fergalmoran/ladybird
1
0
Fork 0
mirror of https://github.com/fergalmoran/ladybird.git synced 2026-01-06 00:25:12 +00:00
Code Issues Packages Projects Releases Wiki Activity

LibWeb: <iframe src> same-origin check should be based on host document

Browse Source 
We were basing the src attribute's cross-origin check on whatever was
currently loaded in the iframe, instead of the surrounding document.

Fixes #4236.
This commit is contained in:
Andreas Kling
2020-12-08 17:47:47 +01:00
parent df2a6cb4ab
commit 6496895b16
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
Libraries/LibWeb/HTML/HTMLIFrameElement.cpp
View File

@@ -79,8 +79,8 @@ void HTMLIFrameElement::load_src(const String& value)
dbg() << "iframe failed to load URL: Invalid URL: " << value; dbg() << "iframe failed to load URL: Invalid URL: " << value;
return; return;
} }
if (url.protocol() == "file" && content_origin().protocol() != "file") { if (url.protocol() == "file" && document().origin().protocol() != "file") {
dbg() << "iframe failed to load URL: Security violation: " << document().url() << " may not load " << value; dbg() << "iframe failed to load URL: Security violation: " << document().url() << " may not load " << url;
return; return;
} }