mirrors/ladybird
0
0
Fork 0
mirror of https://github.com/LadybirdBrowser/ladybird.git synced 2025-06-17 07:41:54 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 10

LibWeb: Disallow cross-origin access to <iframe>.contentDocument

Browse source 
With this patch, we now enforce basic same-origin policy for this one
<iframe> attribute.

To make it easier to add more attributes like this, I've added an
extended IDL attribute ("[ReturnNullIfCrossOrigin]") that does exactly
what it sounds like. :^)
This commit is contained in:
Andreas Kling 2020-09-22 18:26:33 +02:00
parent 4c1f317572
commit 37c287b1d4
Notes: sideshowbarker 2024-07-19 02:16:20 +09:00
4 changed files with 28 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

3
Libraries/LibWeb/HTML/HTMLIFrameElement.idl
View file

@ -7,6 +7,5 @@ interface HTMLIFrameElement : HTMLElement {
[Reflect] attribute DOMString width;
[Reflect] attribute DOMString height;
readonly attribute Document? contentDocument;
[ReturnNullIfCrossOrigin] readonly attribute Document? contentDocument;
}