Diff
Modified: trunk/LayoutTests/ChangeLog (126164 => 126165)
--- trunk/LayoutTests/ChangeLog 2012-08-21 16:43:56 UTC (rev 126164)
+++ trunk/LayoutTests/ChangeLog 2012-08-21 16:54:26 UTC (rev 126165)
@@ -1,3 +1,20 @@
+2012-08-21 Adam Barth <[email protected]>
+
+ Implement JSDOMWindow*::allowsAccessFrom* in terms of BindingSecurity
+ https://bugs.webkit.org/show_bug.cgi?id=93407
+
+ Reviewed by Eric Seidel.
+
+ These test results are now more similar (although not identical) to the
+ results for the V8 bindings.
+
+ * http/tests/security/listener/xss-JSTargetNode-onclick-addEventListener-expected.txt:
+ * http/tests/security/listener/xss-JSTargetNode-onclick-shortcut-expected.txt:
+ * http/tests/security/listener/xss-XMLHttpRequest-addEventListener-expected.txt:
+ * http/tests/security/listener/xss-XMLHttpRequest-shortcut-expected.txt:
+ * http/tests/security/listener/xss-window-onclick-addEventListener-expected.txt:
+ * http/tests/security/listener/xss-window-onclick-shortcut-expected.txt:
+
2012-08-21 Brady Eidson <[email protected]>
WKTR doesn't implement dumpWillCacheResponse().
Modified: trunk/LayoutTests/http/tests/security/listener/xss-JSTargetNode-onclick-addEventListener-expected.txt (126164 => 126165)
--- trunk/LayoutTests/http/tests/security/listener/xss-JSTargetNode-onclick-addEventListener-expected.txt 2012-08-21 16:43:56 UTC (rev 126164)
+++ trunk/LayoutTests/http/tests/security/listener/xss-JSTargetNode-onclick-addEventListener-expected.txt 2012-08-21 16:54:26 UTC (rev 126165)
@@ -1,7 +1,5 @@
CONSOLE MESSAGE: Unsafe _javascript_ attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe.html from frame with URL http://127.0.0.1:8000/security/listener/resources/targetChild-JSTargetNode-onclick-addEventListener.html. Domains, protocols and ports must match.
-CONSOLE MESSAGE: Unsafe _javascript_ attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe.html from frame with URL http://127.0.0.1:8000/security/listener/resources/targetChild-JSTargetNode-onclick-addEventListener.html. Domains, protocols and ports must match.
-
This tests that frame used when setting eventListeners on an EventTarget using addEventListener is the target nodes frame. (rdar://problem/5426142). This test passes if you don't see an alert dialog with the domain of "localhost" in it and an "Unsafe _javascript_" warning is logged to the console.
Modified: trunk/LayoutTests/http/tests/security/listener/xss-JSTargetNode-onclick-shortcut-expected.txt (126164 => 126165)
--- trunk/LayoutTests/http/tests/security/listener/xss-JSTargetNode-onclick-shortcut-expected.txt 2012-08-21 16:43:56 UTC (rev 126164)
+++ trunk/LayoutTests/http/tests/security/listener/xss-JSTargetNode-onclick-shortcut-expected.txt 2012-08-21 16:54:26 UTC (rev 126165)
@@ -1,7 +1,5 @@
CONSOLE MESSAGE: Unsafe _javascript_ attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe.html from frame with URL http://127.0.0.1:8000/security/listener/resources/targetChild-JSTargetNode-onclick-shortcut.html. Domains, protocols and ports must match.
-CONSOLE MESSAGE: Unsafe _javascript_ attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe.html from frame with URL http://127.0.0.1:8000/security/listener/resources/targetChild-JSTargetNode-onclick-shortcut.html. Domains, protocols and ports must match.
-
This tests that frame used when setting eventListeners on an EventTarget with the shortcut (onclick, etc), is the target nodes frame. (rdar://problem/5426142). This test passes if you don't see an alert dialog with the domain of "localhost" in it and an "Unsafe _javascript_" warning is logged to the console.
Modified: trunk/LayoutTests/http/tests/security/listener/xss-XMLHttpRequest-addEventListener-expected.txt (126164 => 126165)
--- trunk/LayoutTests/http/tests/security/listener/xss-XMLHttpRequest-addEventListener-expected.txt 2012-08-21 16:43:56 UTC (rev 126164)
+++ trunk/LayoutTests/http/tests/security/listener/xss-XMLHttpRequest-addEventListener-expected.txt 2012-08-21 16:54:26 UTC (rev 126165)
@@ -1,7 +1,5 @@
CONSOLE MESSAGE: Unsafe _javascript_ attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe.html from frame with URL http://127.0.0.1:8000/security/listener/resources/targetChild-XMLHttpRequest-addEventListener.html. Domains, protocols and ports must match.
-CONSOLE MESSAGE: Unsafe _javascript_ attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe.html from frame with URL http://127.0.0.1:8000/security/listener/resources/targetChild-XMLHttpRequest-addEventListener.html. Domains, protocols and ports must match.
-
This tests that frame used when setting eventListeners on an XMLHttpRequest using addEventListener, is the requests frame. (rdar://problem/5426142). This test passes if you don't see an alert dialog with the domain of "localhost" in it and an "Unsafe _javascript_" warning is logged to the console.
Modified: trunk/LayoutTests/http/tests/security/listener/xss-XMLHttpRequest-shortcut-expected.txt (126164 => 126165)
--- trunk/LayoutTests/http/tests/security/listener/xss-XMLHttpRequest-shortcut-expected.txt 2012-08-21 16:43:56 UTC (rev 126164)
+++ trunk/LayoutTests/http/tests/security/listener/xss-XMLHttpRequest-shortcut-expected.txt 2012-08-21 16:54:26 UTC (rev 126165)
@@ -1,7 +1,5 @@
CONSOLE MESSAGE: Unsafe _javascript_ attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe.html from frame with URL http://127.0.0.1:8000/security/listener/resources/targetChild-XMLHttpRequest-shortcut.html. Domains, protocols and ports must match.
-CONSOLE MESSAGE: Unsafe _javascript_ attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe.html from frame with URL http://127.0.0.1:8000/security/listener/resources/targetChild-XMLHttpRequest-shortcut.html. Domains, protocols and ports must match.
-
This tests that frame used when setting eventListeners on an XMLHttpRequest with the shortcut (onreadystatechange), is the requests frame. (rdar://problem/5426142). This test passes if you don't see an alert dialog with the domain of "localhost" in it and an "Unsafe _javascript_" warning is logged to the console.
Modified: trunk/LayoutTests/http/tests/security/listener/xss-window-onclick-addEventListener-expected.txt (126164 => 126165)
--- trunk/LayoutTests/http/tests/security/listener/xss-window-onclick-addEventListener-expected.txt 2012-08-21 16:43:56 UTC (rev 126164)
+++ trunk/LayoutTests/http/tests/security/listener/xss-window-onclick-addEventListener-expected.txt 2012-08-21 16:54:26 UTC (rev 126165)
@@ -1,7 +1,5 @@
CONSOLE MESSAGE: Unsafe _javascript_ attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe.html from frame with URL http://127.0.0.1:8000/security/listener/resources/targetChild-window-onclick-addEventListener.html. Domains, protocols and ports must match.
-CONSOLE MESSAGE: Unsafe _javascript_ attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe.html from frame with URL http://127.0.0.1:8000/security/listener/resources/targetChild-window-onclick-addEventListener.html. Domains, protocols and ports must match.
-
This tests that frame used when setting eventListeners on the window using addEventListener is the window's frame. (rdar://problem/5426142). This test passes if you don't see an alert dialog with the domain of "localhost" in it and an "Unsafe _javascript_" warning is logged to the console.
Modified: trunk/LayoutTests/http/tests/security/listener/xss-window-onclick-shortcut-expected.txt (126164 => 126165)
--- trunk/LayoutTests/http/tests/security/listener/xss-window-onclick-shortcut-expected.txt 2012-08-21 16:43:56 UTC (rev 126164)
+++ trunk/LayoutTests/http/tests/security/listener/xss-window-onclick-shortcut-expected.txt 2012-08-21 16:54:26 UTC (rev 126165)
@@ -1,7 +1,5 @@
CONSOLE MESSAGE: Unsafe _javascript_ attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe.html from frame with URL http://127.0.0.1:8000/security/listener/resources/targetChild-window-onclick-shortcut.html. Domains, protocols and ports must match.
-CONSOLE MESSAGE: Unsafe _javascript_ attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe.html from frame with URL http://127.0.0.1:8000/security/listener/resources/targetChild-window-onclick-shortcut.html. Domains, protocols and ports must match.
-
This tests that frame used when setting eventListeners on the window with the shortcut (onclick, etc), is the window's frame. (rdar://problem/5426142). This test passes if you don't see an alert dialog with the domain of "localhost" in it and an "Unsafe _javascript_" warning is logged to the console.
Modified: trunk/Source/WebCore/ChangeLog (126164 => 126165)
--- trunk/Source/WebCore/ChangeLog 2012-08-21 16:43:56 UTC (rev 126164)
+++ trunk/Source/WebCore/ChangeLog 2012-08-21 16:54:26 UTC (rev 126165)
@@ -1,3 +1,48 @@
+2012-08-21 Adam Barth <[email protected]>
+
+ Implement JSDOMWindow*::allowsAccessFrom* in terms of BindingSecurity
+ https://bugs.webkit.org/show_bug.cgi?id=93407
+
+ Reviewed by Eric Seidel.
+
+ This patch removes allowsAccessFrom and implements the security checks
+ in terms of shouldAllowAccessToDOMWindow directly.
+
+ * bindings/generic/BindingSecurity.cpp:
+ (WebCore::BindingSecurity::shouldAllowAccessToDOMWindow):
+ (WebCore):
+ * bindings/generic/BindingSecurity.h:
+ (BindingSecurity):
+ * bindings/js/JSDOMBinding.cpp:
+ (WebCore::shouldAllowAccessToFrame):
+ (WebCore):
+ (WebCore::shouldAllowAccessToDOMWindow):
+ * bindings/js/JSDOMBinding.h:
+ (WebCore):
+ * bindings/js/JSDOMWindowBase.cpp:
+ (WebCore::shouldAllowAccessFrom):
+ (WebCore):
+ * bindings/js/JSDOMWindowBase.h:
+ (JSDOMWindowBase):
+ * bindings/js/JSDOMWindowCustom.cpp:
+ (WebCore::namedItemGetter):
+ (WebCore::JSDOMWindow::getOwnPropertySlot):
+ (WebCore::JSDOMWindow::getOwnPropertyDescriptor):
+ (WebCore::JSDOMWindow::put):
+ (WebCore::JSDOMWindow::deleteProperty):
+ (WebCore::JSDOMWindow::getPropertyNames):
+ (WebCore::JSDOMWindow::getOwnPropertyNames):
+ (WebCore::JSDOMWindow::defineOwnProperty):
+ (WebCore::JSDOMWindow::setLocation):
+ * bindings/js/JSDOMWindowCustom.h:
+ * bindings/js/JSInjectedScriptManager.cpp:
+ (WebCore::InjectedScriptManager::canAccessInspectedWindow):
+ * bindings/objc/WebScriptObject.mm:
+ (-[WebScriptObject _isSafeScript]):
+ * bindings/scripts/CodeGeneratorJS.pm:
+ (GenerateGetOwnPropertyDescriptorBody):
+ (GenerateImplementation):
+
2012-08-21 Dan Bernstein <[email protected]>
<rdar://problem/12104508> TextIterator takes O(n^2) to iterate over n empty blocks
Modified: trunk/Source/WebCore/bindings/generic/BindingSecurity.cpp (126164 => 126165)
--- trunk/Source/WebCore/bindings/generic/BindingSecurity.cpp 2012-08-21 16:43:56 UTC (rev 126164)
+++ trunk/Source/WebCore/bindings/generic/BindingSecurity.cpp 2012-08-21 16:54:26 UTC (rev 126165)
@@ -60,6 +60,11 @@
return false;
}
+bool BindingSecurity::shouldAllowAccessToDOMWindow(BindingState* state, DOMWindow* target, SecurityReportingOption reportingOption)
+{
+ return target && canAccessDocument(state, target->document(), reportingOption);
+}
+
bool BindingSecurity::shouldAllowAccessToFrame(BindingState* state, Frame* target, SecurityReportingOption reportingOption)
{
return target && canAccessDocument(state, target->document(), reportingOption);
Modified: trunk/Source/WebCore/bindings/generic/BindingSecurity.h (126164 => 126165)
--- trunk/Source/WebCore/bindings/generic/BindingSecurity.h 2012-08-21 16:43:56 UTC (rev 126164)
+++ trunk/Source/WebCore/bindings/generic/BindingSecurity.h 2012-08-21 16:54:26 UTC (rev 126165)
@@ -47,6 +47,7 @@
class BindingSecurity {
public:
static bool shouldAllowAccessToNode(BindingState*, Node*);
+ static bool shouldAllowAccessToDOMWindow(BindingState*, DOMWindow*, SecurityReportingOption = ReportSecurityError);
static bool shouldAllowAccessToFrame(BindingState*, Frame*, SecurityReportingOption = ReportSecurityError);
static bool allowSettingFrameSrcToJavascriptUrl(BindingState*, HTMLFrameElementBase*, const String& value);
};
Modified: trunk/Source/WebCore/bindings/js/JSDOMBinding.cpp (126164 => 126165)
--- trunk/Source/WebCore/bindings/js/JSDOMBinding.cpp 2012-08-21 16:43:56 UTC (rev 126164)
+++ trunk/Source/WebCore/bindings/js/JSDOMBinding.cpp 2012-08-21 16:54:26 UTC (rev 126165)
@@ -212,9 +212,9 @@
return BindingSecurity::shouldAllowAccessToNode(exec, node);
}
-bool shouldAllowAccessToFrame(ExecState* exec, Frame* frame)
+bool shouldAllowAccessToFrame(ExecState* exec, Frame* target)
{
- return BindingSecurity::shouldAllowAccessToFrame(exec, frame);
+ return BindingSecurity::shouldAllowAccessToFrame(exec, target);
}
bool shouldAllowAccessToFrame(ExecState* exec, Frame* frame, String& message)
@@ -227,6 +227,16 @@
return result;
}
+bool shouldAllowAccessToDOMWindow(ExecState* exec, DOMWindow* target, String& message)
+{
+ if (!target)
+ return false;
+ bool result = BindingSecurity::shouldAllowAccessToDOMWindow(exec, target, DoNotReportSecurityError);
+ // FIXME: The following line of code should move somewhere that it can be shared with immediatelyReportUnsafeAccessTo.
+ message = target->crossDomainAccessErrorMessage(activeDOMWindow(exec));
+ return result;
+}
+
void printErrorMessageForFrame(Frame* frame, const String& message)
{
if (!frame)
Modified: trunk/Source/WebCore/bindings/js/JSDOMBinding.h (126164 => 126165)
--- trunk/Source/WebCore/bindings/js/JSDOMBinding.h 2012-08-21 16:43:56 UTC (rev 126164)
+++ trunk/Source/WebCore/bindings/js/JSDOMBinding.h 2012-08-21 16:54:26 UTC (rev 126165)
@@ -401,11 +401,10 @@
return result;
}
- // FIXME: Implement allowAccessToContext(JSC::ExecState*, ScriptExecutionContext*);
bool shouldAllowAccessToNode(JSC::ExecState*, Node*);
bool shouldAllowAccessToFrame(JSC::ExecState*, Frame*);
bool shouldAllowAccessToFrame(JSC::ExecState*, Frame*, String& message);
- // FIXME: Implement allowAccessToDOMWindow(JSC::ExecState*, DOMWindow*);
+ bool shouldAllowAccessToDOMWindow(BindingState*, DOMWindow*, String& message);
void printErrorMessageForFrame(Frame*, const String& message);
JSC::JSValue objectToStringFunctionGetter(JSC::ExecState*, JSC::JSValue, JSC::PropertyName);
Modified: trunk/Source/WebCore/bindings/js/JSDOMWindowBase.cpp (126164 => 126165)
--- trunk/Source/WebCore/bindings/js/JSDOMWindowBase.cpp 2012-08-21 16:43:56 UTC (rev 126164)
+++ trunk/Source/WebCore/bindings/js/JSDOMWindowBase.cpp 2012-08-21 16:54:26 UTC (rev 126165)
@@ -23,6 +23,7 @@
#include "config.h"
#include "JSDOMWindowBase.h"
+#include "BindingSecurity.h"
#include "Chrome.h"
#include "Console.h"
#include "DOMWindow.h"
@@ -42,9 +43,14 @@
namespace WebCore {
+static bool shouldAllowAccessFrom(const JSGlobalObject* thisObject, ExecState* exec)
+{
+ return BindingSecurity::shouldAllowAccessToDOMWindow(exec, asJSDOMWindow(thisObject)->impl());
+}
+
const ClassInfo JSDOMWindowBase::s_info = { "Window", &JSDOMGlobalObject::s_info, 0, 0, CREATE_METHOD_TABLE(JSDOMWindowBase) };
-const GlobalObjectMethodTable JSDOMWindowBase::s_globalObjectMethodTable = { &allowsAccessFrom, &supportsProfiling, &supportsRichSourceInfo, &shouldInterruptScript, &_javascript_ExperimentsEnabled };
+const GlobalObjectMethodTable JSDOMWindowBase::s_globalObjectMethodTable = { &shouldAllowAccessFrom, &supportsProfiling, &supportsRichSourceInfo, &shouldInterruptScript, &_javascript_ExperimentsEnabled };
JSDOMWindowBase::JSDOMWindowBase(JSGlobalData& globalData, Structure* structure, PassRefPtr<DOMWindow> window, JSDOMWindowShell* shell)
: JSDOMGlobalObject(globalData, structure, shell->world(), &s_globalObjectMethodTable)
@@ -83,41 +89,11 @@
return m_impl->document();
}
-String JSDOMWindowBase::crossDomainAccessErrorMessage(const JSGlobalObject* other) const
-{
- return m_shell->window()->impl()->crossDomainAccessErrorMessage(asJSDOMWindow(other)->impl());
-}
-
void JSDOMWindowBase::printErrorMessage(const String& message) const
{
printErrorMessageForFrame(impl()->frame(), message);
}
-// This method checks whether accesss to *this* global object is permitted from
-// the given context; this differs from allowsAccessFromPrivate, since that
-// method checks whether the given context is permitted to access the current
-// window the shell is referencing (which may come from a different security
-// origin to this global object).
-bool JSDOMWindowBase::allowsAccessFrom(const JSGlobalObject* thisObject, ExecState* exec)
-{
- JSGlobalObject* otherObject = exec->lexicalGlobalObject();
-
- const JSDOMWindow* originWindow = asJSDOMWindow(otherObject);
- const JSDOMWindow* targetWindow = asJSDOMWindow(thisObject);
-
- if (originWindow == targetWindow)
- return true;
-
- const SecurityOrigin* originSecurityOrigin = originWindow->impl()->document()->securityOrigin();
- const SecurityOrigin* targetSecurityOrigin = targetWindow->impl()->document()->securityOrigin();
-
- if (originSecurityOrigin->canAccess(targetSecurityOrigin))
- return true;
-
- targetWindow->printErrorMessage(targetWindow->crossDomainAccessErrorMessage(otherObject));
- return false;
-}
-
bool JSDOMWindowBase::supportsProfiling(const JSGlobalObject* object)
{
#if !ENABLE(_javascript__DEBUGGER) || !ENABLE(INSPECTOR)
Modified: trunk/Source/WebCore/bindings/js/JSDOMWindowBase.h (126164 => 126165)
--- trunk/Source/WebCore/bindings/js/JSDOMWindowBase.h 2012-08-21 16:43:56 UTC (rev 126164)
+++ trunk/Source/WebCore/bindings/js/JSDOMWindowBase.h 2012-08-21 16:54:26 UTC (rev 126165)
@@ -64,16 +64,8 @@
static bool supportsRichSourceInfo(const JSC::JSGlobalObject*);
static bool shouldInterruptScript(const JSC::JSGlobalObject*);
static bool _javascript_ExperimentsEnabled(const JSC::JSGlobalObject*);
- static bool allowsAccessFrom(const JSC::JSGlobalObject*, JSC::ExecState*);
-
- bool allowsAccessFrom(JSC::ExecState*) const;
- bool allowsAccessFromNoErrorMessage(JSC::ExecState*) const;
- bool allowsAccessFrom(JSC::ExecState*, String& message) const;
void printErrorMessage(const String&) const;
- // Don't call this version of allowsAccessFrom -- it's a slightly incorrect implementation used only by WebScriptObject
- bool allowsAccessFrom(const JSC::JSGlobalObject*) const;
-
static JSC::JSObject* toThisObject(JSC::JSCell*, JSC::ExecState*);
JSDOMWindowShell* shell() const;
@@ -82,9 +74,6 @@
private:
RefPtr<DOMWindow> m_impl;
JSDOMWindowShell* m_shell;
-
- bool allowsAccessFromPrivate(const JSC::JSGlobalObject*) const;
- String crossDomainAccessErrorMessage(const JSC::JSGlobalObject*) const;
};
// Returns a JSDOMWindow or jsNull()
Modified: trunk/Source/WebCore/bindings/js/JSDOMWindowCustom.cpp (126164 => 126165)
--- trunk/Source/WebCore/bindings/js/JSDOMWindowCustom.cpp 2012-08-21 16:43:56 UTC (rev 126164)
+++ trunk/Source/WebCore/bindings/js/JSDOMWindowCustom.cpp 2012-08-21 16:54:26 UTC (rev 126165)
@@ -21,6 +21,7 @@
#include "config.h"
#include "JSDOMWindowCustom.h"
+#include "BindingSecurity.h"
#include "Frame.h"
#include "HTMLCollection.h"
#include "HTMLDocument.h"
@@ -112,7 +113,7 @@
JSDOMWindowBase* thisObj = jsCast<JSDOMWindow*>(asObject(slotBase));
Document* document = thisObj->impl()->frame()->document();
- ASSERT(thisObj->allowsAccessFrom(exec));
+ ASSERT(BindingSecurity::shouldAllowAccessToDOMWindow(exec, thisObj->impl()));
ASSERT(document);
ASSERT(document->isHTMLDocument());
@@ -158,7 +159,7 @@
// because we always allow access to some function, just different ones depending whether access
// is allowed.
String errorMessage;
- bool allowsAccess = thisObject->allowsAccessFrom(exec, errorMessage);
+ bool allowsAccess = shouldAllowAccessToDOMWindow(exec, thisObject->impl(), errorMessage);
// Look for overrides before looking at any of our own properties, but ignore overrides completely
// if this is cross-domain access.
@@ -166,7 +167,7 @@
return true;
// We need this code here because otherwise JSDOMWindowBase will stop the search before we even get to the
- // prototype due to the blanket same origin (allowsAccessFrom) check at the end of getOwnPropertySlot.
+ // prototype due to the blanket same origin (shouldAllowAccessToDOMWindow) check at the end of getOwnPropertySlot.
// Also, it's important to get the implementation straight out of the DOMWindow prototype regardless of
// what prototype is actually set on this object.
entry = JSDOMWindowPrototype::s_info.propHashTable(exec)->entry(exec, propertyName);
@@ -272,7 +273,7 @@
{
JSDOMWindow* thisObject = jsCast<JSDOMWindow*>(object);
// Never allow cross-domain getOwnPropertyDescriptor
- if (!thisObject->allowsAccessFrom(exec))
+ if (!BindingSecurity::shouldAllowAccessToDOMWindow(exec, thisObject->impl()))
return false;
const HashEntry* entry;
@@ -349,7 +350,7 @@
// Optimization: access _javascript_ global variables directly before involving the DOM.
if (thisObject->JSGlobalObject::hasOwnPropertyForWrite(exec, propertyName)) {
- if (thisObject->allowsAccessFrom(exec))
+ if (BindingSecurity::shouldAllowAccessToDOMWindow(exec, thisObject->impl()))
JSGlobalObject::put(thisObject, exec, propertyName, value, slot);
return;
}
@@ -357,7 +358,7 @@
if (lookupPut<JSDOMWindow>(exec, propertyName, value, s_info.propHashTable(exec), thisObject))
return;
- if (thisObject->allowsAccessFrom(exec))
+ if (BindingSecurity::shouldAllowAccessToDOMWindow(exec, thisObject->impl()))
Base::put(thisObject, exec, propertyName, value, slot);
}
@@ -365,7 +366,7 @@
{
JSDOMWindow* thisObject = jsCast<JSDOMWindow*>(cell);
// Only allow deleting properties by frames in the same origin.
- if (!thisObject->allowsAccessFrom(exec))
+ if (!BindingSecurity::shouldAllowAccessToDOMWindow(exec, thisObject->impl()))
return false;
return Base::deleteProperty(thisObject, exec, propertyName);
}
@@ -374,7 +375,7 @@
{
JSDOMWindow* thisObject = jsCast<JSDOMWindow*>(object);
// Only allow the window to enumerated by frames in the same origin.
- if (!thisObject->allowsAccessFrom(exec))
+ if (!BindingSecurity::shouldAllowAccessToDOMWindow(exec, thisObject->impl()))
return;
Base::getPropertyNames(thisObject, exec, propertyNames, mode);
}
@@ -383,7 +384,7 @@
{
JSDOMWindow* thisObject = jsCast<JSDOMWindow*>(object);
// Only allow the window to enumerated by frames in the same origin.
- if (!thisObject->allowsAccessFrom(exec))
+ if (!BindingSecurity::shouldAllowAccessToDOMWindow(exec, thisObject->impl()))
return;
Base::getOwnPropertyNames(thisObject, exec, propertyNames, mode);
}
@@ -392,7 +393,7 @@
{
JSDOMWindow* thisObject = jsCast<JSDOMWindow*>(object);
// Only allow defining properties in this way by frames in the same origin, as it allows setters to be introduced.
- if (!thisObject->allowsAccessFrom(exec))
+ if (!BindingSecurity::shouldAllowAccessToDOMWindow(exec, thisObject->impl()))
return false;
// Don't allow shadowing location using accessor properties.
@@ -412,7 +413,7 @@
if (Frame* activeFrame = activeDOMWindow(exec)->frame()) {
if (Settings* settings = activeFrame->settings()) {
if (settings->usesDashboardBackwardCompatibilityMode() && !activeFrame->tree()->parent()) {
- if (allowsAccessFrom(exec))
+ if (BindingSecurity::shouldAllowAccessToDOMWindow(exec, impl()))
putDirect(exec->globalData(), Identifier(exec, "location"), value);
return;
}
Modified: trunk/Source/WebCore/bindings/js/JSDOMWindowCustom.h (126164 => 126165)
--- trunk/Source/WebCore/bindings/js/JSDOMWindowCustom.h 2012-08-21 16:43:56 UTC (rev 126164)
+++ trunk/Source/WebCore/bindings/js/JSDOMWindowCustom.h 2012-08-21 16:54:26 UTC (rev 126165)
@@ -36,49 +36,6 @@
return static_cast<const JSDOMWindow*>(globalObject);
}
-inline bool JSDOMWindowBase::allowsAccessFrom(const JSGlobalObject* other) const
-{
- if (allowsAccessFromPrivate(other))
- return true;
- printErrorMessage(crossDomainAccessErrorMessage(other));
- return false;
}
-inline bool JSDOMWindowBase::allowsAccessFrom(JSC::ExecState* exec) const
-{
- if (allowsAccessFromPrivate(exec->lexicalGlobalObject()))
- return true;
- printErrorMessage(crossDomainAccessErrorMessage(exec->lexicalGlobalObject()));
- return false;
-}
-
-inline bool JSDOMWindowBase::allowsAccessFromNoErrorMessage(JSC::ExecState* exec) const
-{
- return allowsAccessFromPrivate(exec->lexicalGlobalObject());
-}
-
-inline bool JSDOMWindowBase::allowsAccessFrom(JSC::ExecState* exec, String& message) const
-{
- if (allowsAccessFromPrivate(exec->lexicalGlobalObject()))
- return true;
- message = crossDomainAccessErrorMessage(exec->lexicalGlobalObject());
- return false;
-}
-
-ALWAYS_INLINE bool JSDOMWindowBase::allowsAccessFromPrivate(const JSGlobalObject* other) const
-{
- const JSDOMWindow* originWindow = asJSDOMWindow(other);
- const JSDOMWindow* targetWindow = m_shell->window();
-
- if (originWindow == targetWindow)
- return true;
-
- const SecurityOrigin* originSecurityOrigin = originWindow->impl()->document()->securityOrigin();
- const SecurityOrigin* targetSecurityOrigin = targetWindow->impl()->document()->securityOrigin();
-
- return originSecurityOrigin->canAccess(targetSecurityOrigin);
-}
-
-}
-
#endif // JSDOMWindowCustom_h
Modified: trunk/Source/WebCore/bindings/js/JSInjectedScriptManager.cpp (126164 => 126165)
--- trunk/Source/WebCore/bindings/js/JSInjectedScriptManager.cpp 2012-08-21 16:43:56 UTC (rev 126164)
+++ trunk/Source/WebCore/bindings/js/JSInjectedScriptManager.cpp 2012-08-21 16:54:26 UTC (rev 126165)
@@ -36,6 +36,7 @@
#include "InjectedScriptManager.h"
+#include "BindingSecurity.h"
#include "ExceptionCode.h"
#include "JSDOMWindow.h"
#include "JSDOMWindowCustom.h"
@@ -85,7 +86,7 @@
JSDOMWindow* inspectedWindow = toJSDOMWindow(scriptState->lexicalGlobalObject());
if (!inspectedWindow)
return false;
- return inspectedWindow->allowsAccessFromNoErrorMessage(scriptState);
+ return BindingSecurity::shouldAllowAccessToDOMWindow(scriptState, inspectedWindow->impl(), DoNotReportSecurityError);
}
} // namespace WebCore
Modified: trunk/Source/WebCore/bindings/objc/WebScriptObject.mm (126164 => 126165)
--- trunk/Source/WebCore/bindings/objc/WebScriptObject.mm 2012-08-21 16:43:56 UTC (rev 126164)
+++ trunk/Source/WebCore/bindings/objc/WebScriptObject.mm 2012-08-21 16:54:26 UTC (rev 126165)
@@ -26,6 +26,7 @@
#import "config.h"
#import "WebScriptObjectPrivate.h"
+#import "BindingSecurity.h"
#import "BridgeJSC.h"
#import "Console.h"
#import "DOMInternal.h"
@@ -241,7 +242,11 @@
if (!_private->originRootObject->isValid())
return false;
- return jsCast<JSDOMWindowBase*>(root->globalObject())->allowsAccessFrom(_private->originRootObject->globalObject());
+ // It's not actually correct to call shouldAllowAccessToFrame in this way because
+ // JSDOMWindowBase* isn't the right object to represent the currently executing
+ // _javascript_. Instead, we should use ExecState, like we do elsewhere.
+ JSDOMWindowBase* target = jsCast<JSDOMWindowBase*>(root->globalObject());
+ return BindingSecurity::shouldAllowAccessToDOMWindow(_private->originRootObject->globalObject()->globalExec(), target->impl());
}
- (oneway void)release
Modified: trunk/Source/WebCore/bindings/scripts/CodeGeneratorJS.pm (126164 => 126165)
--- trunk/Source/WebCore/bindings/scripts/CodeGeneratorJS.pm 2012-08-21 16:43:56 UTC (rev 126164)
+++ trunk/Source/WebCore/bindings/scripts/CodeGeneratorJS.pm 2012-08-21 16:54:26 UTC (rev 126165)
@@ -475,7 +475,8 @@
my @getOwnPropertyDescriptorImpl = ();
if ($dataNode->extendedAttributes->{"CheckSecurity"}) {
if ($interfaceName eq "DOMWindow") {
- push(@implContent, " if (!thisObject->allowsAccessFrom(exec))\n");
+ $implIncludes{"BindingSecurity.h"} = 1;
+ push(@implContent, " if (!BindingSecurity::shouldAllowAccessToDOMWindow(exec, jsCast<$className*>(thisObject)->impl()))\n");
} else {
push(@implContent, " if (!shouldAllowAccessToFrame(exec, thisObject->impl()->frame()))\n");
}
@@ -1768,7 +1769,8 @@
if ($dataNode->extendedAttributes->{"CheckSecurity"} &&
!$attribute->signature->extendedAttributes->{"DoNotCheckSecurity"} &&
!$attribute->signature->extendedAttributes->{"DoNotCheckSecurityOnGetter"}) {
- push(@implContent, " if (!castedThis->allowsAccessFrom(exec))\n");
+ $implIncludes{"BindingSecurity.h"} = 1;
+ push(@implContent, " if (!BindingSecurity::shouldAllowAccessToDOMWindow(exec, castedThis->impl()))\n");
push(@implContent, " return jsUndefined();\n");
}
@@ -1883,7 +1885,8 @@
push(@implContent, " ${className}* domObject = jsCast<$className*>(asObject(slotBase));\n");
if ($dataNode->extendedAttributes->{"CheckSecurity"}) {
- push(@implContent, " if (!domObject->allowsAccessFrom(exec))\n");
+ $implIncludes{"BindingSecurity.h"} = 1;
+ push(@implContent, " if (!BindingSecurity::shouldAllowAccessToDOMWindow(exec, domObject->impl()))\n");
push(@implContent, " return jsUndefined();\n");
}
@@ -1958,7 +1961,8 @@
if ($dataNode->extendedAttributes->{"CheckSecurity"} && !$attribute->signature->extendedAttributes->{"DoNotCheckSecurity"}) {
if ($interfaceName eq "DOMWindow") {
- push(@implContent, " if (!jsCast<$className*>(thisObject)->allowsAccessFrom(exec))\n");
+ $implIncludes{"BindingSecurity.h"} = 1;
+ push(@implContent, " if (!BindingSecurity::shouldAllowAccessToDOMWindow(exec, jsCast<$className*>(thisObject)->impl()))\n");
} else {
push(@implContent, " if (!shouldAllowAccessToFrame(exec, jsCast<$className*>(thisObject)->impl()->frame()))\n");
}
@@ -2087,7 +2091,8 @@
push(@implContent, "{\n");
if ($dataNode->extendedAttributes->{"CheckSecurity"}) {
if ($interfaceName eq "DOMWindow") {
- push(@implContent, " if (!jsCast<$className*>(thisObject)->allowsAccessFrom(exec))\n");
+ $implIncludes{"BindingSecurity.h"} = 1;
+ push(@implContent, " if (!BindingSecurity::shouldAllowAccessToDOMWindow(exec, jsCast<$className*>(thisObject)->impl()))\n");
} else {
push(@implContent, " if (!shouldAllowAccessToFrame(exec, jsCast<$className*>(thisObject)->impl()->frame()))\n");
}
@@ -2194,7 +2199,8 @@
if ($dataNode->extendedAttributes->{"CheckSecurity"} and
!$function->signature->extendedAttributes->{"DoNotCheckSecurity"}) {
- push(@implContent, " if (!castedThis->allowsAccessFrom(exec))\n");
+ $implIncludes{"BindingSecurity.h"} = 1;
+ push(@implContent, " if (!BindingSecurity::shouldAllowAccessToDOMWindow(exec, castedThis->impl()))\n");
push(@implContent, " return JSValue::encode(jsUndefined());\n");
}
