web-platform-tests
HTML: getSVGDocument() / contentDocument

For whatwg/html#5094 and whatwg/html#5109.
--

wpt-commits: b5f3eafc45e9e2aa2d502af321d0e8aa704ac5f9
wpt-pr: 20432

UltraBlame original commit: 9d599fcfcf1f233f299313f4c2b28e2ce31aca43
gecko-dev-updater pushed a commit to marco-c/gecko-dev-wordified-and-comments-removed that referenced this pull request Dec 20, 2019
@marco-c
Bug 1599091 [wpt PR 20432] - HTML: getSVGDocument() / contentDocument…
fc86538 
…, a=testonly

Automatic update from web-platform-tests
HTML: getSVGDocument() / contentDocument

For whatwg/html#5094 and whatwg/html#5109.
--

wpt-commits: b5f3eafc45e9e2aa2d502af321d0e8aa704ac5f9
wpt-pr: 20432

UltraBlame original commit: 9d599fcfcf1f233f299313f4c2b28e2ce31aca43
lissyx pushed a commit to lissyx/mozilla-central that referenced this pull request Dec 20, 2019
@annevk @moz-wptsync-bot
Bug 1599091 [wpt PR 20432] - HTML: getSVGDocument() / contentDocument…
75ace2d 
…, a=testonly

Automatic update from web-platform-tests
HTML: getSVGDocument() / contentDocument

For whatwg/html#5094 and whatwg/html#5109.
--

wpt-commits: b5f3eafc45e9e2aa2d502af321d0e8aa704ac5f9
wpt-pr: 20432
This was referenced Apr 13, 2020
Open
Closed
@hober hober mentioned this pull request Apr 13, 2020
Closed
3 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@domenic domenic domenic approved these changes

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

getSVGDocument() and content document use slightly different security checks
2 participants
@annevk @domenic