Google Git
Sign in
webkit / WebKit / b2c684a5c56cbe5027611f61e18ec698f0db8c31^! / . / Source / WebCore
commitb2c684a5c56cbe5027611f61e18ec698f0db8c31[log] [tgz]
authorjochen@chromium.org <jochen@chromium.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>Sat May 11 19:09:01 2013 +0000
committerjochen@chromium.org <jochen@chromium.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>Sat May 11 19:09:01 2013 +0000
treece71befba080948c6e57206a60d7373eb5aa3839
parent01be914b7948d10bee01ab77866e2661057cba31 [diff]
Disallow a window to focus itself via javascript URLs or using target _self
https://bugs.webkit.org/show_bug.cgi?id=115906

Reviewed by Geoffrey Garen.

Source/WebCore:

Test: fast/dom/Window/window-focus-self.html

* loader/FrameLoader.cpp:
(WebCore::createWindow):
* page/DOMWindow.cpp:
(WebCore::DOMWindow::focus):

LayoutTests:

* fast/dom/Window/window-focus-self-expected.txt: Added.
* fast/dom/Window/window-focus-self.html: Added.
* platform/wk2/TestExpectations: test uses unimplemented setWindowIsKey.


git-svn-id: http://svn.webkit.org/repository/webkit/trunk@149936 268f45cc-cd09-0410-ab3c-d52691b4dbfc

diff --git a/Source/WebCore/ChangeLog b/Source/WebCore/ChangeLog
index 58b5ccd..2ca1c3f 100644
--- a/Source/WebCore/ChangeLog
+++ b/Source/WebCore/ChangeLog

@@ -1,3 +1,17 @@
+2013-05-11  Jochen Eisinger  <jochen@chromium.org>
+
+        Disallow a window to focus itself via javascript URLs or using target _self
+        https://bugs.webkit.org/show_bug.cgi?id=115906
+
+        Reviewed by Geoffrey Garen.
+
+        Test: fast/dom/Window/window-focus-self.html
+
+        * loader/FrameLoader.cpp:
+        (WebCore::createWindow):
+        * page/DOMWindow.cpp:
+        (WebCore::DOMWindow::focus):
+
 2013-05-11  Christophe Dumez  <ch.dumez@sisa.samsung.com>
 
         Fix several style warnings in generated bindings

diff --git a/Source/WebCore/loader/FrameLoader.cpp b/Source/WebCore/loader/FrameLoader.cpp
index a279dec..5a57840 100644
--- a/Source/WebCore/loader/FrameLoader.cpp
+++ b/Source/WebCore/loader/FrameLoader.cpp

@@ -3335,8 +3335,10 @@
 
     if (!request.frameName().isEmpty() && request.frameName() != "_blank") {
         if (Frame* frame = lookupFrame->loader()->findFrameForNavigation(request.frameName(), openerFrame->document())) {
-            if (Page* page = frame->page())
-                page->chrome()->focus();
+            if (request.frameName() != "_self") {
+                if (Page* page = frame->page())
+                    page->chrome()->focus();
+            }
             created = false;
             return frame;
         }

diff --git a/Source/WebCore/page/DOMWindow.cpp b/Source/WebCore/page/DOMWindow.cpp
index b8af02f..da34ab4 100644
--- a/Source/WebCore/page/DOMWindow.cpp
+++ b/Source/WebCore/page/DOMWindow.cpp

@@ -941,7 +941,7 @@
     if (context) {
         ASSERT(isMainThread());
         Document* activeDocument = toDocument(context);
-        if (opener() && activeDocument->domWindow() == opener())
+        if (opener() && opener() != this && activeDocument->domWindow() == opener())
             allowFocus = true;
     }