Diff
Modified: trunk/Source/WebCore/ChangeLog (125760 => 125761)
--- trunk/Source/WebCore/ChangeLog 2012-08-16 08:54:22 UTC (rev 125760)
+++ trunk/Source/WebCore/ChangeLog 2012-08-16 09:09:42 UTC (rev 125761)
@@ -1,3 +1,31 @@
+2012-08-16 Adam Barth <[email protected]>
+
+ Delete DOMWindow::securityOrigin()
+ https://bugs.webkit.org/show_bug.cgi?id=93991
+
+ Reviewed by Eric Seidel.
+
+ DOMWindow::securityOrigin() just calls through to
+ document()->securityOrigin(). This patch updates all the callers to do
+ that work themselves, making it clearer what's going on at each call
+ site.
+
+ * bindings/generic/BindingSecurity.cpp:
+ (WebCore::canAccessDocument):
+ * bindings/js/JSDOMWindowBase.cpp:
+ (WebCore::JSDOMWindowBase::allowsAccessFrom):
+ * bindings/js/JSDOMWindowCustom.h:
+ (WebCore::JSDOMWindowBase::allowsAccessFromPrivate):
+ * bindings/js/ScriptController.cpp:
+ (WebCore::ScriptController::collectIsolatedContexts):
+ * page/DOMWindow.cpp:
+ (WebCore::DOMWindow::isInsecureScriptAccess):
+ (WebCore::DOMWindow::createWindow):
+ * page/DOMWindow.h:
+ (DOMWindow):
+ * page/Location.cpp:
+ (WebCore::Location::reload):
+
2012-08-16 Sheriff Bot <[email protected]>
Unreviewed, rolling out r125751.
Modified: trunk/Source/WebCore/bindings/generic/BindingSecurity.cpp (125760 => 125761)
--- trunk/Source/WebCore/bindings/generic/BindingSecurity.cpp 2012-08-16 08:54:22 UTC (rev 125760)
+++ trunk/Source/WebCore/bindings/generic/BindingSecurity.cpp 2012-08-16 09:09:42 UTC (rev 125761)
@@ -51,17 +51,7 @@
if (!active)
return false;
- // If the embedder executes _javascript_ synchronously during the didCreateScriptContext callback,
- // in some cases the active SecurityOrigin will not yet be copied to the DOMWindow. For example,
- // Frame::setDocument can trigger didCreateScriptContext during ScriptController::updateDocument.
- //
- // FIXME: Remove this branch once we manage to delete DOMWindow::m_securityOrigin. Ideally, we'd
- // get the SecurityOrigin from the Document rather than the DOMWindow. In that case, there
- // shouldn't ever be a chance to execute script before the SecurityOrigin object is created.
- if (!active->securityOrigin())
- return false;
-
- if (active->securityOrigin()->canAccess(targetDocument->securityOrigin()))
+ if (active->document()->securityOrigin()->canAccess(targetDocument->securityOrigin()))
return true;
if (reportingOption == ReportSecurityError)
Modified: trunk/Source/WebCore/bindings/js/JSDOMWindowBase.cpp (125760 => 125761)
--- trunk/Source/WebCore/bindings/js/JSDOMWindowBase.cpp 2012-08-16 08:54:22 UTC (rev 125760)
+++ trunk/Source/WebCore/bindings/js/JSDOMWindowBase.cpp 2012-08-16 09:09:42 UTC (rev 125761)
@@ -108,8 +108,8 @@
if (originWindow == targetWindow)
return true;
- const SecurityOrigin* originSecurityOrigin = originWindow->impl()->securityOrigin();
- const SecurityOrigin* targetSecurityOrigin = targetWindow->impl()->securityOrigin();
+ const SecurityOrigin* originSecurityOrigin = originWindow->impl()->document()->securityOrigin();
+ const SecurityOrigin* targetSecurityOrigin = targetWindow->impl()->document()->securityOrigin();
if (originSecurityOrigin->canAccess(targetSecurityOrigin))
return true;
Modified: trunk/Source/WebCore/bindings/js/JSDOMWindowCustom.h (125760 => 125761)
--- trunk/Source/WebCore/bindings/js/JSDOMWindowCustom.h 2012-08-16 08:54:22 UTC (rev 125760)
+++ trunk/Source/WebCore/bindings/js/JSDOMWindowCustom.h 2012-08-16 09:09:42 UTC (rev 125761)
@@ -73,8 +73,8 @@
if (originWindow == targetWindow)
return true;
- const SecurityOrigin* originSecurityOrigin = originWindow->impl()->securityOrigin();
- const SecurityOrigin* targetSecurityOrigin = targetWindow->impl()->securityOrigin();
+ const SecurityOrigin* originSecurityOrigin = originWindow->impl()->document()->securityOrigin();
+ const SecurityOrigin* targetSecurityOrigin = targetWindow->impl()->document()->securityOrigin();
return originSecurityOrigin->canAccess(targetSecurityOrigin);
}
Modified: trunk/Source/WebCore/bindings/js/ScriptController.cpp (125760 => 125761)
--- trunk/Source/WebCore/bindings/js/ScriptController.cpp 2012-08-16 08:54:22 UTC (rev 125760)
+++ trunk/Source/WebCore/bindings/js/ScriptController.cpp 2012-08-16 09:09:42 UTC (rev 125761)
@@ -352,7 +352,7 @@
{
for (ShellMap::iterator iter = m_windowShells.begin(); iter != m_windowShells.end(); ++iter) {
JSC::ExecState* exec = iter->second->window()->globalExec();
- SecurityOrigin* origin = iter->second->window()->impl()->securityOrigin();
+ SecurityOrigin* origin = iter->second->window()->impl()->document()->securityOrigin();
result.append(std::pair<ScriptState*, SecurityOrigin*>(exec, origin));
}
}
Modified: trunk/Source/WebCore/page/DOMWindow.cpp (125760 => 125761)
--- trunk/Source/WebCore/page/DOMWindow.cpp 2012-08-16 08:54:22 UTC (rev 125760)
+++ trunk/Source/WebCore/page/DOMWindow.cpp 2012-08-16 09:09:42 UTC (rev 125761)
@@ -1306,11 +1306,6 @@
return static_cast<Document*>(context);
}
-SecurityOrigin* DOMWindow::securityOrigin() const
-{
- return document() ? document()->securityOrigin() : 0;
-}
-
PassRefPtr<StyleMedia> DOMWindow::styleMedia() const
{
if (!isCurrentlyDisplayedInFrame())
@@ -1786,7 +1781,7 @@
// FIXME: The name canAccess seems to be a roundabout way to ask "can execute script".
// Can we name the SecurityOrigin function better to make this more clear?
- if (activeWindow->securityOrigin()->canAccess(securityOrigin()))
+ if (activeWindow->document()->securityOrigin()->canAccess(document()->securityOrigin()))
return false;
}
@@ -1811,7 +1806,7 @@
ResourceRequest request(completedURL, referrer);
FrameLoader::addHTTPOriginIfNeeded(request, firstFrame->loader()->outgoingOrigin());
- FrameLoadRequest frameRequest(activeWindow->securityOrigin(), request, frameName);
+ FrameLoadRequest frameRequest(activeWindow->document()->securityOrigin(), request, frameName);
// We pass the opener frame for the lookupFrame in case the active frame is different from
// the opener frame, and the name references a frame relative to the opener frame.
@@ -1830,10 +1825,10 @@
function(newFrame->document()->domWindow(), functionContext);
if (created)
- newFrame->loader()->changeLocation(activeWindow->securityOrigin(), completedURL, referrer, false, false);
+ newFrame->loader()->changeLocation(activeWindow->document()->securityOrigin(), completedURL, referrer, false, false);
else if (!urlString.isEmpty()) {
bool lockHistory = !ScriptController::processingUserGesture();
- newFrame->navigationScheduler()->scheduleLocationChange(activeWindow->securityOrigin(), completedURL.string(), referrer, lockHistory, false);
+ newFrame->navigationScheduler()->scheduleLocationChange(activeWindow->document()->securityOrigin(), completedURL.string(), referrer, lockHistory, false);
}
return newFrame;
Modified: trunk/Source/WebCore/page/DOMWindow.h (125760 => 125761)
--- trunk/Source/WebCore/page/DOMWindow.h 2012-08-16 08:54:22 UTC (rev 125760)
+++ trunk/Source/WebCore/page/DOMWindow.h 2012-08-16 09:09:42 UTC (rev 125761)
@@ -115,9 +115,6 @@
PassRefPtr<MediaQueryList> matchMedia(const String&);
- // FIXME: Callers should use document()->securityOrigin() directly.
- SecurityOrigin* securityOrigin() const;
-
unsigned pendingUnloadEventListeners() const;
static bool dispatchAllPendingBeforeUnloadEvents();
Modified: trunk/Source/WebCore/page/Location.cpp (125760 => 125761)
--- trunk/Source/WebCore/page/Location.cpp 2012-08-16 08:54:22 UTC (rev 125760)
+++ trunk/Source/WebCore/page/Location.cpp 2012-08-16 09:09:42 UTC (rev 125761)
@@ -252,7 +252,7 @@
// We allow one page to change the location of another. Why block attempts to reload?
// Other location operations simply block use of _javascript_ URLs cross origin.
DOMWindow* targetWindow = m_frame->document()->domWindow();
- if (!activeWindow->securityOrigin()->canAccess(targetWindow->securityOrigin())) {
+ if (!activeWindow->document()->securityOrigin()->canAccess(m_frame->document()->securityOrigin())) {
targetWindow->printErrorMessage(targetWindow->crossDomainAccessErrorMessage(activeWindow));
return;
}
