Diff
Modified: trunk/Source/WebCore/ChangeLog (106617 => 106618)
--- trunk/Source/WebCore/ChangeLog 2012-02-03 03:18:53 UTC (rev 106617)
+++ trunk/Source/WebCore/ChangeLog 2012-02-03 03:23:45 UTC (rev 106618)
@@ -1,3 +1,55 @@
+2012-02-02 Adam Barth <[email protected]>
+
+ Rename checkNodeSecurity and allowsAccessFromFrame to have sensible names
+ https://bugs.webkit.org/show_bug.cgi?id=75796
+
+ Reviewed by Eric Seidel.
+
+ As requested by Darin Adler, this patch renames these functions be
+ clear that we're asking whether the access should be allowed rather
+ than explicitly allowing the access.
+
+ * bindings/generic/BindingSecurity.h:
+ (BindingSecurity):
+ (WebCore::::shouldAllowAccessToNode):
+ (WebCore::::allowSettingFrameSrcToJavascriptUrl):
+ * bindings/js/JSDOMBinding.cpp:
+ (WebCore::shouldAllowAccessToNode):
+ (WebCore::shouldAllowAccessToFrame):
+ * bindings/js/JSDOMBinding.h:
+ (WebCore):
+ * bindings/js/JSHTMLFrameElementCustom.cpp:
+ (WebCore::allowSettingJavascriptURL):
+ * bindings/js/JSHistoryCustom.cpp:
+ (WebCore::JSHistory::getOwnPropertySlotDelegate):
+ (WebCore::JSHistory::getOwnPropertyDescriptorDelegate):
+ (WebCore::JSHistory::putDelegate):
+ (WebCore::JSHistory::deleteProperty):
+ (WebCore::JSHistory::getOwnPropertyNames):
+ * bindings/js/JSLocationCustom.cpp:
+ (WebCore::JSLocation::getOwnPropertySlotDelegate):
+ (WebCore::JSLocation::getOwnPropertyDescriptorDelegate):
+ (WebCore::JSLocation::putDelegate):
+ (WebCore::JSLocation::deleteProperty):
+ (WebCore::JSLocation::getOwnPropertyNames):
+ (WebCore::JSLocation::toStringFunction):
+ * bindings/js/ScriptController.cpp:
+ (WebCore::ScriptController::canAccessFromCurrentOrigin):
+ * bindings/scripts/CodeGeneratorJS.pm:
+ (GenerateGetOwnPropertyDescriptorBody):
+ (GenerateImplementation):
+ * bindings/scripts/CodeGeneratorV8.pm:
+ (GenerateNormalAttrGetter):
+ (GenerateFunctionCallback):
+ * bindings/scripts/test/JS/JSTestActiveDOMObject.cpp:
+ (WebCore::JSTestActiveDOMObject::getOwnPropertyDescriptor):
+ * bindings/scripts/test/JS/JSTestObj.cpp:
+ (WebCore::jsTestObjContentDocument):
+ (WebCore::jsTestObjPrototypeFunctionGetSVGDocument):
+ * bindings/scripts/test/V8/V8TestObj.cpp:
+ (WebCore::TestObjInternal::contentDocumentAttrGetter):
+ (WebCore::TestObjInternal::getSVGDocumentCallback):
+
2012-02-02 Kalev Lember <[email protected]>
[GTK] Make gtk+ symbols available to WidgetBackingStoreCairo.cpp
Modified: trunk/Source/WebCore/bindings/generic/BindingSecurity.h (106617 => 106618)
--- trunk/Source/WebCore/bindings/generic/BindingSecurity.h 2012-02-03 03:18:53 UTC (rev 106617)
+++ trunk/Source/WebCore/bindings/generic/BindingSecurity.h 2012-02-03 03:23:45 UTC (rev 106618)
@@ -55,7 +55,7 @@
// Check if it is safe to access the given node from the
// current security context.
- static bool allowAccessToNode(State<Binding>*, Node* target);
+ static bool shouldAllowAccessToNode(State<Binding>*, Node* target);
static bool allowPopUp(State<Binding>*);
static bool allowSettingFrameSrcToJavascriptUrl(State<Binding>*, HTMLFrameElementBase*, const String& value);
@@ -101,7 +101,7 @@
}
template <class Binding>
-bool BindingSecurity<Binding>::allowAccessToNode(State<Binding>* state, Node* node)
+bool BindingSecurity<Binding>::shouldAllowAccessToNode(State<Binding>* state, Node* node)
{
if (!node)
return false;
@@ -131,7 +131,7 @@
{
if (protocolIsJavaScript(stripLeadingAndTrailingHTMLSpaces(value))) {
Node* contentDoc = frame->contentDocument();
- if (contentDoc && !allowAccessToNode(state, contentDoc))
+ if (contentDoc && !shouldAllowAccessToNode(state, contentDoc))
return false;
}
return true;
Modified: trunk/Source/WebCore/bindings/js/JSDOMBinding.cpp (106617 => 106618)
--- trunk/Source/WebCore/bindings/js/JSDOMBinding.cpp 2012-02-03 03:18:53 UTC (rev 106617)
+++ trunk/Source/WebCore/bindings/js/JSDOMBinding.cpp 2012-02-03 03:23:45 UTC (rev 106618)
@@ -216,12 +216,12 @@
return asJSDOMWindow(exec->dynamicGlobalObject())->impl();
}
-bool allowAccessToNode(ExecState* exec, Node* node)
+bool shouldAllowAccessToNode(ExecState* exec, Node* node)
{
- return node && allowAccessToFrame(exec, node->document()->frame());
+ return node && shouldAllowAccessToFrame(exec, node->document()->frame());
}
-bool allowAccessToFrame(ExecState* exec, Frame* frame)
+bool shouldAllowAccessToFrame(ExecState* exec, Frame* frame)
{
if (!frame)
return false;
@@ -229,7 +229,7 @@
return window && window->allowsAccessFrom(exec);
}
-bool allowAccessToFrame(ExecState* exec, Frame* frame, String& message)
+bool shouldAllowAccessToFrame(ExecState* exec, Frame* frame, String& message)
{
if (!frame)
return false;
Modified: trunk/Source/WebCore/bindings/js/JSDOMBinding.h (106617 => 106618)
--- trunk/Source/WebCore/bindings/js/JSDOMBinding.h 2012-02-03 03:18:53 UTC (rev 106617)
+++ trunk/Source/WebCore/bindings/js/JSDOMBinding.h 2012-02-03 03:23:45 UTC (rev 106618)
@@ -281,9 +281,9 @@
JSC::JSObject* toJSSequence(JSC::ExecState*, JSC::JSValue, unsigned&);
// FIXME: Implement allowAccessToContext(JSC::ExecState*, ScriptExecutionContext*);
- bool allowAccessToNode(JSC::ExecState*, Node*);
- bool allowAccessToFrame(JSC::ExecState*, Frame*);
- bool allowAccessToFrame(JSC::ExecState*, Frame*, String& message);
+ bool shouldAllowAccessToNode(JSC::ExecState*, Node*);
+ bool shouldAllowAccessToFrame(JSC::ExecState*, Frame*);
+ bool shouldAllowAccessToFrame(JSC::ExecState*, Frame*, String& message);
// FIXME: Implement allowAccessToDOMWindow(JSC::ExecState*, DOMWindow*);
// FIXME: Remove these functions in favor of activeContext and
Modified: trunk/Source/WebCore/bindings/js/JSHTMLFrameElementCustom.cpp (106617 => 106618)
--- trunk/Source/WebCore/bindings/js/JSHTMLFrameElementCustom.cpp 2012-02-03 03:18:53 UTC (rev 106617)
+++ trunk/Source/WebCore/bindings/js/JSHTMLFrameElementCustom.cpp 2012-02-03 03:23:45 UTC (rev 106618)
@@ -45,7 +45,7 @@
{
if (protocolIsJavaScript(stripLeadingAndTrailingHTMLSpaces(value))) {
Document* contentDocument = imp->contentDocument();
- if (contentDocument && !allowAccessToNode(exec, contentDocument))
+ if (contentDocument && !shouldAllowAccessToNode(exec, contentDocument))
return false;
}
return true;
Modified: trunk/Source/WebCore/bindings/js/JSHistoryCustom.cpp (106617 => 106618)
--- trunk/Source/WebCore/bindings/js/JSHistoryCustom.cpp 2012-02-03 03:18:53 UTC (rev 106617)
+++ trunk/Source/WebCore/bindings/js/JSHistoryCustom.cpp 2012-02-03 03:23:45 UTC (rev 106618)
@@ -61,7 +61,7 @@
// Our custom code is only needed to implement the Window cross-domain scheme, so if access is
// allowed, return false so the normal lookup will take place.
String message;
- if (allowAccessToFrame(exec, impl()->frame(), message))
+ if (shouldAllowAccessToFrame(exec, impl()->frame(), message))
return false;
// Check for the few functions that we allow, even when called cross-domain.
@@ -101,7 +101,7 @@
}
// Throw out all cross domain access
- if (!allowAccessToFrame(exec, impl()->frame()))
+ if (!shouldAllowAccessToFrame(exec, impl()->frame()))
return true;
// Check for the few functions that we allow, even when called cross-domain.
@@ -141,7 +141,7 @@
bool JSHistory::putDelegate(ExecState* exec, const Identifier&, JSValue, PutPropertySlot&)
{
// Only allow putting by frames in the same origin.
- if (!allowAccessToFrame(exec, impl()->frame()))
+ if (!shouldAllowAccessToFrame(exec, impl()->frame()))
return true;
return false;
}
@@ -150,7 +150,7 @@
{
JSHistory* thisObject = jsCast<JSHistory*>(cell);
// Only allow deleting by frames in the same origin.
- if (!allowAccessToFrame(exec, thisObject->impl()->frame()))
+ if (!shouldAllowAccessToFrame(exec, thisObject->impl()->frame()))
return false;
return Base::deleteProperty(thisObject, exec, propertyName);
}
@@ -159,7 +159,7 @@
{
JSHistory* thisObject = jsCast<JSHistory*>(object);
// Only allow the history object to enumerated by frames in the same origin.
- if (!allowAccessToFrame(exec, thisObject->impl()->frame()))
+ if (!shouldAllowAccessToFrame(exec, thisObject->impl()->frame()))
return;
Base::getOwnPropertyNames(thisObject, exec, propertyNames, mode);
}
Modified: trunk/Source/WebCore/bindings/js/JSLocationCustom.cpp (106617 => 106618)
--- trunk/Source/WebCore/bindings/js/JSLocationCustom.cpp 2012-02-03 03:18:53 UTC (rev 106617)
+++ trunk/Source/WebCore/bindings/js/JSLocationCustom.cpp 2012-02-03 03:23:45 UTC (rev 106618)
@@ -59,7 +59,7 @@
// Our custom code is only needed to implement the Window cross-domain scheme, so if access is
// allowed, return false so the normal lookup will take place.
String message;
- if (allowAccessToFrame(exec, frame, message))
+ if (shouldAllowAccessToFrame(exec, frame, message))
return false;
// Check for the few functions that we allow, even when called cross-domain.
@@ -95,7 +95,7 @@
}
// throw out all cross domain access
- if (!allowAccessToFrame(exec, frame))
+ if (!shouldAllowAccessToFrame(exec, frame))
return true;
// Check for the few functions that we allow, even when called cross-domain.
@@ -134,7 +134,7 @@
if (propertyName == exec->propertyNames().toString || propertyName == exec->propertyNames().valueOf)
return true;
- bool sameDomainAccess = allowAccessToFrame(exec, frame);
+ bool sameDomainAccess = shouldAllowAccessToFrame(exec, frame);
const HashEntry* entry = JSLocation::s_info.propHashTable(exec)->entry(exec, propertyName);
if (!entry) {
@@ -156,7 +156,7 @@
{
JSLocation* thisObject = jsCast<JSLocation*>(cell);
// Only allow deleting by frames in the same origin.
- if (!allowAccessToFrame(exec, thisObject->impl()->frame()))
+ if (!shouldAllowAccessToFrame(exec, thisObject->impl()->frame()))
return false;
return Base::deleteProperty(thisObject, exec, propertyName);
}
@@ -165,7 +165,7 @@
{
JSLocation* thisObject = jsCast<JSLocation*>(object);
// Only allow the location object to enumerated by frames in the same origin.
- if (!allowAccessToFrame(exec, thisObject->impl()->frame()))
+ if (!shouldAllowAccessToFrame(exec, thisObject->impl()->frame()))
return;
Base::getOwnPropertyNames(thisObject, exec, propertyNames, mode);
}
@@ -270,7 +270,7 @@
JSValue JSLocation::toStringFunction(ExecState* exec)
{
Frame* frame = impl()->frame();
- if (!frame || !allowAccessToFrame(exec, frame))
+ if (!frame || !shouldAllowAccessToFrame(exec, frame))
return jsUndefined();
return jsString(exec, impl()->toString());
Modified: trunk/Source/WebCore/bindings/js/ScriptController.cpp (106617 => 106618)
--- trunk/Source/WebCore/bindings/js/ScriptController.cpp 2012-02-03 03:18:53 UTC (rev 106617)
+++ trunk/Source/WebCore/bindings/js/ScriptController.cpp 2012-02-03 03:23:45 UTC (rev 106618)
@@ -247,7 +247,7 @@
{
ExecState* exec = JSMainThreadExecState::currentState();
if (exec)
- return allowAccessToFrame(exec, frame);
+ return shouldAllowAccessToFrame(exec, frame);
// If the current state is 0 we're in a call path where the DOM security
// check doesn't apply (eg. parser).
return true;
Modified: trunk/Source/WebCore/bindings/scripts/CodeGeneratorJS.pm (106617 => 106618)
--- trunk/Source/WebCore/bindings/scripts/CodeGeneratorJS.pm 2012-02-03 03:18:53 UTC (rev 106617)
+++ trunk/Source/WebCore/bindings/scripts/CodeGeneratorJS.pm 2012-02-03 03:23:45 UTC (rev 106618)
@@ -499,7 +499,7 @@
if ($interfaceName eq "DOMWindow") {
push(@implContent, " if (!thisObject->allowsAccessFrom(exec))\n");
} else {
- push(@implContent, " if (!allowAccessToFrame(exec, thisObject->impl()->frame()))\n");
+ push(@implContent, " if (!shouldAllowAccessToFrame(exec, thisObject->impl()->frame()))\n");
}
push(@implContent, " return false;\n");
}
@@ -1700,7 +1700,7 @@
} elsif ($attribute->signature->extendedAttributes->{"CheckAccessToNode"}) {
$implIncludes{"JSDOMBinding.h"} = 1;
push(@implContent, " $implClassName* impl = static_cast<$implClassName*>(castedThis->impl());\n");
- push(@implContent, " return allowAccessToNode(exec, impl->" . $attribute->signature->name . "()) ? " . NativeToJSValue($attribute->signature, 0, $implClassName, "impl->$implGetterFunctionName()", "castedThis") . " : jsUndefined();\n");
+ push(@implContent, " return shouldAllowAccessToNode(exec, impl->" . $attribute->signature->name . "()) ? " . NativeToJSValue($attribute->signature, 0, $implClassName, "impl->$implGetterFunctionName()", "castedThis") . " : jsUndefined();\n");
} elsif ($type eq "EventListener") {
$implIncludes{"EventListener.h"} = 1;
push(@implContent, " UNUSED_PARAM(exec);\n");
@@ -1889,7 +1889,7 @@
if ($interfaceName eq "DOMWindow") {
push(@implContent, " if (!static_cast<$className*>(thisObject)->allowsAccessFrom(exec))\n");
} else {
- push(@implContent, " if (!allowAccessToFrame(exec, static_cast<$className*>(thisObject)->impl()->frame()))\n");
+ push(@implContent, " if (!shouldAllowAccessToFrame(exec, static_cast<$className*>(thisObject)->impl()->frame()))\n");
}
push(@implContent, " return;\n");
}
@@ -2017,7 +2017,7 @@
if ($interfaceName eq "DOMWindow") {
push(@implContent, " if (!static_cast<$className*>(thisObject)->allowsAccessFrom(exec))\n");
} else {
- push(@implContent, " if (!allowAccessToFrame(exec, static_cast<$className*>(thisObject)->impl()->frame()))\n");
+ push(@implContent, " if (!shouldAllowAccessToFrame(exec, static_cast<$className*>(thisObject)->impl()->frame()))\n");
}
push(@implContent, " return;\n");
}
@@ -2131,7 +2131,7 @@
}
if ($function->signature->extendedAttributes->{"CheckAccessToNode"} and !$function->isStatic) {
- push(@implContent, " if (!allowAccessToNode(exec, impl->" . $function->signature->name . "(" . (@{$function->raisesExceptions} ? "ec" : "") .")))\n");
+ push(@implContent, " if (!shouldAllowAccessToNode(exec, impl->" . $function->signature->name . "(" . (@{$function->raisesExceptions} ? "ec" : "") .")))\n");
push(@implContent, " return JSValue::encode(jsUndefined());\n");
$implIncludes{"JSDOMBinding.h"} = 1;
}
Modified: trunk/Source/WebCore/bindings/scripts/CodeGeneratorV8.pm (106617 => 106618)
--- trunk/Source/WebCore/bindings/scripts/CodeGeneratorV8.pm 2012-02-03 03:18:53 UTC (rev 106617)
+++ trunk/Source/WebCore/bindings/scripts/CodeGeneratorV8.pm 2012-02-03 03:23:45 UTC (rev 106618)
@@ -854,7 +854,7 @@
# Generate security checks if necessary
if ($attribute->signature->extendedAttributes->{"CheckAccessToNode"}) {
- push(@implContentDecls, " if (!V8BindingSecurity::allowAccessToNode(V8BindingState::Only(), imp->" . $attribute->signature->name . "()))\n return v8::Handle<v8::Value>();\n\n");
+ push(@implContentDecls, " if (!V8BindingSecurity::shouldAllowAccessToNode(V8BindingState::Only(), imp->" . $attribute->signature->name . "()))\n return v8::Handle<v8::Value>();\n\n");
}
my $useExceptions = 1 if @{$attribute->getterExceptions};
@@ -1438,7 +1438,7 @@
AddToImplIncludes("ScriptCallStackFactory.h");
}
if ($function->signature->extendedAttributes->{"CheckAccessToNode"}) {
- push(@implContentDecls, " if (!V8BindingSecurity::allowAccessToNode(V8BindingState::Only(), imp->" . $function->signature->name . "(ec)))\n");
+ push(@implContentDecls, " if (!V8BindingSecurity::shouldAllowAccessToNode(V8BindingState::Only(), imp->" . $function->signature->name . "(ec)))\n");
push(@implContentDecls, " return v8::Handle<v8::Value>();\n");
END
}
Modified: trunk/Source/WebCore/bindings/scripts/test/JS/JSTestActiveDOMObject.cpp (106617 => 106618)
--- trunk/Source/WebCore/bindings/scripts/test/JS/JSTestActiveDOMObject.cpp 2012-02-03 03:18:53 UTC (rev 106617)
+++ trunk/Source/WebCore/bindings/scripts/test/JS/JSTestActiveDOMObject.cpp 2012-02-03 03:23:45 UTC (rev 106618)
@@ -144,7 +144,7 @@
{
JSTestActiveDOMObject* thisObject = jsCast<JSTestActiveDOMObject*>(object);
ASSERT_GC_OBJECT_INHERITS(thisObject, &s_info);
- if (!allowAccessToFrame(exec, thisObject->impl()->frame()))
+ if (!shouldAllowAccessToFrame(exec, thisObject->impl()->frame()))
return false;
return getStaticValueDescriptor<JSTestActiveDOMObject, Base>(exec, &JSTestActiveDOMObjectTable, thisObject, propertyName, descriptor);
}
Modified: trunk/Source/WebCore/bindings/scripts/test/JS/JSTestObj.cpp (106617 => 106618)
--- trunk/Source/WebCore/bindings/scripts/test/JS/JSTestObj.cpp 2012-02-03 03:18:53 UTC (rev 106617)
+++ trunk/Source/WebCore/bindings/scripts/test/JS/JSTestObj.cpp 2012-02-03 03:23:45 UTC (rev 106618)
@@ -762,7 +762,7 @@
{
JSTestObj* castedThis = static_cast<JSTestObj*>(asObject(slotBase));
TestObj* impl = static_cast<TestObj*>(castedThis->impl());
- return allowAccessToNode(exec, impl->contentDocument()) ? toJS(exec, castedThis->globalObject(), WTF::getPtr(impl->contentDocument())) : jsUndefined();
+ return shouldAllowAccessToNode(exec, impl->contentDocument()) ? toJS(exec, castedThis->globalObject(), WTF::getPtr(impl->contentDocument())) : jsUndefined();
}
@@ -1939,7 +1939,7 @@
ASSERT_GC_OBJECT_INHERITS(castedThis, &JSTestObj::s_info);
TestObj* impl = static_cast<TestObj*>(castedThis->impl());
ExceptionCode ec = 0;
- if (!allowAccessToNode(exec, impl->getSVGDocument(ec)))
+ if (!shouldAllowAccessToNode(exec, impl->getSVGDocument(ec)))
return JSValue::encode(jsUndefined());
JSC::JSValue result = toJS(exec, castedThis->globalObject(), WTF::getPtr(impl->getSVGDocument(ec)));
Modified: trunk/Source/WebCore/bindings/scripts/test/V8/V8TestObj.cpp (106617 => 106618)
--- trunk/Source/WebCore/bindings/scripts/test/V8/V8TestObj.cpp 2012-02-03 03:18:53 UTC (rev 106617)
+++ trunk/Source/WebCore/bindings/scripts/test/V8/V8TestObj.cpp 2012-02-03 03:23:45 UTC (rev 106618)
@@ -769,7 +769,7 @@
{
INC_STATS("DOM.TestObj.contentDocument._get");
TestObj* imp = V8TestObj::toNative(info.Holder());
- if (!V8BindingSecurity::allowAccessToNode(V8BindingState::Only(), imp->contentDocument()))
+ if (!V8BindingSecurity::shouldAllowAccessToNode(V8BindingState::Only(), imp->contentDocument()))
return v8::Handle<v8::Value>();
return toV8(imp->contentDocument());
@@ -1433,7 +1433,7 @@
TestObj* imp = V8TestObj::toNative(args.Holder());
ExceptionCode ec = 0;
{
- if (!V8BindingSecurity::allowAccessToNode(V8BindingState::Only(), imp->getSVGDocument(ec)))
+ if (!V8BindingSecurity::shouldAllowAccessToNode(V8BindingState::Only(), imp->getSVGDocument(ec)))
return v8::Handle<v8::Value>();
RefPtr<SVGDocument> result = imp->getSVGDocument(ec);
if (UNLIKELY(ec))