Diff
Modified: trunk/Source/WebCore/ChangeLog (104411 => 104412)
--- trunk/Source/WebCore/ChangeLog 2012-01-08 22:48:35 UTC (rev 104411)
+++ trunk/Source/WebCore/ChangeLog 2012-01-08 23:15:42 UTC (rev 104412)
@@ -1,5 +1,42 @@
2012-01-08 Adam Barth <[email protected]>
+ Rename checkNodeSecurity and allowsAccessFromFrame to have sensible names
+ https://bugs.webkit.org/show_bug.cgi?id=75796
+
+ Reviewed by Sam Weinig.
+
+ This patch contains only renames and FIXME comments. No behavior change.
+
+ * bindings/js/JSDOMBinding.cpp:
+ (WebCore::allowAccessToNode):
+ (WebCore::allowAccessToFrame):
+ * bindings/js/JSDOMBinding.h:
+ * bindings/js/JSHTMLFrameElementCustom.cpp:
+ (WebCore::allowSettingJavascriptURL):
+ * bindings/js/JSHistoryCustom.cpp:
+ (WebCore::JSHistory::getOwnPropertySlotDelegate):
+ (WebCore::JSHistory::getOwnPropertyDescriptorDelegate):
+ (WebCore::JSHistory::putDelegate):
+ (WebCore::JSHistory::deleteProperty):
+ (WebCore::JSHistory::getOwnPropertyNames):
+ * bindings/js/JSLocationCustom.cpp:
+ (WebCore::JSLocation::getOwnPropertySlotDelegate):
+ (WebCore::JSLocation::getOwnPropertyDescriptorDelegate):
+ (WebCore::JSLocation::putDelegate):
+ (WebCore::JSLocation::deleteProperty):
+ (WebCore::JSLocation::getOwnPropertyNames):
+ (WebCore::JSLocation::toStringFunction):
+ * bindings/js/ScriptController.cpp:
+ (WebCore::ScriptController::canAccessFromCurrentOrigin):
+ * bindings/scripts/CodeGeneratorJS.pm:
+ (GenerateGetOwnPropertyDescriptorBody):
+ (GenerateImplementation):
+ * bindings/scripts/CodeGeneratorV8.pm:
+ (GenerateNormalAttrGetter):
+ (GenerateFunctionCallback):
+
+2012-01-08 Adam Barth <[email protected]>
+
Remove deprecated toDynamicFrame and unused [CallWith=DynamicFrame]
https://bugs.webkit.org/show_bug.cgi?id=75795
Modified: trunk/Source/WebCore/bindings/generic/BindingSecurity.h (104411 => 104412)
--- trunk/Source/WebCore/bindings/generic/BindingSecurity.h 2012-01-08 22:48:35 UTC (rev 104411)
+++ trunk/Source/WebCore/bindings/generic/BindingSecurity.h 2012-01-08 23:15:42 UTC (rev 104412)
@@ -55,7 +55,7 @@
// Check if it is safe to access the given node from the
// current security context.
- static bool checkNodeSecurity(State<Binding>*, Node* target);
+ static bool allowAccessToNode(State<Binding>*, Node* target);
static bool allowPopUp(State<Binding>*);
static bool allowSettingFrameSrcToJavascriptUrl(State<Binding>*, HTMLFrameElementBase*, const String& value);
@@ -101,7 +101,7 @@
}
template <class Binding>
-bool BindingSecurity<Binding>::checkNodeSecurity(State<Binding>* state, Node* node)
+bool BindingSecurity<Binding>::allowAccessToNode(State<Binding>* state, Node* node)
{
if (!node)
return false;
@@ -131,7 +131,7 @@
{
if (protocolIsJavaScript(stripLeadingAndTrailingHTMLSpaces(value))) {
Node* contentDoc = frame->contentDocument();
- if (contentDoc && !checkNodeSecurity(state, contentDoc))
+ if (contentDoc && !allowAccessToNode(state, contentDoc))
return false;
}
return true;
Modified: trunk/Source/WebCore/bindings/js/JSDOMBinding.cpp (104411 => 104412)
--- trunk/Source/WebCore/bindings/js/JSDOMBinding.cpp 2012-01-08 22:48:35 UTC (rev 104411)
+++ trunk/Source/WebCore/bindings/js/JSDOMBinding.cpp 2012-01-08 23:15:42 UTC (rev 104412)
@@ -216,12 +216,12 @@
return asJSDOMWindow(exec->dynamicGlobalObject())->impl();
}
-bool checkNodeSecurity(ExecState* exec, Node* node)
+bool allowAccessToNode(ExecState* exec, Node* node)
{
- return node && allowsAccessFromFrame(exec, node->document()->frame());
+ return node && allowAccessToFrame(exec, node->document()->frame());
}
-bool allowsAccessFromFrame(ExecState* exec, Frame* frame)
+bool allowAccessToFrame(ExecState* exec, Frame* frame)
{
if (!frame)
return false;
@@ -229,7 +229,7 @@
return window && window->allowsAccessFrom(exec);
}
-bool allowsAccessFromFrame(ExecState* exec, Frame* frame, String& message)
+bool allowAccessToFrame(ExecState* exec, Frame* frame, String& message)
{
if (!frame)
return false;
Modified: trunk/Source/WebCore/bindings/js/JSDOMBinding.h (104411 => 104412)
--- trunk/Source/WebCore/bindings/js/JSDOMBinding.h 2012-01-08 22:48:35 UTC (rev 104411)
+++ trunk/Source/WebCore/bindings/js/JSDOMBinding.h 2012-01-08 23:15:42 UTC (rev 104412)
@@ -280,14 +280,15 @@
// Validates that the passed object is a sequence type per section 4.1.13 of the WebIDL spec.
JSC::JSObject* toJSSequence(JSC::ExecState*, JSC::JSValue, unsigned&);
- bool checkNodeSecurity(JSC::ExecState*, Node*);
+ // FIXME: Implement allowAccessToContext(JSC::ExecState*, ScriptExecutionContext*);
+ bool allowAccessToNode(JSC::ExecState*, Node*);
+ bool allowAccessToFrame(JSC::ExecState*, Frame*);
+ bool allowAccessToFrame(JSC::ExecState*, Frame*, String& message);
+ // FIXME: Implement allowAccessToDOMWindow(JSC::ExecState*, DOMWindow*);
- // Helpers for Window, History, and Location classes to implement cross-domain policy.
- // Besides the cross-domain check, they need non-caching versions of staticFunctionGetter for
- // because we do not want current property values involved at all.
- // FIXME: These functions should be named frameAllowsAccessFrom, because the access is *to* the frame.
- bool allowsAccessFromFrame(JSC::ExecState*, Frame*);
- bool allowsAccessFromFrame(JSC::ExecState*, Frame*, String& message);
+ // FIXME: Remove these functions in favor of activeContext and
+ // firstContext, which return ScriptExecutionContext*. We prefer to use
+ // ScriptExecutionContext* as the context object in the bindings.
DOMWindow* activeDOMWindow(JSC::ExecState*);
DOMWindow* firstDOMWindow(JSC::ExecState*);
Modified: trunk/Source/WebCore/bindings/js/JSHTMLFrameElementCustom.cpp (104411 => 104412)
--- trunk/Source/WebCore/bindings/js/JSHTMLFrameElementCustom.cpp 2012-01-08 22:48:35 UTC (rev 104411)
+++ trunk/Source/WebCore/bindings/js/JSHTMLFrameElementCustom.cpp 2012-01-08 23:15:42 UTC (rev 104412)
@@ -45,7 +45,7 @@
{
if (protocolIsJavaScript(stripLeadingAndTrailingHTMLSpaces(value))) {
Document* contentDocument = imp->contentDocument();
- if (contentDocument && !checkNodeSecurity(exec, contentDocument))
+ if (contentDocument && !allowAccessToNode(exec, contentDocument))
return false;
}
return true;
Modified: trunk/Source/WebCore/bindings/js/JSHistoryCustom.cpp (104411 => 104412)
--- trunk/Source/WebCore/bindings/js/JSHistoryCustom.cpp 2012-01-08 22:48:35 UTC (rev 104411)
+++ trunk/Source/WebCore/bindings/js/JSHistoryCustom.cpp 2012-01-08 23:15:42 UTC (rev 104412)
@@ -61,7 +61,7 @@
// Our custom code is only needed to implement the Window cross-domain scheme, so if access is
// allowed, return false so the normal lookup will take place.
String message;
- if (allowsAccessFromFrame(exec, impl()->frame(), message))
+ if (allowAccessToFrame(exec, impl()->frame(), message))
return false;
// Check for the few functions that we allow, even when called cross-domain.
@@ -101,7 +101,7 @@
}
// Throw out all cross domain access
- if (!allowsAccessFromFrame(exec, impl()->frame()))
+ if (!allowAccessToFrame(exec, impl()->frame()))
return true;
// Check for the few functions that we allow, even when called cross-domain.
@@ -141,7 +141,7 @@
bool JSHistory::putDelegate(ExecState* exec, const Identifier&, JSValue, PutPropertySlot&)
{
// Only allow putting by frames in the same origin.
- if (!allowsAccessFromFrame(exec, impl()->frame()))
+ if (!allowAccessToFrame(exec, impl()->frame()))
return true;
return false;
}
@@ -150,7 +150,7 @@
{
JSHistory* thisObject = jsCast<JSHistory*>(cell);
// Only allow deleting by frames in the same origin.
- if (!allowsAccessFromFrame(exec, thisObject->impl()->frame()))
+ if (!allowAccessToFrame(exec, thisObject->impl()->frame()))
return false;
return Base::deleteProperty(thisObject, exec, propertyName);
}
@@ -159,7 +159,7 @@
{
JSHistory* thisObject = jsCast<JSHistory*>(object);
// Only allow the history object to enumerated by frames in the same origin.
- if (!allowsAccessFromFrame(exec, thisObject->impl()->frame()))
+ if (!allowAccessToFrame(exec, thisObject->impl()->frame()))
return;
Base::getOwnPropertyNames(thisObject, exec, propertyNames, mode);
}
Modified: trunk/Source/WebCore/bindings/js/JSLocationCustom.cpp (104411 => 104412)
--- trunk/Source/WebCore/bindings/js/JSLocationCustom.cpp 2012-01-08 22:48:35 UTC (rev 104411)
+++ trunk/Source/WebCore/bindings/js/JSLocationCustom.cpp 2012-01-08 23:15:42 UTC (rev 104412)
@@ -59,7 +59,7 @@
// Our custom code is only needed to implement the Window cross-domain scheme, so if access is
// allowed, return false so the normal lookup will take place.
String message;
- if (allowsAccessFromFrame(exec, frame, message))
+ if (allowAccessToFrame(exec, frame, message))
return false;
// Check for the few functions that we allow, even when called cross-domain.
@@ -95,7 +95,7 @@
}
// throw out all cross domain access
- if (!allowsAccessFromFrame(exec, frame))
+ if (!allowAccessToFrame(exec, frame))
return true;
// Check for the few functions that we allow, even when called cross-domain.
@@ -134,7 +134,7 @@
if (propertyName == exec->propertyNames().toString || propertyName == exec->propertyNames().valueOf)
return true;
- bool sameDomainAccess = allowsAccessFromFrame(exec, frame);
+ bool sameDomainAccess = allowAccessToFrame(exec, frame);
const HashEntry* entry = JSLocation::s_info.propHashTable(exec)->entry(exec, propertyName);
if (!entry) {
@@ -156,7 +156,7 @@
{
JSLocation* thisObject = jsCast<JSLocation*>(cell);
// Only allow deleting by frames in the same origin.
- if (!allowsAccessFromFrame(exec, thisObject->impl()->frame()))
+ if (!allowAccessToFrame(exec, thisObject->impl()->frame()))
return false;
return Base::deleteProperty(thisObject, exec, propertyName);
}
@@ -165,7 +165,7 @@
{
JSLocation* thisObject = jsCast<JSLocation*>(object);
// Only allow the location object to enumerated by frames in the same origin.
- if (!allowsAccessFromFrame(exec, thisObject->impl()->frame()))
+ if (!allowAccessToFrame(exec, thisObject->impl()->frame()))
return;
Base::getOwnPropertyNames(thisObject, exec, propertyNames, mode);
}
@@ -270,7 +270,7 @@
JSValue JSLocation::toStringFunction(ExecState* exec)
{
Frame* frame = impl()->frame();
- if (!frame || !allowsAccessFromFrame(exec, frame))
+ if (!frame || !allowAccessToFrame(exec, frame))
return jsUndefined();
return jsString(exec, impl()->toString());
Modified: trunk/Source/WebCore/bindings/js/ScriptController.cpp (104411 => 104412)
--- trunk/Source/WebCore/bindings/js/ScriptController.cpp 2012-01-08 22:48:35 UTC (rev 104411)
+++ trunk/Source/WebCore/bindings/js/ScriptController.cpp 2012-01-08 23:15:42 UTC (rev 104412)
@@ -248,7 +248,7 @@
{
ExecState* exec = JSMainThreadExecState::currentState();
if (exec)
- return allowsAccessFromFrame(exec, frame);
+ return allowAccessToFrame(exec, frame);
// If the current state is 0 we're in a call path where the DOM security
// check doesn't apply (eg. parser).
return true;
Modified: trunk/Source/WebCore/bindings/scripts/CodeGeneratorJS.pm (104411 => 104412)
--- trunk/Source/WebCore/bindings/scripts/CodeGeneratorJS.pm 2012-01-08 22:48:35 UTC (rev 104411)
+++ trunk/Source/WebCore/bindings/scripts/CodeGeneratorJS.pm 2012-01-08 23:15:42 UTC (rev 104412)
@@ -522,7 +522,7 @@
if ($interfaceName eq "DOMWindow") {
push(@implContent, " if (!thisObject->allowsAccessFrom(exec))\n");
} else {
- push(@implContent, " if (!allowsAccessFromFrame(exec, thisObject->impl()->frame()))\n");
+ push(@implContent, " if (!allowAccessToFrame(exec, thisObject->impl()->frame()))\n");
}
push(@implContent, " return false;\n");
}
@@ -1752,15 +1752,15 @@
} else {
push(@implContent, " return castedThis->$implGetterFunctionName(exec);\n");
}
- } elsif ($attribute->signature->extendedAttributes->{"CheckNodeSecurity"}) {
+ } elsif ($attribute->signature->extendedAttributes->{"allowAccessToNode"}) {
$implIncludes{"JSDOMBinding.h"} = 1;
push(@implContent, " $implClassName* impl = static_cast<$implClassName*>(castedThis->impl());\n");
- push(@implContent, " return checkNodeSecurity(exec, impl->$implGetterFunctionName()) ? " . NativeToJSValue($attribute->signature, 0, $implClassName, "impl->$implGetterFunctionName()", "castedThis") . " : jsUndefined();\n");
+ push(@implContent, " return allowAccessToNode(exec, impl->$implGetterFunctionName()) ? " . NativeToJSValue($attribute->signature, 0, $implClassName, "impl->$implGetterFunctionName()", "castedThis") . " : jsUndefined();\n");
} elsif ($attribute->signature->extendedAttributes->{"CheckFrameSecurity"}) {
$implIncludes{"Document.h"} = 1;
$implIncludes{"JSDOMBinding.h"} = 1;
push(@implContent, " $implClassName* impl = static_cast<$implClassName*>(castedThis->impl());\n");
- push(@implContent, " return checkNodeSecurity(exec, impl->contentDocument()) ? " . NativeToJSValue($attribute->signature, 0, $implClassName, "impl->$implGetterFunctionName()", "castedThis") . " : jsUndefined();\n");
+ push(@implContent, " return allowAccessToNode(exec, impl->contentDocument()) ? " . NativeToJSValue($attribute->signature, 0, $implClassName, "impl->$implGetterFunctionName()", "castedThis") . " : jsUndefined();\n");
} elsif ($type eq "EventListener") {
$implIncludes{"EventListener.h"} = 1;
push(@implContent, " UNUSED_PARAM(exec);\n");
@@ -1928,7 +1928,7 @@
if ($interfaceName eq "DOMWindow") {
push(@implContent, " if (!static_cast<$className*>(thisObject)->allowsAccessFrom(exec))\n");
} else {
- push(@implContent, " if (!allowsAccessFromFrame(exec, static_cast<$className*>(thisObject)->impl()->frame()))\n");
+ push(@implContent, " if (!allowAccessToFrame(exec, static_cast<$className*>(thisObject)->impl()->frame()))\n");
}
push(@implContent, " return;\n");
}
@@ -2056,7 +2056,7 @@
if ($interfaceName eq "DOMWindow") {
push(@implContent, " if (!static_cast<$className*>(thisObject)->allowsAccessFrom(exec))\n");
} else {
- push(@implContent, " if (!allowsAccessFromFrame(exec, static_cast<$className*>(thisObject)->impl()->frame()))\n");
+ push(@implContent, " if (!allowAccessToFrame(exec, static_cast<$className*>(thisObject)->impl()->frame()))\n");
}
push(@implContent, " return;\n");
}
@@ -2170,7 +2170,7 @@
}
if ($function->signature->extendedAttributes->{"SVGCheckSecurityDocument"} and !$function->isStatic) {
- push(@implContent, " if (!checkNodeSecurity(exec, impl->getSVGDocument(" . (@{$function->raisesExceptions} ? "ec" : "") .")))\n");
+ push(@implContent, " if (!allowAccessToNode(exec, impl->getSVGDocument(" . (@{$function->raisesExceptions} ? "ec" : "") .")))\n");
push(@implContent, " return JSValue::encode(jsUndefined());\n");
$implIncludes{"JSDOMBinding.h"} = 1;
}
Modified: trunk/Source/WebCore/bindings/scripts/CodeGeneratorV8.pm (104411 => 104412)
--- trunk/Source/WebCore/bindings/scripts/CodeGeneratorV8.pm 2012-01-08 22:48:35 UTC (rev 104411)
+++ trunk/Source/WebCore/bindings/scripts/CodeGeneratorV8.pm 2012-01-08 23:15:42 UTC (rev 104412)
@@ -883,10 +883,10 @@
}
# Generate security checks if necessary
- if ($attribute->signature->extendedAttributes->{"CheckNodeSecurity"}) {
- push(@implContentDecls, " if (!V8BindingSecurity::checkNodeSecurity(V8BindingState::Only(), imp->$attrName()))\n return v8::Handle<v8::Value>();\n\n");
+ if ($attribute->signature->extendedAttributes->{"allowAccessToNode"}) {
+ push(@implContentDecls, " if (!V8BindingSecurity::allowAccessToNode(V8BindingState::Only(), imp->$attrName()))\n return v8::Handle<v8::Value>();\n\n");
} elsif ($attribute->signature->extendedAttributes->{"CheckFrameSecurity"}) {
- push(@implContentDecls, " if (!V8BindingSecurity::checkNodeSecurity(V8BindingState::Only(), imp->contentDocument()))\n return v8::Handle<v8::Value>();\n\n");
+ push(@implContentDecls, " if (!V8BindingSecurity::allowAccessToNode(V8BindingState::Only(), imp->contentDocument()))\n return v8::Handle<v8::Value>();\n\n");
}
my $useExceptions = 1 if @{$attribute->getterExceptions};
@@ -1434,7 +1434,7 @@
}
if ($function->signature->extendedAttributes->{"SVGCheckSecurityDocument"}) {
push(@implContentDecls, <<END);
- if (!V8BindingSecurity::checkNodeSecurity(V8BindingState::Only(), imp->getSVGDocument(ec)))
+ if (!V8BindingSecurity::allowAccessToNode(V8BindingState::Only(), imp->getSVGDocument(ec)))
return v8::Handle<v8::Value>();
END
}
