Implement document.domain #934
Assignees
Labels
A-content/dom
Interacting with the DOM from web content
Comments
DavidBruant
referenced
this issue
in jdm/servo
Sep 13, 2013
|
Actually, need to neuter indexed/named access to subframes too. Or make it async. Or something. |
|
And in particular, if that access gets you a same-origin frame, there's a possible problem |
ChrisParis
pushed a commit
to ChrisParis/servo
that referenced
this issue
Sep 7, 2014
Test that MediaControllers use the same task source when firing events
|
Visiting for triage: as of today, this is still not done |
|
Fixed by #8655. |
|
I think the document.domain setter is still missing. |
|
Some discussion on IRC with @bzbarsky that's relevant to mutating |
|
A first-cut implementation for the setter: asajeffrey@7aaa5c6 |
4 tasks
|
A PR for the setter: #15536. |
bors-servo
pushed a commit
that referenced
this issue
Mar 15, 2017
Implement setter for document.domain <!-- Please describe your changes on the following line: --> This PR implements the setter for `document.domain`. It builds on #15438 and #15478, only the last commit is part of this PR. It includes tests for similar-origin security checks. --- <!-- Thank you for contributing to Servo! Please replace each `[ ]` by `[X]` when the step is complete, and replace `__` with appropriate data: --> - [X] `./mach build -d` does not report any errors - [X] `./mach test-tidy` does not report any errors - [X] These changes fix #934. - [X] There are tests for these changes. <!-- Pull requests that do not address these steps are welcome, but they will require additional verification as part of the review process. --> <!-- Reviewable:start --> --- This change is [<img src="https://reviewable.io/review_button.svg" height="34" align="absmiddle" alt="Reviewable"/>](https://reviewable.io/reviews/servo/servo/15536) <!-- Reviewable:end -->
bors-servo
pushed a commit
that referenced
this issue
Mar 15, 2017
Implement setter for document.domain <!-- Please describe your changes on the following line: --> This PR implements the setter for `document.domain`. It builds on #15438 and #15478, only the last commit is part of this PR. It includes tests for similar-origin security checks. --- <!-- Thank you for contributing to Servo! Please replace each `[ ]` by `[X]` when the step is complete, and replace `__` with appropriate data: --> - [X] `./mach build -d` does not report any errors - [X] `./mach test-tidy` does not report any errors - [X] These changes fix #934. - [X] There are tests for these changes. <!-- Pull requests that do not address these steps are welcome, but they will require additional verification as part of the review process. --> <!-- Reviewable:start --> --- This change is [<img src="https://reviewable.io/review_button.svg" height="34" align="absmiddle" alt="Reviewable"/>](https://reviewable.io/reviews/servo/servo/15536) <!-- Reviewable:end -->
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This is related to #633.
document.domain changes the origin of a document. Any current and coming optimizations based on the assumption that the origin of a document not changing over time like the recent Make sandboxed iframes run with different script tasks may require removing these optimizations later.
For that reason, I feel it'd be important to implement document.domain early and start using it in Servo tests to make sure Servo is actually running the web and not an idealized version
For the specific case of sandbox iframes and document.domain, it's been discussed in standards, there was agreement among the few who participated in the discussion and a solution has been implemented in Firefox (poison document.domain setter in sandboxed iframes regardless of
allow-same-origin).Assuming this sticks, this particular optimization will remain.
The text was updated successfully, but these errors were encountered: