Diff
Modified: trunk/LayoutTests/ChangeLog (110666 => 110667)
--- trunk/LayoutTests/ChangeLog 2012-03-14 07:02:49 UTC (rev 110666)
+++ trunk/LayoutTests/ChangeLog 2012-03-14 07:06:03 UTC (rev 110667)
@@ -1,3 +1,23 @@
+2012-03-14 Kentaro Hara <[email protected]>
+
+ Return null when shouldAllowAccessToNode() fails
+ https://bugs.webkit.org/show_bug.cgi?id=80205
+
+ Reviewed by Adam Barth.
+
+ shouldAllowAccessToNode() is used for window.frameElement, HTMLFrameElement.contentDocument,
+ and getSVGDocument(). The spec of window.frameElement and HTMLFrameElement.contentDocument
+ requires that they should return null when the security check fails.
+ Thus this patch changes the return value from undefined to null.
+
+ http://www.whatwg.org/specs/web-apps/current-work/multipage/browsers.html#navigating-nested-browsing-contexts-in-the-dom
+ http://www.whatwg.org/specs/web-apps/current-work/multipage/the-iframe-element.html#dom-iframe-contentdocument
+
+ * http/tests/security/cross-frame-access-frameelement-expected.txt:
+ * http/tests/security/local-iFrame-from-remote.html:
+ * platform/chromium/http/tests/security/cross-frame-access-put-expected.txt:
+ * platform/gtk/http/tests/security/cross-frame-access-put-expected.txt:
+
2012-03-13 Yosifumi Inoue <[email protected]>
[Forms] Hidden input element should not have labels.
Modified: trunk/LayoutTests/http/tests/security/cross-frame-access-frameelement-expected.txt (110666 => 110667)
--- trunk/LayoutTests/http/tests/security/cross-frame-access-frameelement-expected.txt 2012-03-14 07:02:49 UTC (rev 110666)
+++ trunk/LayoutTests/http/tests/security/cross-frame-access-frameelement-expected.txt 2012-03-14 07:06:03 UTC (rev 110667)
@@ -12,4 +12,4 @@
--------
Frame: '<!--framePath //<!--frame1-->-->'
--------
-undefined
+null
Modified: trunk/LayoutTests/http/tests/security/local-iFrame-from-remote.html (110666 => 110667)
--- trunk/LayoutTests/http/tests/security/local-iFrame-from-remote.html 2012-03-14 07:02:49 UTC (rev 110666)
+++ trunk/LayoutTests/http/tests/security/local-iFrame-from-remote.html 2012-03-14 07:06:03 UTC (rev 110667)
@@ -17,7 +17,7 @@
var result = document.getElementById("result");
var myFrameDocument = document.getElementById("myFrame").contentDocument;
- if (myFrameDocument)
+ if (myFrameDocument !== null)
result.innerHTML = "Test Failed: Local page remotely loaded into iFrame.";
else
result.innerHTML = "Test Passed. Local page not remotely loaded into iFrame.";
Modified: trunk/LayoutTests/platform/chromium/http/tests/security/cross-frame-access-put-expected.txt (110666 => 110667)
--- trunk/LayoutTests/platform/chromium/http/tests/security/cross-frame-access-put-expected.txt 2012-03-14 07:02:49 UTC (rev 110666)
+++ trunk/LayoutTests/platform/chromium/http/tests/security/cross-frame-access-put-expected.txt 2012-03-14 07:06:03 UTC (rev 110667)
@@ -487,7 +487,7 @@
ALERT: PASS: window.event should be 'undefined' and is.
CONSOLE MESSAGE: Unsafe _javascript_ attempt to access frame with URL http://127.0.0.1:8000/security/cross-frame-access-put.html from frame with URL http://localhost:8000/security/resources/cross-frame-iframe-for-put-test.html. Domains, protocols and ports must match.
-ALERT: PASS: window.frameElement should be 'undefined' and is.
+ALERT: PASS: window.frameElement should be 'null' and is.
ALERT: PASS: window.frames should be '[object Window]' and is.
ALERT: PASS: window.history should be '[object History]' and is.
ALERT: PASS: window.images should be 'undefined' and is.
Modified: trunk/LayoutTests/platform/gtk/http/tests/security/cross-frame-access-put-expected.txt (110666 => 110667)
--- trunk/LayoutTests/platform/gtk/http/tests/security/cross-frame-access-put-expected.txt 2012-03-14 07:02:49 UTC (rev 110666)
+++ trunk/LayoutTests/platform/gtk/http/tests/security/cross-frame-access-put-expected.txt 2012-03-14 07:06:03 UTC (rev 110667)
@@ -477,7 +477,7 @@
ALERT: PASS: window.event should be 'undefined' and is.
CONSOLE MESSAGE: Unsafe _javascript_ attempt to access frame with URL http://127.0.0.1:8000/security/cross-frame-access-put.html from frame with URL http://localhost:8000/security/resources/cross-frame-iframe-for-put-test.html. Domains, protocols and ports must match.
-ALERT: PASS: window.frameElement should be 'undefined' and is.
+ALERT: PASS: window.frameElement should be 'null' and is.
ALERT: PASS: window.frames should be '[object Window]' and is.
ALERT: PASS: window.history should be '[object History]' and is.
ALERT: PASS: window.images should be 'undefined' and is.
Modified: trunk/Source/WebCore/ChangeLog (110666 => 110667)
--- trunk/Source/WebCore/ChangeLog 2012-03-14 07:02:49 UTC (rev 110666)
+++ trunk/Source/WebCore/ChangeLog 2012-03-14 07:06:03 UTC (rev 110667)
@@ -1,3 +1,35 @@
+2012-03-14 Kentaro Hara <[email protected]>
+
+ Return null when shouldAllowAccessToNode() fails
+ https://bugs.webkit.org/show_bug.cgi?id=80205
+
+ Reviewed by Adam Barth.
+
+ shouldAllowAccessToNode() is used for window.frameElement, HTMLFrameElement.contentDocument,
+ and getSVGDocument(). The spec of window.frameElement and HTMLFrameElement.contentDocument
+ requires that they should return null when the security check fails.
+ Thus this patch changes the return value from undefined to null.
+
+ http://www.whatwg.org/specs/web-apps/current-work/multipage/browsers.html#navigating-nested-browsing-contexts-in-the-dom
+ http://www.whatwg.org/specs/web-apps/current-work/multipage/the-iframe-element.html#dom-iframe-contentdocument
+
+ Tests: http/tests/security/local-iFrame-from-remote.html
+ http/tests/security/cross-frame-access-frameelement.html
+ http/tests/security/cross-frame-access-put.html
+
+ * bindings/scripts/CodeGeneratorJS.pm:
+ (GenerateImplementation):
+ * bindings/scripts/CodeGeneratorV8.pm:
+ (GenerateNormalAttrGetter):
+ (GenerateFunctionCallback):
+
+ * bindings/scripts/test/JS/JSTestObj.cpp: Updated run-bindings-tests results.
+ (WebCore::jsTestObjContentDocument):
+ (WebCore::jsTestObjPrototypeFunctionGetSVGDocument):
+ * bindings/scripts/test/V8/V8TestObj.cpp:
+ (WebCore::TestObjInternal::contentDocumentAttrGetter):
+ (WebCore::TestObjInternal::getSVGDocumentCallback):
+
2012-03-13 Yosifumi Inoue <[email protected]>
[Forms] Hidden input element should not have labels.
Modified: trunk/Source/WebCore/bindings/scripts/CodeGeneratorJS.pm (110666 => 110667)
--- trunk/Source/WebCore/bindings/scripts/CodeGeneratorJS.pm 2012-03-14 07:02:49 UTC (rev 110666)
+++ trunk/Source/WebCore/bindings/scripts/CodeGeneratorJS.pm 2012-03-14 07:06:03 UTC (rev 110667)
@@ -1716,7 +1716,7 @@
} elsif ($attribute->signature->extendedAttributes->{"CheckSecurityForNode"}) {
$implIncludes{"JSDOMBinding.h"} = 1;
push(@implContent, " $implClassName* impl = static_cast<$implClassName*>(castedThis->impl());\n");
- push(@implContent, " return shouldAllowAccessToNode(exec, impl->" . $attribute->signature->name . "()) ? " . NativeToJSValue($attribute->signature, 0, $implClassName, "impl->$implGetterFunctionName()", "castedThis") . " : jsUndefined();\n");
+ push(@implContent, " return shouldAllowAccessToNode(exec, impl->" . $attribute->signature->name . "()) ? " . NativeToJSValue($attribute->signature, 0, $implClassName, "impl->$implGetterFunctionName()", "castedThis") . " : jsNull();\n");
} elsif ($type eq "EventListener") {
$implIncludes{"EventListener.h"} = 1;
push(@implContent, " UNUSED_PARAM(exec);\n");
@@ -2149,7 +2149,7 @@
if ($function->signature->extendedAttributes->{"CheckSecurityForNode"}) {
push(@implContent, " if (!shouldAllowAccessToNode(exec, impl->" . $function->signature->name . "(" . (@{$function->raisesExceptions} ? "ec" : "") .")))\n");
- push(@implContent, " return JSValue::encode(jsUndefined());\n");
+ push(@implContent, " return JSValue::encode(jsNull());\n");
$implIncludes{"JSDOMBinding.h"} = 1;
}
Modified: trunk/Source/WebCore/bindings/scripts/CodeGeneratorV8.pm (110666 => 110667)
--- trunk/Source/WebCore/bindings/scripts/CodeGeneratorV8.pm 2012-03-14 07:02:49 UTC (rev 110666)
+++ trunk/Source/WebCore/bindings/scripts/CodeGeneratorV8.pm 2012-03-14 07:06:03 UTC (rev 110667)
@@ -915,7 +915,7 @@
# Generate security checks if necessary
if ($attribute->signature->extendedAttributes->{"CheckSecurityForNode"}) {
- push(@implContentDecls, " if (!V8BindingSecurity::shouldAllowAccessToNode(V8BindingState::Only(), imp->" . $attribute->signature->name . "()))\n return v8::Handle<v8::Value>();\n\n");
+ push(@implContentDecls, " if (!V8BindingSecurity::shouldAllowAccessToNode(V8BindingState::Only(), imp->" . $attribute->signature->name . "()))\n return v8::Handle<v8::Value>(v8::Null());\n\n");
}
my $useExceptions = 1 if @{$attribute->getterExceptions};
@@ -1481,7 +1481,7 @@
if ($function->signature->extendedAttributes->{"CheckSecurityForNode"}) {
push(@implContentDecls, " if (!V8BindingSecurity::shouldAllowAccessToNode(V8BindingState::Only(), imp->" . $function->signature->name . "(ec)))\n");
- push(@implContentDecls, " return v8::Handle<v8::Value>();\n");
+ push(@implContentDecls, " return v8::Handle<v8::Value>(v8::Null());\n");
END
}
Modified: trunk/Source/WebCore/bindings/scripts/test/JS/JSTestObj.cpp (110666 => 110667)
--- trunk/Source/WebCore/bindings/scripts/test/JS/JSTestObj.cpp 2012-03-14 07:02:49 UTC (rev 110666)
+++ trunk/Source/WebCore/bindings/scripts/test/JS/JSTestObj.cpp 2012-03-14 07:06:03 UTC (rev 110667)
@@ -812,7 +812,7 @@
{
JSTestObj* castedThis = static_cast<JSTestObj*>(asObject(slotBase));
TestObj* impl = static_cast<TestObj*>(castedThis->impl());
- return shouldAllowAccessToNode(exec, impl->contentDocument()) ? toJS(exec, castedThis->globalObject(), WTF::getPtr(impl->contentDocument())) : jsUndefined();
+ return shouldAllowAccessToNode(exec, impl->contentDocument()) ? toJS(exec, castedThis->globalObject(), WTF::getPtr(impl->contentDocument())) : jsNull();
}
@@ -2156,7 +2156,7 @@
TestObj* impl = static_cast<TestObj*>(castedThis->impl());
ExceptionCode ec = 0;
if (!shouldAllowAccessToNode(exec, impl->getSVGDocument(ec)))
- return JSValue::encode(jsUndefined());
+ return JSValue::encode(jsNull());
JSC::JSValue result = toJS(exec, castedThis->globalObject(), WTF::getPtr(impl->getSVGDocument(ec)));
setDOMException(exec, ec);
Modified: trunk/Source/WebCore/bindings/scripts/test/V8/V8TestObj.cpp (110666 => 110667)
--- trunk/Source/WebCore/bindings/scripts/test/V8/V8TestObj.cpp 2012-03-14 07:02:49 UTC (rev 110666)
+++ trunk/Source/WebCore/bindings/scripts/test/V8/V8TestObj.cpp 2012-03-14 07:06:03 UTC (rev 110667)
@@ -885,7 +885,7 @@
INC_STATS("DOM.TestObj.contentDocument._get");
TestObj* imp = V8TestObj::toNative(info.Holder());
if (!V8BindingSecurity::shouldAllowAccessToNode(V8BindingState::Only(), imp->contentDocument()))
- return v8::Handle<v8::Value>();
+ return v8::Handle<v8::Value>(v8::Null());
return toV8(imp->contentDocument());
}
@@ -1629,7 +1629,7 @@
ExceptionCode ec = 0;
{
if (!V8BindingSecurity::shouldAllowAccessToNode(V8BindingState::Only(), imp->getSVGDocument(ec)))
- return v8::Handle<v8::Value>();
+ return v8::Handle<v8::Value>(v8::Null());
RefPtr<SVGDocument> result = imp->getSVGDocument(ec);
if (UNLIKELY(ec))
goto fail;
