Andreas Kling 37c287b1d4 LibWeb: Disallow cross-origin access to <iframe>.contentDocument ...

With this patch, we now enforce basic same-origin policy for this one
<iframe> attribute.

To make it easier to add more attributes like this, I've added an
extended IDL attribute ("[ReturnNullIfCrossOrigin]") that does exactly
what it sounds like. :^)

2020-09-22 20:10:20 +02:00

3.6 KiB

Raw Blame History

View Raw