- Revision
- 141621
- Author
- [email protected]
- Date
- 2013-02-01 11:58:47 -0800 (Fri, 01 Feb 2013)
Log Message
Remove call to SecurityOrigin::canAccessDatabase from IDB constructor.
https://bugs.webkit.org/show_bug.cgi?id=108477
Reviewed by Adam Barth.
Source/WebCore:
This change removes the 'SecurityOrigin::canAccessDatabase' check from
the constructor for the 'indexedDB' property on both DOMWindow and
WorkerContext. After the patch for http://wkbug.com/94171 this check
is redundant, as all the entry points to IDB are now gated on access
being granted.
As a side-effect, dropping the check in WorkerContextIndexedDatabase
allows us to stop holding a pointer to the ScriptExecutionContext we're
extending, which can only be a good thing.
The tests in storage/indexeddb should continue to pass.
* Modules/indexeddb/DOMWindowIndexedDatabase.cpp:
(WebCore::DOMWindowIndexedDatabase::indexedDB):
Drop the SecurityOrigin::canAccessDatabase check.
* Modules/indexeddb/WorkerContextIndexedDatabase.cpp:
(WebCore::WorkerContextIndexedDatabase::WorkerContextIndexedDatabase):
(WebCore::WorkerContextIndexedDatabase::from):
Drop the ScriptExecutionContext parameter from the class's
constructor and callsites.
(WebCore::WorkerContextIndexedDatabase::indexedDB):
Drop the SecurityOrigin::canAccessDatabase check.
* Modules/indexeddb/WorkerContextIndexedDatabase.h:
(WorkerContextIndexedDatabase):
Drop the stored pointer to ScriptExecutionContext, as we no longer
need it in ::indexedDB.
LayoutTests:
* http/tests/security/no-indexeddb-from-sandbox-expected.txt:
* http/tests/security/no-indexeddb-from-sandbox.html:
This test expected the 'webkitIndexedDB' property to be missing
entirely inside a sandbox. The expectation has been updated to
expect 'webkitIndexedDB.open()' to throw a SECURITY_ERR.
* platform/efl/TestExpectations:
* platform/mac-snowleopard/TestExpectations:
* platform/mac/TestExpectations:
* platform/qt/TestExpectations:
* platform/win/TestExpectations:
* platform/wincairo/TestExpectations:
This test was accidentally passing on a variety of platforms that
don't yet implement IndexedDB. Now that failure is distinguishable
we should skip it on a variety of platforms.
Modified Paths
Diff
Modified: trunk/LayoutTests/ChangeLog (141620 => 141621)
--- trunk/LayoutTests/ChangeLog 2013-02-01 19:54:03 UTC (rev 141620)
+++ trunk/LayoutTests/ChangeLog 2013-02-01 19:58:47 UTC (rev 141621)
@@ -1,3 +1,25 @@
+2013-02-01 Mike West <[email protected]>
+
+ Remove call to SecurityOrigin::canAccessDatabase from IDB constructor.
+ https://bugs.webkit.org/show_bug.cgi?id=108477
+
+ Reviewed by Adam Barth.
+
+ * http/tests/security/no-indexeddb-from-sandbox-expected.txt:
+ * http/tests/security/no-indexeddb-from-sandbox.html:
+ This test expected the 'webkitIndexedDB' property to be missing
+ entirely inside a sandbox. The expectation has been updated to
+ expect 'webkitIndexedDB.open()' to throw a SECURITY_ERR.
+ * platform/efl/TestExpectations:
+ * platform/mac-snowleopard/TestExpectations:
+ * platform/mac/TestExpectations:
+ * platform/qt/TestExpectations:
+ * platform/win/TestExpectations:
+ * platform/wincairo/TestExpectations:
+ This test was accidentally passing on a variety of platforms that
+ don't yet implement IndexedDB. Now that failure is distinguishable
+ we should skip it on a variety of platforms.
+
2013-02-01 Ryosuke Niwa <[email protected]>
Smart link can erroneously move caret after an URL when typing immediately before it
Modified: trunk/LayoutTests/http/tests/security/no-indexeddb-from-sandbox-expected.txt (141620 => 141621)
--- trunk/LayoutTests/http/tests/security/no-indexeddb-from-sandbox-expected.txt 2013-02-01 19:54:03 UTC (rev 141620)
+++ trunk/LayoutTests/http/tests/security/no-indexeddb-from-sandbox-expected.txt 2013-02-01 19:58:47 UTC (rev 141621)
@@ -1,2 +1,2 @@
-ALERT: PASS
+ALERT: PASS: db.open() threw a SECURITY_ERR!
Modified: trunk/LayoutTests/http/tests/security/no-indexeddb-from-sandbox.html (141620 => 141621)
--- trunk/LayoutTests/http/tests/security/no-indexeddb-from-sandbox.html 2013-02-01 19:54:03 UTC (rev 141620)
+++ trunk/LayoutTests/http/tests/security/no-indexeddb-from-sandbox.html 2013-02-01 19:58:47 UTC (rev 141621)
@@ -5,7 +5,15 @@
<iframe sandbox="allow-scripts"
src=""
<script>
- var db = window.webkitIndexedDB;
- alert(db ? 'FAIL' : 'PASS');
+ var db = window.webkitIndexedDB;
+ try {
+ db.open('test');
+ alert('FAIL: db.open() should throw a SECURITY_ERR in a sandbox.');
+ } catch (e) {
+ if (e.code === DOMException.SECURITY_ERR)
+ alert('PASS: db.open() threw a SECURITY_ERR!');
+ else
+ alert('FAIL: db.open() threw a ' + e.name);
+ }
</script>"
></iframe>
Modified: trunk/LayoutTests/platform/efl/TestExpectations (141620 => 141621)
--- trunk/LayoutTests/platform/efl/TestExpectations 2013-02-01 19:54:03 UTC (rev 141620)
+++ trunk/LayoutTests/platform/efl/TestExpectations 2013-02-01 19:58:47 UTC (rev 141621)
@@ -1125,6 +1125,7 @@
Bug(EFL) http/tests/security/cross-origin-indexeddb.html
Bug(EFL) http/tests/security/cross-origin-worker-indexeddb-allowed.html
Bug(EFL) http/tests/security/cross-origin-worker-indexeddb.html
+Bug(EFL) http/tests/security/no-indexeddb-from-sandbox.html
# Quota API is not supported.
Bug(EFL) storage/storageinfo-missing-arguments.html
Modified: trunk/LayoutTests/platform/mac/TestExpectations (141620 => 141621)
--- trunk/LayoutTests/platform/mac/TestExpectations 2013-02-01 19:54:03 UTC (rev 141620)
+++ trunk/LayoutTests/platform/mac/TestExpectations 2013-02-01 19:58:47 UTC (rev 141621)
@@ -139,6 +139,7 @@
http/tests/security/cross-origin-indexeddb.html
http/tests/security/cross-origin-worker-indexeddb-allowed.html
http/tests/security/cross-origin-worker-indexeddb.html
+http/tests/security/no-indexeddb-from-sandbox.html
# Remove from list after enabling CANVAS_PATH
fast/canvas/canvas-currentPath.html
Modified: trunk/LayoutTests/platform/mac-snowleopard/TestExpectations (141620 => 141621)
--- trunk/LayoutTests/platform/mac-snowleopard/TestExpectations 2013-02-01 19:54:03 UTC (rev 141620)
+++ trunk/LayoutTests/platform/mac-snowleopard/TestExpectations 2013-02-01 19:58:47 UTC (rev 141621)
@@ -138,6 +138,7 @@
http/tests/security/cross-origin-indexeddb.html
http/tests/security/cross-origin-worker-indexeddb-allowed.html
http/tests/security/cross-origin-worker-indexeddb.html
+http/tests/security/no-indexeddb-from-sandbox.html
# Philip's canvas tests that fail on SnowLeopard only
canvas/philip/tests/2d.gradient.interpolate.overlap.html
Modified: trunk/LayoutTests/platform/qt/TestExpectations (141620 => 141621)
--- trunk/LayoutTests/platform/qt/TestExpectations 2013-02-01 19:54:03 UTC (rev 141620)
+++ trunk/LayoutTests/platform/qt/TestExpectations 2013-02-01 19:58:47 UTC (rev 141621)
@@ -121,6 +121,7 @@
http/tests/security/cross-origin-indexeddb.html
http/tests/security/cross-origin-worker-indexeddb-allowed.html
http/tests/security/cross-origin-worker-indexeddb.html
+http/tests/security/no-indexeddb-from-sandbox.html
inspector/timeline/timeline-animation-frame.html
Modified: trunk/LayoutTests/platform/win/TestExpectations (141620 => 141621)
--- trunk/LayoutTests/platform/win/TestExpectations 2013-02-01 19:54:03 UTC (rev 141620)
+++ trunk/LayoutTests/platform/win/TestExpectations 2013-02-01 19:58:47 UTC (rev 141621)
@@ -1100,6 +1100,7 @@
http/tests/security/cross-origin-indexeddb.html
http/tests/security/cross-origin-worker-indexeddb-allowed.html
http/tests/security/cross-origin-worker-indexeddb.html
+http/tests/security/no-indexeddb-from-sandbox.html
# StorageTracker is not enabled.
storage/domstorage/localstorage/storagetracker
Modified: trunk/LayoutTests/platform/wincairo/TestExpectations (141620 => 141621)
--- trunk/LayoutTests/platform/wincairo/TestExpectations 2013-02-01 19:54:03 UTC (rev 141620)
+++ trunk/LayoutTests/platform/wincairo/TestExpectations 2013-02-01 19:58:47 UTC (rev 141621)
@@ -1622,6 +1622,7 @@
http/tests/security/cross-origin-indexeddb.html
http/tests/security/cross-origin-worker-indexeddb-allowed.html
http/tests/security/cross-origin-worker-indexeddb.html
+http/tests/security/no-indexeddb-from-sandbox.html
# StorageTracker is not enabled.
storage/domstorage/localstorage/storagetracker
Modified: trunk/Source/WebCore/ChangeLog (141620 => 141621)
--- trunk/Source/WebCore/ChangeLog 2013-02-01 19:54:03 UTC (rev 141620)
+++ trunk/Source/WebCore/ChangeLog 2013-02-01 19:58:47 UTC (rev 141621)
@@ -1,3 +1,37 @@
+2013-02-01 Mike West <[email protected]>
+
+ Remove call to SecurityOrigin::canAccessDatabase from IDB constructor.
+ https://bugs.webkit.org/show_bug.cgi?id=108477
+
+ Reviewed by Adam Barth.
+
+ This change removes the 'SecurityOrigin::canAccessDatabase' check from
+ the constructor for the 'indexedDB' property on both DOMWindow and
+ WorkerContext. After the patch for http://wkbug.com/94171 this check
+ is redundant, as all the entry points to IDB are now gated on access
+ being granted.
+
+ As a side-effect, dropping the check in WorkerContextIndexedDatabase
+ allows us to stop holding a pointer to the ScriptExecutionContext we're
+ extending, which can only be a good thing.
+
+ The tests in storage/indexeddb should continue to pass.
+
+ * Modules/indexeddb/DOMWindowIndexedDatabase.cpp:
+ (WebCore::DOMWindowIndexedDatabase::indexedDB):
+ Drop the SecurityOrigin::canAccessDatabase check.
+ * Modules/indexeddb/WorkerContextIndexedDatabase.cpp:
+ (WebCore::WorkerContextIndexedDatabase::WorkerContextIndexedDatabase):
+ (WebCore::WorkerContextIndexedDatabase::from):
+ Drop the ScriptExecutionContext parameter from the class's
+ constructor and callsites.
+ (WebCore::WorkerContextIndexedDatabase::indexedDB):
+ Drop the SecurityOrigin::canAccessDatabase check.
+ * Modules/indexeddb/WorkerContextIndexedDatabase.h:
+ (WorkerContextIndexedDatabase):
+ Drop the stored pointer to ScriptExecutionContext, as we no longer
+ need it in ::indexedDB.
+
2013-02-01 Beth Dakin <[email protected]>
Speculative Windows build fix.
Modified: trunk/Source/WebCore/Modules/indexeddb/DOMWindowIndexedDatabase.cpp (141620 => 141621)
--- trunk/Source/WebCore/Modules/indexeddb/DOMWindowIndexedDatabase.cpp 2013-02-01 19:54:03 UTC (rev 141620)
+++ trunk/Source/WebCore/Modules/indexeddb/DOMWindowIndexedDatabase.cpp 2013-02-01 19:58:47 UTC (rev 141621)
@@ -107,9 +107,6 @@
if (!page)
return 0;
- if (!document->securityOrigin()->canAccessDatabase())
- return 0;
-
if (!m_window->isCurrentlyDisplayedInFrame())
return 0;
Modified: trunk/Source/WebCore/Modules/indexeddb/WorkerContextIndexedDatabase.cpp (141620 => 141621)
--- trunk/Source/WebCore/Modules/indexeddb/WorkerContextIndexedDatabase.cpp 2013-02-01 19:54:03 UTC (rev 141620)
+++ trunk/Source/WebCore/Modules/indexeddb/WorkerContextIndexedDatabase.cpp 2013-02-01 19:58:47 UTC (rev 141621)
@@ -38,8 +38,7 @@
namespace WebCore {
-WorkerContextIndexedDatabase::WorkerContextIndexedDatabase(ScriptExecutionContext* context)
- : m_context(context)
+WorkerContextIndexedDatabase::WorkerContextIndexedDatabase()
{
}
@@ -56,7 +55,7 @@
{
WorkerContextIndexedDatabase* supplement = static_cast<WorkerContextIndexedDatabase*>(Supplement<ScriptExecutionContext>::from(context, supplementName()));
if (!supplement) {
- supplement = new WorkerContextIndexedDatabase(context);
+ supplement = new WorkerContextIndexedDatabase();
provideTo(context, supplementName(), adoptPtr(supplement));
}
return supplement;
@@ -69,8 +68,6 @@
IDBFactory* WorkerContextIndexedDatabase::indexedDB()
{
- if (!m_context->securityOrigin()->canAccessDatabase())
- return 0;
if (!m_factoryBackend)
m_factoryBackend = IDBFactoryBackendInterface::create();
if (!m_idbFactory)
Modified: trunk/Source/WebCore/Modules/indexeddb/WorkerContextIndexedDatabase.h (141620 => 141621)
--- trunk/Source/WebCore/Modules/indexeddb/WorkerContextIndexedDatabase.h 2013-02-01 19:54:03 UTC (rev 141620)
+++ trunk/Source/WebCore/Modules/indexeddb/WorkerContextIndexedDatabase.h 2013-02-01 19:58:47 UTC (rev 141621)
@@ -45,12 +45,11 @@
static IDBFactory* indexedDB(ScriptExecutionContext*);
private:
- explicit WorkerContextIndexedDatabase(ScriptExecutionContext*);
+ WorkerContextIndexedDatabase();
IDBFactory* indexedDB();
static const char* supplementName();
- ScriptExecutionContext* m_context;
RefPtr<IDBFactoryBackendInterface> m_factoryBackend;
RefPtr<IDBFactory> m_idbFactory;
};
