cvs -f log -N -r1.108.2.4 kjs_html.cpp
RCS file: /home/kde/kdelibs/khtml/ecma/kjs_html.cpp,v
Working file: kjs_html.cpp
head: 1.196
branch:
locks: strict
access list:
keyword substitution: kv
total revisions: 216; selected revisions: 1
description:
----------------------------
revision 1.108.2.4
date: 2002/09/10 16:31:26; author: mueller; state: Exp; lines: +4 -3
deny access to foreign iframes
=============================================================================
cvs -f diff -bp -u -r1.108.2.3 -r1.108.2.4 kjs_html.cpp
Index: kjs_html.cpp
===================================================================
RCS file: /home/kde/kdelibs/khtml/ecma/kjs_html.cpp,v
retrieving revision 1.108.2.3
retrieving revision 1.108.2.4
diff -b -p -u -r1.108.2.3 -r1.108.2.4
--- kjs_html.cpp 2002/01/08 13:42:53 1.108.2.3
+++ kjs_html.cpp 2002/09/10 16:31:26 1.108.2.4
@@ -858,7 +858,6 @@ KJSO KJS::HTMLElement::tryGet(const UStr
case ID_FRAME: {
DOM::HTMLFrameElement frameElement = element;
- // p == "document" ?
if (p == "frameBorder") return getString(frameElement.frameBorder());
else if (p == "longDesc") return getString(frameElement.longDesc());
else if (p == "marginHeight") return getString(frameElement.marginHeight());
@@ -873,9 +872,11 @@ KJSO KJS::HTMLElement::tryGet(const UStr
break;
case ID_IFRAME: {
DOM::HTMLIFrameElement iFrame = element;
+ KHTMLPart* part = iFrame.isNull() ? 0 : static_cast(iFrame.handle() )->frameDocument()->view()->part();
if (p == "align") return getString(iFrame.align());
- // ### security check ?
- else if (p == "document") {
+ else if ((iFrame.src().isEmpty() || !part || originCheck(part->url(), Window::retrieveActive()->part()->url()))
+
+ && p == "document") {
if ( !iFrame.isNull() )
return getDOMNode( static_cast(iFrame.handle() )->frameDocument() );