From 26412c5edd678c85d96f1152095ca504acf50ceb Mon Sep 17 00:00:00 2001
From: Domenic Denicola <d@domenic.me>
Date: Wed, 27 Jan 2021 10:54:13 -0500
Subject: [PATCH] Disallow simple dialogs from different-origin domain iframes

Closes #5407.
---
 source | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/source b/source
index 2e4439f25f9..29bb5ff1b53 100644
--- a/source
+++ b/source
@@ -93527,6 +93527,11 @@ function sendData(data) {
    data-x="concept-document-window">associated <code>Document</code></span> has the <span>sandboxed
    modals flag</span> set, then return true.</p></li>
 
+   <li><p>If <var>window</var>'s <span>relevant settings object</span>'s <span
+   data-x="concept-settings-object-origin">origin</span> and <var>window</var>'s <span>relevant
+   settings object</span>'s <span>top-level origin</span> are not <span>same origin-domain</span>,
+   then return true.</p></li>
+
    <li>If <var>window</var>'s <span>relevant agent</span>'s <span
    data-x="concept-agent-event-loop">event loop</span>'s <span>termination nesting level</span> is
    nonzero, then optionally return true.</li>
@@ -123225,6 +123230,7 @@ INSERT INTERFACES HERE
   Cao Yipeng,
   Carlos Amengual,
   Carlos Gabriel Cardona,
+  Carlos Ibarra L&oacute;pez, <!-- carlosjoan91 on GitHub -->
   Carlos Perell&oacute; Mar&iacute;n,
   Carolyn MacLeod,
   Casey Leask,