WebKit HTMLObjectElement::updateWidget Universal XSS

WebKit: UXSS through HTMLObjectElement::updateWidget CVE-2017-2493 When an object element loads a JavaScript URLe.g., javascript:alert1, it checks whether it violate the Same Origin Policy or not. Here's some snippets of the logic. void HTMLObjectElement::updateWidgetCreatePlugins createPlugins...