Changeset 106618 in webkit
- Timestamp:
- Feb 2, 2012 7:23:45 PM (12 years ago)
- Location:
- trunk/Source/WebCore
- Files:
-
- 13 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/Source/WebCore/ChangeLog
r106615 r106618 1 2012-02-02 Adam Barth <abarth@webkit.org> 2 3 Rename checkNodeSecurity and allowsAccessFromFrame to have sensible names 4 https://bugs.webkit.org/show_bug.cgi?id=75796 5 6 Reviewed by Eric Seidel. 7 8 As requested by Darin Adler, this patch renames these functions be 9 clear that we're asking whether the access should be allowed rather 10 than explicitly allowing the access. 11 12 * bindings/generic/BindingSecurity.h: 13 (BindingSecurity): 14 (WebCore::::shouldAllowAccessToNode): 15 (WebCore::::allowSettingFrameSrcToJavascriptUrl): 16 * bindings/js/JSDOMBinding.cpp: 17 (WebCore::shouldAllowAccessToNode): 18 (WebCore::shouldAllowAccessToFrame): 19 * bindings/js/JSDOMBinding.h: 20 (WebCore): 21 * bindings/js/JSHTMLFrameElementCustom.cpp: 22 (WebCore::allowSettingJavascriptURL): 23 * bindings/js/JSHistoryCustom.cpp: 24 (WebCore::JSHistory::getOwnPropertySlotDelegate): 25 (WebCore::JSHistory::getOwnPropertyDescriptorDelegate): 26 (WebCore::JSHistory::putDelegate): 27 (WebCore::JSHistory::deleteProperty): 28 (WebCore::JSHistory::getOwnPropertyNames): 29 * bindings/js/JSLocationCustom.cpp: 30 (WebCore::JSLocation::getOwnPropertySlotDelegate): 31 (WebCore::JSLocation::getOwnPropertyDescriptorDelegate): 32 (WebCore::JSLocation::putDelegate): 33 (WebCore::JSLocation::deleteProperty): 34 (WebCore::JSLocation::getOwnPropertyNames): 35 (WebCore::JSLocation::toStringFunction): 36 * bindings/js/ScriptController.cpp: 37 (WebCore::ScriptController::canAccessFromCurrentOrigin): 38 * bindings/scripts/CodeGeneratorJS.pm: 39 (GenerateGetOwnPropertyDescriptorBody): 40 (GenerateImplementation): 41 * bindings/scripts/CodeGeneratorV8.pm: 42 (GenerateNormalAttrGetter): 43 (GenerateFunctionCallback): 44 * bindings/scripts/test/JS/JSTestActiveDOMObject.cpp: 45 (WebCore::JSTestActiveDOMObject::getOwnPropertyDescriptor): 46 * bindings/scripts/test/JS/JSTestObj.cpp: 47 (WebCore::jsTestObjContentDocument): 48 (WebCore::jsTestObjPrototypeFunctionGetSVGDocument): 49 * bindings/scripts/test/V8/V8TestObj.cpp: 50 (WebCore::TestObjInternal::contentDocumentAttrGetter): 51 (WebCore::TestObjInternal::getSVGDocumentCallback): 52 1 53 2012-02-02 Kalev Lember <kalevlember@gmail.com> 2 54 -
trunk/Source/WebCore/bindings/generic/BindingSecurity.h
r104412 r106618 56 56 // Check if it is safe to access the given node from the 57 57 // current security context. 58 static bool allowAccessToNode(State<Binding>*, Node* target);58 static bool shouldAllowAccessToNode(State<Binding>*, Node* target); 59 59 60 60 static bool allowPopUp(State<Binding>*); … … 102 102 103 103 template <class Binding> 104 bool BindingSecurity<Binding>:: allowAccessToNode(State<Binding>* state, Node* node)104 bool BindingSecurity<Binding>::shouldAllowAccessToNode(State<Binding>* state, Node* node) 105 105 { 106 106 if (!node) … … 132 132 if (protocolIsJavaScript(stripLeadingAndTrailingHTMLSpaces(value))) { 133 133 Node* contentDoc = frame->contentDocument(); 134 if (contentDoc && ! allowAccessToNode(state, contentDoc))134 if (contentDoc && !shouldAllowAccessToNode(state, contentDoc)) 135 135 return false; 136 136 } -
trunk/Source/WebCore/bindings/js/JSDOMBinding.cpp
r105698 r106618 217 217 } 218 218 219 bool allowAccessToNode(ExecState* exec, Node* node)220 { 221 return node && allowAccessToFrame(exec, node->document()->frame());222 } 223 224 bool allowAccessToFrame(ExecState* exec, Frame* frame)219 bool shouldAllowAccessToNode(ExecState* exec, Node* node) 220 { 221 return node && shouldAllowAccessToFrame(exec, node->document()->frame()); 222 } 223 224 bool shouldAllowAccessToFrame(ExecState* exec, Frame* frame) 225 225 { 226 226 if (!frame) … … 230 230 } 231 231 232 bool allowAccessToFrame(ExecState* exec, Frame* frame, String& message)232 bool shouldAllowAccessToFrame(ExecState* exec, Frame* frame, String& message) 233 233 { 234 234 if (!frame) -
trunk/Source/WebCore/bindings/js/JSDOMBinding.h
r106384 r106618 282 282 283 283 // FIXME: Implement allowAccessToContext(JSC::ExecState*, ScriptExecutionContext*); 284 bool allowAccessToNode(JSC::ExecState*, Node*);285 bool allowAccessToFrame(JSC::ExecState*, Frame*);286 bool allowAccessToFrame(JSC::ExecState*, Frame*, String& message);284 bool shouldAllowAccessToNode(JSC::ExecState*, Node*); 285 bool shouldAllowAccessToFrame(JSC::ExecState*, Frame*); 286 bool shouldAllowAccessToFrame(JSC::ExecState*, Frame*, String& message); 287 287 // FIXME: Implement allowAccessToDOMWindow(JSC::ExecState*, DOMWindow*); 288 288 -
trunk/Source/WebCore/bindings/js/JSHTMLFrameElementCustom.cpp
r104412 r106618 46 46 if (protocolIsJavaScript(stripLeadingAndTrailingHTMLSpaces(value))) { 47 47 Document* contentDocument = imp->contentDocument(); 48 if (contentDocument && ! allowAccessToNode(exec, contentDocument))48 if (contentDocument && !shouldAllowAccessToNode(exec, contentDocument)) 49 49 return false; 50 50 } -
trunk/Source/WebCore/bindings/js/JSHistoryCustom.cpp
r104412 r106618 62 62 // allowed, return false so the normal lookup will take place. 63 63 String message; 64 if ( allowAccessToFrame(exec, impl()->frame(), message))64 if (shouldAllowAccessToFrame(exec, impl()->frame(), message)) 65 65 return false; 66 66 … … 102 102 103 103 // Throw out all cross domain access 104 if (! allowAccessToFrame(exec, impl()->frame()))104 if (!shouldAllowAccessToFrame(exec, impl()->frame())) 105 105 return true; 106 106 … … 142 142 { 143 143 // Only allow putting by frames in the same origin. 144 if (! allowAccessToFrame(exec, impl()->frame()))144 if (!shouldAllowAccessToFrame(exec, impl()->frame())) 145 145 return true; 146 146 return false; … … 151 151 JSHistory* thisObject = jsCast<JSHistory*>(cell); 152 152 // Only allow deleting by frames in the same origin. 153 if (! allowAccessToFrame(exec, thisObject->impl()->frame()))153 if (!shouldAllowAccessToFrame(exec, thisObject->impl()->frame())) 154 154 return false; 155 155 return Base::deleteProperty(thisObject, exec, propertyName); … … 160 160 JSHistory* thisObject = jsCast<JSHistory*>(object); 161 161 // Only allow the history object to enumerated by frames in the same origin. 162 if (! allowAccessToFrame(exec, thisObject->impl()->frame()))162 if (!shouldAllowAccessToFrame(exec, thisObject->impl()->frame())) 163 163 return; 164 164 Base::getOwnPropertyNames(thisObject, exec, propertyNames, mode); -
trunk/Source/WebCore/bindings/js/JSLocationCustom.cpp
r105698 r106618 60 60 // allowed, return false so the normal lookup will take place. 61 61 String message; 62 if ( allowAccessToFrame(exec, frame, message))62 if (shouldAllowAccessToFrame(exec, frame, message)) 63 63 return false; 64 64 … … 96 96 97 97 // throw out all cross domain access 98 if (! allowAccessToFrame(exec, frame))98 if (!shouldAllowAccessToFrame(exec, frame)) 99 99 return true; 100 100 … … 135 135 return true; 136 136 137 bool sameDomainAccess = allowAccessToFrame(exec, frame);137 bool sameDomainAccess = shouldAllowAccessToFrame(exec, frame); 138 138 139 139 const HashEntry* entry = JSLocation::s_info.propHashTable(exec)->entry(exec, propertyName); … … 157 157 JSLocation* thisObject = jsCast<JSLocation*>(cell); 158 158 // Only allow deleting by frames in the same origin. 159 if (! allowAccessToFrame(exec, thisObject->impl()->frame()))159 if (!shouldAllowAccessToFrame(exec, thisObject->impl()->frame())) 160 160 return false; 161 161 return Base::deleteProperty(thisObject, exec, propertyName); … … 166 166 JSLocation* thisObject = jsCast<JSLocation*>(object); 167 167 // Only allow the location object to enumerated by frames in the same origin. 168 if (! allowAccessToFrame(exec, thisObject->impl()->frame()))168 if (!shouldAllowAccessToFrame(exec, thisObject->impl()->frame())) 169 169 return; 170 170 Base::getOwnPropertyNames(thisObject, exec, propertyNames, mode); … … 271 271 { 272 272 Frame* frame = impl()->frame(); 273 if (!frame || ! allowAccessToFrame(exec, frame))273 if (!frame || !shouldAllowAccessToFrame(exec, frame)) 274 274 return jsUndefined(); 275 275 -
trunk/Source/WebCore/bindings/js/ScriptController.cpp
r106043 r106618 248 248 ExecState* exec = JSMainThreadExecState::currentState(); 249 249 if (exec) 250 return allowAccessToFrame(exec, frame);250 return shouldAllowAccessToFrame(exec, frame); 251 251 // If the current state is 0 we're in a call path where the DOM security 252 252 // check doesn't apply (eg. parser). -
trunk/Source/WebCore/bindings/scripts/CodeGeneratorJS.pm
r106575 r106618 500 500 push(@implContent, " if (!thisObject->allowsAccessFrom(exec))\n"); 501 501 } else { 502 push(@implContent, " if (! allowAccessToFrame(exec, thisObject->impl()->frame()))\n");502 push(@implContent, " if (!shouldAllowAccessToFrame(exec, thisObject->impl()->frame()))\n"); 503 503 } 504 504 push(@implContent, " return false;\n"); … … 1701 1701 $implIncludes{"JSDOMBinding.h"} = 1; 1702 1702 push(@implContent, " $implClassName* impl = static_cast<$implClassName*>(castedThis->impl());\n"); 1703 push(@implContent, " return allowAccessToNode(exec, impl->" . $attribute->signature->name . "()) ? " . NativeToJSValue($attribute->signature, 0, $implClassName, "impl->$implGetterFunctionName()", "castedThis") . " : jsUndefined();\n");1703 push(@implContent, " return shouldAllowAccessToNode(exec, impl->" . $attribute->signature->name . "()) ? " . NativeToJSValue($attribute->signature, 0, $implClassName, "impl->$implGetterFunctionName()", "castedThis") . " : jsUndefined();\n"); 1704 1704 } elsif ($type eq "EventListener") { 1705 1705 $implIncludes{"EventListener.h"} = 1; … … 1890 1890 push(@implContent, " if (!static_cast<$className*>(thisObject)->allowsAccessFrom(exec))\n"); 1891 1891 } else { 1892 push(@implContent, " if (! allowAccessToFrame(exec, static_cast<$className*>(thisObject)->impl()->frame()))\n");1892 push(@implContent, " if (!shouldAllowAccessToFrame(exec, static_cast<$className*>(thisObject)->impl()->frame()))\n"); 1893 1893 } 1894 1894 push(@implContent, " return;\n"); … … 2018 2018 push(@implContent, " if (!static_cast<$className*>(thisObject)->allowsAccessFrom(exec))\n"); 2019 2019 } else { 2020 push(@implContent, " if (! allowAccessToFrame(exec, static_cast<$className*>(thisObject)->impl()->frame()))\n");2020 push(@implContent, " if (!shouldAllowAccessToFrame(exec, static_cast<$className*>(thisObject)->impl()->frame()))\n"); 2021 2021 } 2022 2022 push(@implContent, " return;\n"); … … 2132 2132 2133 2133 if ($function->signature->extendedAttributes->{"CheckAccessToNode"} and !$function->isStatic) { 2134 push(@implContent, " if (! allowAccessToNode(exec, impl->" . $function->signature->name . "(" . (@{$function->raisesExceptions} ? "ec" : "") .")))\n");2134 push(@implContent, " if (!shouldAllowAccessToNode(exec, impl->" . $function->signature->name . "(" . (@{$function->raisesExceptions} ? "ec" : "") .")))\n"); 2135 2135 push(@implContent, " return JSValue::encode(jsUndefined());\n"); 2136 2136 $implIncludes{"JSDOMBinding.h"} = 1; -
trunk/Source/WebCore/bindings/scripts/CodeGeneratorV8.pm
r106605 r106618 855 855 # Generate security checks if necessary 856 856 if ($attribute->signature->extendedAttributes->{"CheckAccessToNode"}) { 857 push(@implContentDecls, " if (!V8BindingSecurity:: allowAccessToNode(V8BindingState::Only(), imp->" . $attribute->signature->name . "()))\n return v8::Handle<v8::Value>();\n\n");857 push(@implContentDecls, " if (!V8BindingSecurity::shouldAllowAccessToNode(V8BindingState::Only(), imp->" . $attribute->signature->name . "()))\n return v8::Handle<v8::Value>();\n\n"); 858 858 } 859 859 … … 1439 1439 } 1440 1440 if ($function->signature->extendedAttributes->{"CheckAccessToNode"}) { 1441 push(@implContentDecls, " if (!V8BindingSecurity:: allowAccessToNode(V8BindingState::Only(), imp->" . $function->signature->name . "(ec)))\n");1441 push(@implContentDecls, " if (!V8BindingSecurity::shouldAllowAccessToNode(V8BindingState::Only(), imp->" . $function->signature->name . "(ec)))\n"); 1442 1442 push(@implContentDecls, " return v8::Handle<v8::Value>();\n"); 1443 1443 END -
trunk/Source/WebCore/bindings/scripts/test/JS/JSTestActiveDOMObject.cpp
r105813 r106618 145 145 JSTestActiveDOMObject* thisObject = jsCast<JSTestActiveDOMObject*>(object); 146 146 ASSERT_GC_OBJECT_INHERITS(thisObject, &s_info); 147 if (! allowAccessToFrame(exec, thisObject->impl()->frame()))147 if (!shouldAllowAccessToFrame(exec, thisObject->impl()->frame())) 148 148 return false; 149 149 return getStaticValueDescriptor<JSTestActiveDOMObject, Base>(exec, &JSTestActiveDOMObjectTable, thisObject, propertyName, descriptor); -
trunk/Source/WebCore/bindings/scripts/test/JS/JSTestObj.cpp
r106528 r106618 763 763 JSTestObj* castedThis = static_cast<JSTestObj*>(asObject(slotBase)); 764 764 TestObj* impl = static_cast<TestObj*>(castedThis->impl()); 765 return allowAccessToNode(exec, impl->contentDocument()) ? toJS(exec, castedThis->globalObject(), WTF::getPtr(impl->contentDocument())) : jsUndefined();765 return shouldAllowAccessToNode(exec, impl->contentDocument()) ? toJS(exec, castedThis->globalObject(), WTF::getPtr(impl->contentDocument())) : jsUndefined(); 766 766 } 767 767 … … 1940 1940 TestObj* impl = static_cast<TestObj*>(castedThis->impl()); 1941 1941 ExceptionCode ec = 0; 1942 if (! allowAccessToNode(exec, impl->getSVGDocument(ec)))1942 if (!shouldAllowAccessToNode(exec, impl->getSVGDocument(ec))) 1943 1943 return JSValue::encode(jsUndefined()); 1944 1944 -
trunk/Source/WebCore/bindings/scripts/test/V8/V8TestObj.cpp
r106536 r106618 770 770 INC_STATS("DOM.TestObj.contentDocument._get"); 771 771 TestObj* imp = V8TestObj::toNative(info.Holder()); 772 if (!V8BindingSecurity:: allowAccessToNode(V8BindingState::Only(), imp->contentDocument()))772 if (!V8BindingSecurity::shouldAllowAccessToNode(V8BindingState::Only(), imp->contentDocument())) 773 773 return v8::Handle<v8::Value>(); 774 774 … … 1434 1434 ExceptionCode ec = 0; 1435 1435 { 1436 if (!V8BindingSecurity:: allowAccessToNode(V8BindingState::Only(), imp->getSVGDocument(ec)))1436 if (!V8BindingSecurity::shouldAllowAccessToNode(V8BindingState::Only(), imp->getSVGDocument(ec))) 1437 1437 return v8::Handle<v8::Value>(); 1438 1438 RefPtr<SVGDocument> result = imp->getSVGDocument(ec);
Note: See TracChangeset
for help on using the changeset viewer.