Changeset 105310 in webkit


Ignore:
Timestamp:
Jan 18, 2012 12:59:10 PM (12 years ago)
Author:
vsevik@chromium.org
Message:

Web Inspector: Unsafe cross origin access errors should show stack trace in console.
https://bugs.webkit.org/show_bug.cgi?id=73099

Reviewed by Pavel Feldman.

Source/WebCore:

Test: http/tests/inspector/console-cross-origin-iframe-logging.html

  • bindings/v8/V8Proxy.cpp:

(WebCore::V8Proxy::reportUnsafeAccessTo):

  • dom/ScriptExecutionContext.cpp:

(WebCore::ScriptExecutionContext::addConsoleMessage):

  • dom/ScriptExecutionContext.h:
  • loader/FrameLoader.cpp:

(WebCore::FrameLoader::shouldAllowNavigation):

  • page/Console.cpp:

(WebCore::Console::addMessage):

  • page/Console.h:
  • page/DOMWindow.cpp:

(WebCore::PostMessageTimer::PostMessageTimer):
(WebCore::PostMessageTimer::stackTrace):
(WebCore::DOMWindow::postMessage):
(WebCore::DOMWindow::postMessageTimerFired):
(WebCore::DOMWindow::printErrorMessage):

LayoutTests:

  • http/tests/inspector/console-cross-origin-iframe-logging-expected.txt: Added.
  • http/tests/inspector/console-cross-origin-iframe-logging.html: Added.
  • http/tests/inspector/resources/cross-origin-iframe.html: Added.
  • platform/chromium/http/tests/inspector/console-cross-origin-iframe-logging-expected.txt: Added.
Location:
trunk
Files:
4 added
9 edited

Legend:

Unmodified
Added
Removed
  • trunk/LayoutTests/ChangeLog

    r105307 r105310  
     12012-01-18  Vsevolod Vlasov  <vsevik@chromium.org>
     2
     3        Web Inspector: Unsafe cross origin access errors should show stack trace in console.
     4        https://bugs.webkit.org/show_bug.cgi?id=73099
     5
     6        Reviewed by Pavel Feldman.
     7
     8        * http/tests/inspector/console-cross-origin-iframe-logging-expected.txt: Added.
     9        * http/tests/inspector/console-cross-origin-iframe-logging.html: Added.
     10        * http/tests/inspector/resources/cross-origin-iframe.html: Added.
     11        * platform/chromium/http/tests/inspector/console-cross-origin-iframe-logging-expected.txt: Added.
     12
    1132012-01-18  Alexey Proskuryakov  <ap@apple.com>
    214
  • trunk/Source/WebCore/ChangeLog

    r105308 r105310  
     12012-01-18  Vsevolod Vlasov  <vsevik@chromium.org>
     2
     3        Web Inspector: Unsafe cross origin access errors should show stack trace in console.
     4        https://bugs.webkit.org/show_bug.cgi?id=73099
     5
     6        Reviewed by Pavel Feldman.
     7
     8        Test: http/tests/inspector/console-cross-origin-iframe-logging.html
     9
     10        * bindings/v8/V8Proxy.cpp:
     11        (WebCore::V8Proxy::reportUnsafeAccessTo):
     12        * dom/ScriptExecutionContext.cpp:
     13        (WebCore::ScriptExecutionContext::addConsoleMessage):
     14        * dom/ScriptExecutionContext.h:
     15        * loader/FrameLoader.cpp:
     16        (WebCore::FrameLoader::shouldAllowNavigation):
     17        * page/Console.cpp:
     18        (WebCore::Console::addMessage):
     19        * page/Console.h:
     20        * page/DOMWindow.cpp:
     21        (WebCore::PostMessageTimer::PostMessageTimer):
     22        (WebCore::PostMessageTimer::stackTrace):
     23        (WebCore::DOMWindow::postMessage):
     24        (WebCore::DOMWindow::postMessageTimerFired):
     25        (WebCore::DOMWindow::printErrorMessage):
     26
    1272012-01-18  Pablo Flouret  <pablof@motorola.com>
    228
  • trunk/Source/WebCore/bindings/v8/V8Proxy.cpp

    r104694 r105310  
    4444#include "InspectorInstrumentation.h"
    4545#include "PlatformSupport.h"
     46#include "ScriptCallStack.h"
     47#include "ScriptCallStackFactory.h"
    4648#include "ScriptSourceCode.h"
    4749#include "SecurityOrigin.h"
     
    138140                 " from frame with URL " + sourceDocument->url().string() + ". Domains, protocols and ports must match.\n";
    139141
     142    RefPtr<ScriptCallStack> stackTrace = createScriptCallStack(ScriptCallStack::maxCallStackSizeToCapture, true);
     143
    140144    // NOTE: Safari prints the message in the target page, but it seems like
    141145    // it should be in the source page. Even for delayed messages, we put it in
    142146    // the source page.
    143     sourceDocument->addConsoleMessage(JSMessageSource, LogMessageType, ErrorMessageLevel, str);
     147    sourceDocument->addConsoleMessage(JSMessageSource, LogMessageType, ErrorMessageLevel, str, stackTrace.release());
    144148}
    145149
  • trunk/Source/WebCore/dom/ScriptExecutionContext.cpp

    r104803 r105310  
    333333}
    334334
     335void ScriptExecutionContext::addConsoleMessage(MessageSource source, MessageType type, MessageLevel level, const String& message, PassRefPtr<ScriptCallStack> callStack)
     336{
     337    addMessage(source, type, level, message, String(), 0, callStack);
     338}
     339
     340
    335341bool ScriptExecutionContext::dispatchErrorEvent(const String& errorMessage, int lineNumber, const String& sourceURL)
    336342{
  • trunk/Source/WebCore/dom/ScriptExecutionContext.h

    r104803 r105310  
    9494    void reportException(const String& errorMessage, int lineNumber, const String& sourceURL, PassRefPtr<ScriptCallStack>);
    9595    void addConsoleMessage(MessageSource, MessageType, MessageLevel, const String& message, const String& sourceURL = String(), unsigned lineNumber = 0, PassRefPtr<ScriptCallStack> = 0);
     96    void addConsoleMessage(MessageSource, MessageType, MessageLevel, const String& message, PassRefPtr<ScriptCallStack>);
    9697
    9798    // Active objects are not garbage collected even if inaccessible, e.g. because their activity may result in callbacks being invoked.
  • trunk/Source/WebCore/loader/FrameLoader.cpp

    r104803 r105310  
    8888#include "ResourceRequest.h"
    8989#include "SchemeRegistry.h"
    90 #include "ScrollAnimator.h"
     90#include "ScriptCallStack.h"
     91#include "ScriptCallStackFactory.h"
    9192#include "ScriptController.h"
    9293#include "ScriptSourceCode.h"
     94#include "ScrollAnimator.h"
    9395#include "SecurityOrigin.h"
    9496#include "SecurityPolicy.h"
     
    15611563        return true;
    15621564
    1563     Settings* settings = targetFrame->settings();
    1564     if (settings && !settings->privateBrowsingEnabled()) {
    1565         Document* targetDocument = targetFrame->document();
    1566         // FIXME: this error message should contain more specifics of why the navigation change is not allowed.
    1567         String message = "Unsafe JavaScript attempt to initiate a navigation change for frame with URL " +
    1568                          targetDocument->url().string() + " from frame with URL " + activeDocument->url().string() + ".\n";
    1569 
    1570         // FIXME: should we print to the console of the activeFrame as well?
    1571         targetFrame->domWindow()->console()->addMessage(JSMessageSource, LogMessageType, ErrorMessageLevel, message);
    1572     }
    1573    
     1565    Document* targetDocument = targetFrame->document();
     1566    // FIXME: this error message should contain more specifics of why the navigation change is not allowed.
     1567    String message = "Unsafe JavaScript attempt to initiate a navigation change for frame with URL " +
     1568                     targetDocument->url().string() + " from frame with URL " + activeDocument->url().string() + ".\n";
     1569
     1570    // FIXME: should we print to the console of the activeFrame as well?
     1571    targetFrame->domWindow()->printErrorMessage(message);
     1572
    15741573    return false;
    15751574}
  • trunk/Source/WebCore/page/Console.cpp

    r104803 r105310  
    129129}
    130130
     131void addMessage(MessageSource, MessageType, MessageLevel, const String& message, PassRefPtr<ScriptCallStack>);
     132
     133void Console::addMessage(MessageSource source, MessageType type, MessageLevel level, const String& message, PassRefPtr<ScriptCallStack> callStack)
     134{
     135    addMessage(source, type, level, message, String(), 0, callStack);
     136}
     137
    131138void Console::addMessage(MessageSource source, MessageType type, MessageLevel level, const String& message, const String& sourceURL, unsigned lineNumber, PassRefPtr<ScriptCallStack> callStack)
    132139{
  • trunk/Source/WebCore/page/Console.h

    r104803 r105310  
    5757
    5858    void addMessage(MessageSource, MessageType, MessageLevel, const String& message, const String& sourceURL = String(), unsigned lineNumber = 0, PassRefPtr<ScriptCallStack> = 0);
     59    void addMessage(MessageSource, MessageType, MessageLevel, const String& message, PassRefPtr<ScriptCallStack>);
    5960
    6061    void debug(PassRefPtr<ScriptArguments>, PassRefPtr<ScriptCallStack>);
  • trunk/Source/WebCore/page/DOMWindow.cpp

    r104803 r105310  
    8484#include "ScheduledAction.h"
    8585#include "Screen.h"
     86#include "ScriptCallStack.h"
     87#include "ScriptCallStackFactory.h"
    8688#include "SecurityOrigin.h"
    8789#include "SerializedScriptValue.h"
     
    124126class PostMessageTimer : public TimerBase {
    125127public:
    126     PostMessageTimer(DOMWindow* window, PassRefPtr<SerializedScriptValue> message, const String& sourceOrigin, PassRefPtr<DOMWindow> source, PassOwnPtr<MessagePortChannelArray> channels, SecurityOrigin* targetOrigin)
     128    PostMessageTimer(DOMWindow* window, PassRefPtr<SerializedScriptValue> message, const String& sourceOrigin, PassRefPtr<DOMWindow> source, PassOwnPtr<MessagePortChannelArray> channels, SecurityOrigin* targetOrigin, PassRefPtr<ScriptCallStack> stackTrace)
    127129        : m_window(window)
    128130        , m_message(message)
     
    131133        , m_channels(channels)
    132134        , m_targetOrigin(targetOrigin)
     135        , m_stackTrace(stackTrace)
    133136    {
    134137    }
     
    140143    }
    141144    SecurityOrigin* targetOrigin() const { return m_targetOrigin.get(); }
     145    ScriptCallStack* stackTrace() const { return m_stackTrace.get(); }
    142146
    143147private:
     
    154158    OwnPtr<MessagePortChannelArray> m_channels;
    155159    RefPtr<SecurityOrigin> m_targetOrigin;
     160    RefPtr<ScriptCallStack> m_stackTrace;
    156161};
    157162
     
    859864    String sourceOrigin = sourceDocument->securityOrigin()->toString();
    860865
     866    // Capture stack trace only when inspector front-end is loaded as it may be time consuming.
     867    RefPtr<ScriptCallStack> stackTrace;
     868    if (InspectorInstrumentation::hasFrontends())
     869        stackTrace = createScriptCallStack(ScriptCallStack::maxCallStackSizeToCapture, true);
     870
    861871    // Schedule the message.
    862     PostMessageTimer* timer = new PostMessageTimer(this, message, sourceOrigin, source, channels.release(), target.get());
     872    PostMessageTimer* timer = new PostMessageTimer(this, message, sourceOrigin, source, channels.release(), target.get(), stackTrace.release());
    863873    timer->startOneShot(0);
    864874}
     
    884894            String message = "Unable to post message to " + timer->targetOrigin()->toString() +
    885895                             ". Recipient has origin " + document()->securityOrigin()->toString() + ".\n";
    886             console()->addMessage(JSMessageSource, LogMessageType, ErrorMessageLevel, message);
     896            console()->addMessage(JSMessageSource, LogMessageType, ErrorMessageLevel, message, timer->stackTrace());
    887897            return;
    888898        }
     
    17111721
    17121722    // FIXME: Add arguments so that we can provide a correct source URL and line number.
    1713     console()->addMessage(JSMessageSource, LogMessageType, ErrorMessageLevel, message);
     1723    RefPtr<ScriptCallStack> stackTrace = createScriptCallStack(ScriptCallStack::maxCallStackSizeToCapture, true);
     1724    console()->addMessage(JSMessageSource, LogMessageType, ErrorMessageLevel, message, stackTrace.release());
    17141725}
    17151726
Note: See TracChangeset for help on using the changeset viewer.