Diff
Modified: trunk/Source/WebCore/ChangeLog (124846 => 124847)
--- trunk/Source/WebCore/ChangeLog 2012-08-07 04:06:16 UTC (rev 124846)
+++ trunk/Source/WebCore/ChangeLog 2012-08-07 04:08:10 UTC (rev 124847)
@@ -1,3 +1,53 @@
+2012-08-06 Adam Barth <[email protected]>
+
+ BindingSecurity::shouldAllowAccessToFrame shouldn't use a raw boolean parameter
+ https://bugs.webkit.org/show_bug.cgi?id=93323
+
+ Reviewed by Eric Seidel.
+
+ As requested by Eric. This patch also renames the function to match its
+ counterpart in the _javascript_Core bindings.
+
+ * bindings/generic/BindingSecurity.cpp:
+ (WebCore::canAccessDocument):
+ (WebCore::BindingSecurity::shouldAllowAccessToFrame):
+ (WebCore::BindingSecurity::shouldAllowAccessToNode):
+ (WebCore::BindingSecurity::allowSettingFrameSrcToJavascriptUrl):
+ * bindings/generic/BindingSecurity.h:
+ (BindingSecurity):
+ * bindings/scripts/CodeGeneratorV8.pm:
+ (GenerateDomainSafeFunctionGetter):
+ (GenerateReplaceableAttrSetter):
+ (GenerateFunctionCallback):
+ * bindings/scripts/test/V8/V8TestActiveDOMObject.cpp:
+ (WebCore::TestActiveDOMObjectV8Internal::excitingFunctionCallback):
+ (WebCore::TestActiveDOMObjectV8Internal::postMessageAttrGetter):
+ * bindings/v8/ScriptController.cpp:
+ (WebCore::ScriptController::canAccessFromCurrentOrigin):
+ * bindings/v8/custom/V8DOMWindowCustom.cpp:
+ (WebCore::WindowSetTimeoutImpl):
+ (WebCore::V8DOMWindow::eventAccessorGetter):
+ (WebCore::V8DOMWindow::eventAccessorSetter):
+ (WebCore::V8DOMWindow::openerAccessorSetter):
+ (WebCore::V8DOMWindow::addEventListenerCallback):
+ (WebCore::V8DOMWindow::removeEventListenerCallback):
+ (WebCore::V8DOMWindow::showModalDialogCallback):
+ (WebCore::V8DOMWindow::openCallback):
+ (WebCore::V8DOMWindow::namedSecurityCheck):
+ (WebCore::V8DOMWindow::indexedSecurityCheck):
+ * bindings/v8/custom/V8HistoryCustom.cpp:
+ (WebCore::V8History::indexedSecurityCheck):
+ (WebCore::V8History::namedSecurityCheck):
+ * bindings/v8/custom/V8InjectedScriptManager.cpp:
+ (WebCore::InjectedScriptManager::canAccessInspectedWindow):
+ * bindings/v8/custom/V8LocationCustom.cpp:
+ (WebCore::V8Location::reloadAccessorGetter):
+ (WebCore::V8Location::replaceAccessorGetter):
+ (WebCore::V8Location::assignAccessorGetter):
+ (WebCore::V8Location::toStringCallback):
+ (WebCore::V8Location::indexedSecurityCheck):
+ (WebCore::V8Location::namedSecurityCheck):
+
2012-08-06 Yuta Kitamura <[email protected]>
WebSocket.send() should accept ArrayBufferView
Modified: trunk/Source/WebCore/bindings/generic/BindingSecurity.cpp (124846 => 124847)
--- trunk/Source/WebCore/bindings/generic/BindingSecurity.cpp 2012-08-07 04:06:16 UTC (rev 124846)
+++ trunk/Source/WebCore/bindings/generic/BindingSecurity.cpp 2012-08-07 04:08:10 UTC (rev 124847)
@@ -42,7 +42,7 @@
namespace WebCore {
-static bool canAccessDocument(BindingState* state, Document* targetDocument, bool reportError)
+static bool canAccessDocument(BindingState* state, Document* targetDocument, SecurityReportingOption reportingOption = ReportSecurityError)
{
if (!targetDocument)
return false;
@@ -54,25 +54,25 @@
if (active->securityOrigin()->canAccess(targetDocument->securityOrigin()))
return true;
- if (reportError)
+ if (reportingOption == ReportSecurityError)
immediatelyReportUnsafeAccessTo(state, targetDocument);
return false;
}
-bool BindingSecurity::canAccessFrame(BindingState* state, Frame* target, bool reportError)
+bool BindingSecurity::shouldAllowAccessToFrame(BindingState* state, Frame* target, SecurityReportingOption reportingOption)
{
- return target && canAccessDocument(state, target->document(), reportError);
+ return target && canAccessDocument(state, target->document(), reportingOption);
}
bool BindingSecurity::shouldAllowAccessToNode(BindingState* state, Node* target)
{
- return target && canAccessDocument(state, target->document(), true);
+ return target && canAccessDocument(state, target->document());
}
bool BindingSecurity::allowSettingFrameSrcToJavascriptUrl(BindingState* state, HTMLFrameElementBase* frame, const String& value)
{
- return !protocolIsJavaScript(stripLeadingAndTrailingHTMLSpaces(value)) || canAccessDocument(state, frame->contentDocument(), true);
+ return !protocolIsJavaScript(stripLeadingAndTrailingHTMLSpaces(value)) || canAccessDocument(state, frame->contentDocument());
}
}
Modified: trunk/Source/WebCore/bindings/generic/BindingSecurity.h (124846 => 124847)
--- trunk/Source/WebCore/bindings/generic/BindingSecurity.h 2012-08-07 04:06:16 UTC (rev 124846)
+++ trunk/Source/WebCore/bindings/generic/BindingSecurity.h 2012-08-07 04:08:10 UTC (rev 124847)
@@ -39,10 +39,15 @@
class HTMLFrameElementBase;
class Node;
+enum SecurityReportingOption {
+ DoNotReportSecurityError,
+ ReportSecurityError,
+};
+
class BindingSecurity {
public:
- static bool shouldAllowAccessToNode(BindingState*, Node* target);
- static bool canAccessFrame(BindingState*, Frame*, bool reportError);
+ static bool shouldAllowAccessToNode(BindingState*, Node*);
+ static bool shouldAllowAccessToFrame(BindingState*, Frame*, SecurityReportingOption = ReportSecurityError);
static bool allowSettingFrameSrcToJavascriptUrl(BindingState*, HTMLFrameElementBase*, const String& value);
};
Modified: trunk/Source/WebCore/bindings/scripts/CodeGeneratorV8.pm (124846 => 124847)
--- trunk/Source/WebCore/bindings/scripts/CodeGeneratorV8.pm 2012-08-07 04:06:16 UTC (rev 124846)
+++ trunk/Source/WebCore/bindings/scripts/CodeGeneratorV8.pm 2012-08-07 04:08:10 UTC (rev 124847)
@@ -768,7 +768,7 @@
return privateTemplate->GetFunction();
}
${implClassName}* imp = ${className}::toNative(holder);
- if (!BindingSecurity::canAccessFrame(BindingState::instance(), imp->frame(), false)) {
+ if (!BindingSecurity::shouldAllowAccessToFrame(BindingState::instance(), imp->frame(), DoNotReportSecurityError)) {
static v8::Persistent<v8::FunctionTemplate> sharedTemplate = v8::Persistent<v8::FunctionTemplate>::New($newTemplateString);
return sharedTemplate->GetFunction();
}
@@ -1093,7 +1093,7 @@
if ($implClassName eq "DOMWindow" || $dataNode->extendedAttributes->{"CheckSecurity"}) {
push(@implContentDecls, <<END);
${implClassName}* imp = V8${implClassName}::toNative(info.Holder());
- if (!BindingSecurity::canAccessFrame(BindingState::instance(), imp->frame(), true))
+ if (!BindingSecurity::shouldAllowAccessToFrame(BindingState::instance(), imp->frame()))
return;
END
}
@@ -1500,7 +1500,7 @@
&& !$function->signature->extendedAttributes->{"DoNotCheckSecurity"}) {
# We have not find real use cases yet.
push(@implContentDecls, <<END);
- if (!BindingSecurity::canAccessFrame(BindingState::instance(), imp->frame(), true))
+ if (!BindingSecurity::shouldAllowAccessToFrame(BindingState::instance(), imp->frame()))
return v8Undefined();
END
}
Modified: trunk/Source/WebCore/bindings/scripts/test/V8/V8TestActiveDOMObject.cpp (124846 => 124847)
--- trunk/Source/WebCore/bindings/scripts/test/V8/V8TestActiveDOMObject.cpp 2012-08-07 04:06:16 UTC (rev 124846)
+++ trunk/Source/WebCore/bindings/scripts/test/V8/V8TestActiveDOMObject.cpp 2012-08-07 04:08:10 UTC (rev 124847)
@@ -54,7 +54,7 @@
if (args.Length() < 1)
return V8Proxy::throwNotEnoughArgumentsError(args.GetIsolate());
TestActiveDOMObject* imp = V8TestActiveDOMObject::toNative(args.Holder());
- if (!BindingSecurity::canAccessFrame(BindingState::instance(), imp->frame(), true))
+ if (!BindingSecurity::shouldAllowAccessToFrame(BindingState::instance(), imp->frame()))
return v8Undefined();
EXCEPTION_BLOCK(Node*, nextChild, V8Node::HasInstance(MAYBE_MISSING_PARAMETER(args, 0, DefaultIsUndefined)) ? V8Node::toNative(v8::Handle<v8::Object>::Cast(MAYBE_MISSING_PARAMETER(args, 0, DefaultIsUndefined))) : 0);
imp->excitingFunction(nextChild);
@@ -83,7 +83,7 @@
return privateTemplate->GetFunction();
}
TestActiveDOMObject* imp = V8TestActiveDOMObject::toNative(holder);
- if (!BindingSecurity::canAccessFrame(BindingState::instance(), imp->frame(), false)) {
+ if (!BindingSecurity::shouldAllowAccessToFrame(BindingState::instance(), imp->frame(), DoNotReportSecurityError)) {
static v8::Persistent<v8::FunctionTemplate> sharedTemplate = v8::Persistent<v8::FunctionTemplate>::New(v8::FunctionTemplate::New(TestActiveDOMObjectV8Internal::postMessageCallback, v8Undefined(), v8::Signature::New(V8TestActiveDOMObject::GetRawTemplate())));
return sharedTemplate->GetFunction();
}
Modified: trunk/Source/WebCore/bindings/v8/ScriptController.cpp (124846 => 124847)
--- trunk/Source/WebCore/bindings/v8/ScriptController.cpp 2012-08-07 04:06:16 UTC (rev 124846)
+++ trunk/Source/WebCore/bindings/v8/ScriptController.cpp 2012-08-07 04:08:10 UTC (rev 124847)
@@ -97,7 +97,7 @@
bool ScriptController::canAccessFromCurrentOrigin(Frame *frame)
{
- return !v8::Context::InContext() || BindingSecurity::canAccessFrame(BindingState::instance(), frame, true);
+ return !v8::Context::InContext() || BindingSecurity::shouldAllowAccessToFrame(BindingState::instance(), frame);
}
ScriptController::ScriptController(Frame* frame)
Modified: trunk/Source/WebCore/bindings/v8/custom/V8DOMWindowCustom.cpp (124846 => 124847)
--- trunk/Source/WebCore/bindings/v8/custom/V8DOMWindowCustom.cpp 2012-08-07 04:06:16 UTC (rev 124846)
+++ trunk/Source/WebCore/bindings/v8/custom/V8DOMWindowCustom.cpp 2012-08-07 04:08:10 UTC (rev 124847)
@@ -107,7 +107,7 @@
if (argumentCount >= 2)
timeout = args[1]->Int32Value();
- if (!BindingSecurity::canAccessFrame(BindingState::instance(), imp->frame(), true))
+ if (!BindingSecurity::shouldAllowAccessToFrame(BindingState::instance(), imp->frame()))
return v8::Undefined();
int id;
@@ -152,7 +152,7 @@
return v8::Undefined();
Frame* frame = V8DOMWindow::toNative(holder)->frame();
- if (!BindingSecurity::canAccessFrame(BindingState::instance(), frame, true))
+ if (!BindingSecurity::shouldAllowAccessToFrame(BindingState::instance(), frame))
return v8::Undefined();
v8::Local<v8::Context> context = V8Proxy::context(frame);
@@ -173,7 +173,7 @@
return;
Frame* frame = V8DOMWindow::toNative(holder)->frame();
- if (!BindingSecurity::canAccessFrame(BindingState::instance(), frame, true))
+ if (!BindingSecurity::shouldAllowAccessToFrame(BindingState::instance(), frame))
return;
v8::Local<v8::Context> context = V8Proxy::context(frame);
@@ -205,7 +205,7 @@
{
DOMWindow* imp = V8DOMWindow::toNative(info.Holder());
- if (!BindingSecurity::canAccessFrame(BindingState::instance(), imp->frame(), true))
+ if (!BindingSecurity::shouldAllowAccessToFrame(BindingState::instance(), imp->frame()))
return;
// Opener can be shadowed if it is in the same domain.
@@ -234,7 +234,7 @@
DOMWindow* imp = V8DOMWindow::toNative(args.Holder());
- if (!BindingSecurity::canAccessFrame(BindingState::instance(), imp->frame(), true))
+ if (!BindingSecurity::shouldAllowAccessToFrame(BindingState::instance(), imp->frame()))
return v8::Undefined();
Document* doc = imp->document();
@@ -266,7 +266,7 @@
DOMWindow* imp = V8DOMWindow::toNative(args.Holder());
- if (!BindingSecurity::canAccessFrame(BindingState::instance(), imp->frame(), true))
+ if (!BindingSecurity::shouldAllowAccessToFrame(BindingState::instance(), imp->frame()))
return v8::Undefined();
Document* doc = imp->document();
@@ -433,7 +433,7 @@
INC_STATS("DOM.DOMWindow.showModalDialog()");
DOMWindow* impl = V8DOMWindow::toNative(args.Holder());
BindingState* state = BindingState::instance();
- if (!BindingSecurity::canAccessFrame(state, impl->frame(), true))
+ if (!BindingSecurity::shouldAllowAccessToFrame(state, impl->frame()))
return v8::Undefined();
// FIXME: Handle exceptions properly.
@@ -451,7 +451,7 @@
INC_STATS("DOM.DOMWindow.open()");
DOMWindow* impl = V8DOMWindow::toNative(args.Holder());
BindingState* state = BindingState::instance();
- if (!BindingSecurity::canAccessFrame(state, impl->frame(), true))
+ if (!BindingSecurity::shouldAllowAccessToFrame(state, impl->frame()))
return v8::Undefined();
// FIXME: Handle exceptions properly.
@@ -570,7 +570,7 @@
return true;
}
- return BindingSecurity::canAccessFrame(BindingState::instance(), target, false);
+ return BindingSecurity::shouldAllowAccessToFrame(BindingState::instance(), target, DoNotReportSecurityError);
}
bool V8DOMWindow::indexedSecurityCheck(v8::Local<v8::Object> host, uint32_t index, v8::AccessType type, v8::Local<v8::Value>)
@@ -595,7 +595,7 @@
if (type == v8::ACCESS_GET && childFrame && !host->HasRealIndexedProperty(index))
return true;
- return BindingSecurity::canAccessFrame(BindingState::instance(), target, false);
+ return BindingSecurity::shouldAllowAccessToFrame(BindingState::instance(), target, DoNotReportSecurityError);
}
v8::Handle<v8::Value> toV8(DOMWindow* window, v8::Isolate* isolate)
Modified: trunk/Source/WebCore/bindings/v8/custom/V8HistoryCustom.cpp (124846 => 124847)
--- trunk/Source/WebCore/bindings/v8/custom/V8HistoryCustom.cpp 2012-08-07 04:06:16 UTC (rev 124846)
+++ trunk/Source/WebCore/bindings/v8/custom/V8HistoryCustom.cpp 2012-08-07 04:08:10 UTC (rev 124847)
@@ -111,16 +111,14 @@
bool V8History::indexedSecurityCheck(v8::Local<v8::Object> host, uint32_t index, v8::AccessType type, v8::Local<v8::Value>)
{
- // Only allow same origin access.
History* history = V8History::toNative(host);
- return BindingSecurity::canAccessFrame(BindingState::instance(), history->frame(), false);
+ return BindingSecurity::shouldAllowAccessToFrame(BindingState::instance(), history->frame(), DoNotReportSecurityError);
}
bool V8History::namedSecurityCheck(v8::Local<v8::Object> host, v8::Local<v8::Value> key, v8::AccessType type, v8::Local<v8::Value>)
{
- // Only allow same origin access.
History* history = V8History::toNative(host);
- return BindingSecurity::canAccessFrame(BindingState::instance(), history->frame(), false);
+ return BindingSecurity::shouldAllowAccessToFrame(BindingState::instance(), history->frame(), DoNotReportSecurityError);
}
} // namespace WebCore
Modified: trunk/Source/WebCore/bindings/v8/custom/V8InjectedScriptManager.cpp (124846 => 124847)
--- trunk/Source/WebCore/bindings/v8/custom/V8InjectedScriptManager.cpp 2012-08-07 04:06:16 UTC (rev 124846)
+++ trunk/Source/WebCore/bindings/v8/custom/V8InjectedScriptManager.cpp 2012-08-07 04:08:10 UTC (rev 124847)
@@ -123,7 +123,7 @@
Frame* frame = V8DOMWindow::toNative(holder)->frame();
v8::Context::Scope contextScope(context);
- return BindingSecurity::canAccessFrame(BindingState::instance(), frame, false);
+ return BindingSecurity::shouldAllowAccessToFrame(BindingState::instance(), frame, DoNotReportSecurityError);
}
} // namespace WebCore
Modified: trunk/Source/WebCore/bindings/v8/custom/V8LocationCustom.cpp (124846 => 124847)
--- trunk/Source/WebCore/bindings/v8/custom/V8LocationCustom.cpp 2012-08-07 04:06:16 UTC (rev 124846)
+++ trunk/Source/WebCore/bindings/v8/custom/V8LocationCustom.cpp 2012-08-07 04:08:10 UTC (rev 124847)
@@ -156,7 +156,7 @@
return privateTemplate->GetFunction();
}
Location* imp = V8Location::toNative(holder);
- if (!BindingSecurity::canAccessFrame(BindingState::instance(), imp->frame(), false)) {
+ if (!BindingSecurity::shouldAllowAccessToFrame(BindingState::instance(), imp->frame(), DoNotReportSecurityError)) {
static v8::Persistent<v8::FunctionTemplate> sharedTemplate = v8::Persistent<v8::FunctionTemplate>::New(v8::FunctionTemplate::New(V8Location::reloadCallback, v8::Handle<v8::Value>(), v8::Signature::New(V8Location::GetRawTemplate())));
return sharedTemplate->GetFunction();
}
@@ -174,7 +174,7 @@
return privateTemplate->GetFunction();
}
Location* imp = V8Location::toNative(holder);
- if (!BindingSecurity::canAccessFrame(BindingState::instance(), imp->frame(), false)) {
+ if (!BindingSecurity::shouldAllowAccessToFrame(BindingState::instance(), imp->frame(), DoNotReportSecurityError)) {
static v8::Persistent<v8::FunctionTemplate> sharedTemplate = v8::Persistent<v8::FunctionTemplate>::New(v8::FunctionTemplate::New(V8Location::replaceCallback, v8::Handle<v8::Value>(), v8::Signature::New(V8Location::GetRawTemplate())));
return sharedTemplate->GetFunction();
}
@@ -193,7 +193,7 @@
return privateTemplate->GetFunction();
}
Location* imp = V8Location::toNative(holder);
- if (!BindingSecurity::canAccessFrame(BindingState::instance(), imp->frame(), false)) {
+ if (!BindingSecurity::shouldAllowAccessToFrame(BindingState::instance(), imp->frame(), DoNotReportSecurityError)) {
static v8::Persistent<v8::FunctionTemplate> sharedTemplate = v8::Persistent<v8::FunctionTemplate>::New(v8::FunctionTemplate::New(V8Location::assignCallback, v8::Handle<v8::Value>(), v8::Signature::New(V8Location::GetRawTemplate())));
return sharedTemplate->GetFunction();
}
@@ -251,7 +251,7 @@
INC_STATS("DOM.Location.toString");
v8::Handle<v8::Object> holder = args.Holder();
Location* imp = V8Location::toNative(holder);
- if (!BindingSecurity::canAccessFrame(BindingState::instance(), imp->frame(), true))
+ if (!BindingSecurity::shouldAllowAccessToFrame(BindingState::instance(), imp->frame()))
return v8::Undefined();
String result = imp->href();
return v8String(result, args.GetIsolate());
@@ -261,14 +261,14 @@
{
// Only allow same origin access
Location* imp = V8Location::toNative(host);
- return BindingSecurity::canAccessFrame(BindingState::instance(), imp->frame(), false);
+ return BindingSecurity::shouldAllowAccessToFrame(BindingState::instance(), imp->frame(), DoNotReportSecurityError);
}
bool V8Location::namedSecurityCheck(v8::Local<v8::Object> host, v8::Local<v8::Value> key, v8::AccessType type, v8::Local<v8::Value>)
{
// Only allow same origin access
Location* imp = V8Location::toNative(host);
- return BindingSecurity::canAccessFrame(BindingState::instance(), imp->frame(), false);
+ return BindingSecurity::shouldAllowAccessToFrame(BindingState::instance(), imp->frame(), DoNotReportSecurityError);
}
v8::Handle<v8::Value> toV8(Location* impl, v8::Isolate* isolate)
