diff options
Diffstat (limited to 'chrome_frame/chrome_frame_activex_base.h')
| -rw-r--r-- | chrome_frame/chrome_frame_activex_base.h | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/chrome_frame/chrome_frame_activex_base.h b/chrome_frame/chrome_frame_activex_base.h index 4a4fe95..202f4d6 100644 --- a/chrome_frame/chrome_frame_activex_base.h +++ b/chrome_frame/chrome_frame_activex_base.h @@ -305,8 +305,11 @@ END_MSG_MAP() // of this template should implement this method based on how // it "feels" from a security perspective. If it's hosted in another // scriptable document, return true, else false. + // + // The base implementation returns true unless we are in privileged + // mode, in which case we always trust our container so we return false. bool is_frame_busting_enabled() const { - return true; + return !is_privileged_; } // Needed to support PostTask. |