[webkit-changes] [107806] trunk

Wed, 15 Feb 2012 07:32:38 -0800

Title: [107806] trunk
Revision
107806
Author
[email protected]
Date
2012-02-15 05:55:49 -0800 (Wed, 15 Feb 2012)

Log Message

Web Inspector: crash when inspecting an element on a page with eval disabled by CSP
https://bugs.webkit.org/show_bug.cgi?id=78705

Source/WebCore:

Inspector functions in injected script may use eval so we need to make sure
it is allowed for inspector code on pages where it is prohibited by CSP.

Reviewed by Pavel Feldman.

Test: inspector/elements/resolve-node-blocked.html

* inspector/InjectedScript.cpp:
(WebCore::InjectedScript::nodeForObjectId):
(WebCore::InjectedScript::wrapCallFrames):
(WebCore::InjectedScript::wrapObject):
(WebCore::InjectedScript::releaseObjectGroup):
(WebCore::InjectedScript::callFunctionWithEvalEnabled):
(WebCore):
(WebCore::InjectedScript::makeCall):
* inspector/InjectedScript.h:
(InjectedScript):

LayoutTests:

Reviewed by Pavel Feldman.

* inspector/elements/resolve-node-blocked-expected.txt: Added.
* inspector/elements/resolve-node-blocked.html: Added.

Modified Paths

Added Paths

Diff

Modified: trunk/LayoutTests/ChangeLog (107805 => 107806)


--- trunk/LayoutTests/ChangeLog	2012-02-15 13:39:18 UTC (rev 107805)
+++ trunk/LayoutTests/ChangeLog	2012-02-15 13:55:49 UTC (rev 107806)
@@ -1,3 +1,13 @@
+2012-02-15  Yury Semikhatsky  <[email protected]>
+
+        Web Inspector: crash when inspecting an element on a page with eval disabled by CSP
+        https://bugs.webkit.org/show_bug.cgi?id=78705
+
+        Reviewed by Pavel Feldman.
+
+        * inspector/elements/resolve-node-blocked-expected.txt: Added.
+        * inspector/elements/resolve-node-blocked.html: Added.
+
 2012-02-15  Kent Tamura  <[email protected]>
 
         Clean up radio button tests

Added: trunk/LayoutTests/inspector/elements/resolve-node-blocked-expected.txt (0 => 107806)


--- trunk/LayoutTests/inspector/elements/resolve-node-blocked-expected.txt	                        (rev 0)
+++ trunk/LayoutTests/inspector/elements/resolve-node-blocked-expected.txt	2012-02-15 13:55:49 UTC (rev 107806)
@@ -0,0 +1,5 @@
+Tests that JS object to node resolution still works even if script evals are prohibited by Content-Security-Policy. The test passes if it doesn't crash. Bug 78705.
+
+didReceiveDocumentObject
+didRequestNode error = undefined
+
Property changes on: trunk/LayoutTests/inspector/elements/resolve-node-blocked-expected.txt
___________________________________________________________________

Added: svn:eol-style

Added: trunk/LayoutTests/inspector/elements/resolve-node-blocked.html (0 => 107806)


--- trunk/LayoutTests/inspector/elements/resolve-node-blocked.html	                        (rev 0)
+++ trunk/LayoutTests/inspector/elements/resolve-node-blocked.html	2012-02-15 13:55:49 UTC (rev 107806)
@@ -0,0 +1,31 @@
+<html>
+<head>
+<script src=""
+<script src=""
+<meta http-equiv="X-WebKit-CSP" content="script-src 'unsafe-inline'">
+<script>
+function test()
+{
+    InspectorTest.evaluateInPage("document", didReceiveDocumentObject);
+    function didReceiveDocumentObject(remoteObject, wasThrown)
+    {
+        InspectorTest.addResult("didReceiveDocumentObject");
+        DOMAgent.requestNode(remoteObject.objectId, didRequestNode);
+    }
+
+    function didRequestNode(error, nodeId)
+    {
+        InspectorTest.addResult("didRequestNode error = " + error);
+        InspectorTest.completeTest();
+    }
+}
+</script>
+</head>
+<body _onload_="runTest()">
+<p>
+Tests that JS object to node resolution still works even if script evals are prohibited by Content-Security-Policy.
+The test passes if it doesn't crash.
+<a href="" 78705.</a>
+</p>
+</body>
+</html>
Property changes on: trunk/LayoutTests/inspector/elements/resolve-node-blocked.html
___________________________________________________________________

Added: svn:eol-style

Modified: trunk/Source/WebCore/ChangeLog (107805 => 107806)


--- trunk/Source/WebCore/ChangeLog	2012-02-15 13:39:18 UTC (rev 107805)
+++ trunk/Source/WebCore/ChangeLog	2012-02-15 13:55:49 UTC (rev 107806)
@@ -1,3 +1,26 @@
+2012-02-15  Yury Semikhatsky  <[email protected]>
+
+        Web Inspector: crash when inspecting an element on a page with eval disabled by CSP
+        https://bugs.webkit.org/show_bug.cgi?id=78705
+
+        Inspector functions in injected script may use eval so we need to make sure
+        it is allowed for inspector code on pages where it is prohibited by CSP.
+
+        Reviewed by Pavel Feldman.
+
+        Test: inspector/elements/resolve-node-blocked.html
+
+        * inspector/InjectedScript.cpp:
+        (WebCore::InjectedScript::nodeForObjectId):
+        (WebCore::InjectedScript::wrapCallFrames):
+        (WebCore::InjectedScript::wrapObject):
+        (WebCore::InjectedScript::releaseObjectGroup):
+        (WebCore::InjectedScript::callFunctionWithEvalEnabled):
+        (WebCore):
+        (WebCore::InjectedScript::makeCall):
+        * inspector/InjectedScript.h:
+        (InjectedScript):
+
 2012-02-13  Brian Grinstead  <[email protected]>
 
         Web Inspector: Add colorpicker functionality to color swatches in Styles Sidebar

Modified: trunk/Source/WebCore/inspector/InjectedScript.cpp (107805 => 107806)


--- trunk/Source/WebCore/inspector/InjectedScript.cpp	2012-02-15 13:39:18 UTC (rev 107805)
+++ trunk/Source/WebCore/inspector/InjectedScript.cpp	2012-02-15 13:55:49 UTC (rev 107806)
@@ -126,7 +126,7 @@
     function.appendArgument(objectId);
 
     bool hadException = false;
-    ScriptValue resultValue = function.call(hadException);
+    ScriptValue resultValue = callFunctionWithEvalEnabled(function, hadException);
     ASSERT(!hadException);
 
     return InjectedScriptHost::scriptValueAsNode(resultValue);
@@ -146,7 +146,9 @@
     ASSERT(!hasNoValue());
     ScriptFunctionCall function(m_injectedScriptObject, "wrapCallFrames");
     function.appendArgument(callFrames);
-    ScriptValue callFramesValue = function.call();
+    bool hadException = false;
+    ScriptValue callFramesValue = callFunctionWithEvalEnabled(function, hadException);
+    ASSERT(!hadException);
     RefPtr<InspectorValue> result = callFramesValue.toInspectorValue(m_injectedScriptObject.scriptState());
     if (result->type() == InspectorValue::TypeArray)
         return result->asArray();
@@ -162,7 +164,7 @@
     wrapFunction.appendArgument(groupName);
     wrapFunction.appendArgument(canAccessInspectedWindow());
     bool hadException = false;
-    ScriptValue r = wrapFunction.call(hadException);
+    ScriptValue r = callFunctionWithEvalEnabled(wrapFunction, hadException);
     if (hadException) {
         RefPtr<InspectorObject> result = InspectorObject::create();
         result->setString("description", "<exception>");
@@ -196,7 +198,9 @@
     ASSERT(!hasNoValue());
     ScriptFunctionCall releaseFunction(m_injectedScriptObject, "releaseObjectGroup");
     releaseFunction.appendArgument(objectGroup);
-    releaseFunction.call();
+    bool hadException = false;
+    callFunctionWithEvalEnabled(releaseFunction, hadException);
+    ASSERT(!hadException);
 }
 
 bool InjectedScript::canAccessInspectedWindow() const
@@ -204,16 +208,10 @@
     return m_inspectedStateAccessCheck(m_injectedScriptObject.scriptState());
 }
 
-void InjectedScript::makeCall(ScriptFunctionCall& function, RefPtr<InspectorValue>* result)
+ScriptValue InjectedScript::callFunctionWithEvalEnabled(ScriptFunctionCall& function, bool& hadException)
 {
-    if (hasNoValue() || !canAccessInspectedWindow()) {
-        *result = InspectorValue::null();
-        return;
-    }
-
     DOMWindow* domWindow = domWindowFromScriptState(m_injectedScriptObject.scriptState());
     InspectorInstrumentationCookie cookie = domWindow && domWindow->frame() ? InspectorInstrumentation::willCallFunction(domWindow->frame()->page(), "InjectedScript", 1) : InspectorInstrumentationCookie();
-    bool hadException = false;
 
     ScriptState* scriptState = m_injectedScriptObject.scriptState();
     bool evalIsDisabled = false;
@@ -230,7 +228,19 @@
         setEvalEnabled(scriptState, false);
 
     InspectorInstrumentation::didCallFunction(cookie);
+    return resultValue;
+}
 
+void InjectedScript::makeCall(ScriptFunctionCall& function, RefPtr<InspectorValue>* result)
+{
+    if (hasNoValue() || !canAccessInspectedWindow()) {
+        *result = InspectorValue::null();
+        return;
+    }
+
+    bool hadException = false;
+    ScriptValue resultValue = callFunctionWithEvalEnabled(function, hadException);
+
     ASSERT(!hadException);
     if (!hadException) {
         *result = resultValue.toInspectorValue(m_injectedScriptObject.scriptState());

Modified: trunk/Source/WebCore/inspector/InjectedScript.h (107805 => 107806)


--- trunk/Source/WebCore/inspector/InjectedScript.h	2012-02-15 13:39:18 UTC (rev 107805)
+++ trunk/Source/WebCore/inspector/InjectedScript.h	2012-02-15 13:55:49 UTC (rev 107806)
@@ -100,6 +100,7 @@
     InjectedScript(ScriptObject, InspectedStateAccessCheck);
 
     bool canAccessInspectedWindow() const;
+    ScriptValue callFunctionWithEvalEnabled(ScriptFunctionCall&, bool& hadException);
     void makeCall(ScriptFunctionCall&, RefPtr<InspectorValue>* result);
     void makeEvalCall(ErrorString*, ScriptFunctionCall&, RefPtr<InspectorObject>* result, bool* wasThrown);
     ScriptValue nodeAsScriptValue(Node*);

_______________________________________________
webkit-changes mailing list
[email protected]
http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes

Reply via email to