Changeset 106618 in webkit

Timestamp:

Feb 2, 2012 7:23:45 PM (12 years ago)

Author:

abarth@webkit.org

Message:

Rename checkNodeSecurity and allowsAccessFromFrame to have sensible names
​https://bugs.webkit.org/show_bug.cgi?id=75796

Reviewed by Eric Seidel.

As requested by Darin Adler, this patch renames these functions be
clear that we're asking whether the access should be allowed rather
than explicitly allowing the access.

• bindings/generic/BindingSecurity.h:

(BindingSecurity):
(WebCore::::shouldAllowAccessToNode):
(WebCore::::allowSettingFrameSrcToJavascriptUrl):

• bindings/js/JSDOMBinding.cpp:

(WebCore::shouldAllowAccessToNode):
(WebCore::shouldAllowAccessToFrame):

• bindings/js/JSDOMBinding.h:

(WebCore):

• bindings/js/JSHTMLFrameElementCustom.cpp:

(WebCore::allowSettingJavascriptURL):

• bindings/js/JSHistoryCustom.cpp:

(WebCore::JSHistory::getOwnPropertySlotDelegate):
(WebCore::JSHistory::getOwnPropertyDescriptorDelegate):
(WebCore::JSHistory::putDelegate):
(WebCore::JSHistory::deleteProperty):
(WebCore::JSHistory::getOwnPropertyNames):

• bindings/js/JSLocationCustom.cpp:

(WebCore::JSLocation::getOwnPropertySlotDelegate):
(WebCore::JSLocation::getOwnPropertyDescriptorDelegate):
(WebCore::JSLocation::putDelegate):
(WebCore::JSLocation::deleteProperty):
(WebCore::JSLocation::getOwnPropertyNames):
(WebCore::JSLocation::toStringFunction):

• bindings/js/ScriptController.cpp:

(WebCore::ScriptController::canAccessFromCurrentOrigin):

• bindings/scripts/CodeGeneratorJS.pm:

(GenerateGetOwnPropertyDescriptorBody):
(GenerateImplementation):

• bindings/scripts/CodeGeneratorV8.pm:

(GenerateNormalAttrGetter):
(GenerateFunctionCallback):

• bindings/scripts/test/JS/JSTestActiveDOMObject.cpp:

(WebCore::JSTestActiveDOMObject::getOwnPropertyDescriptor):

• bindings/scripts/test/JS/JSTestObj.cpp:

(WebCore::jsTestObjContentDocument):
(WebCore::jsTestObjPrototypeFunctionGetSVGDocument):

• bindings/scripts/test/V8/V8TestObj.cpp:

(WebCore::TestObjInternal::contentDocumentAttrGetter):
(WebCore::TestObjInternal::getSVGDocumentCallback):

Location:

trunk/Source/WebCore

Files:

• ChangeLog (modified) (1 diff)
• bindings/generic/BindingSecurity.h (modified) (3 diffs)
• bindings/js/JSDOMBinding.cpp (modified) (2 diffs)
• bindings/js/JSDOMBinding.h (modified) (1 diff)
• bindings/js/JSHTMLFrameElementCustom.cpp (modified) (1 diff)
• bindings/js/JSHistoryCustom.cpp (modified) (5 diffs)
• bindings/js/JSLocationCustom.cpp (modified) (6 diffs)
• bindings/js/ScriptController.cpp (modified) (1 diff)
• bindings/scripts/CodeGeneratorJS.pm (modified) (5 diffs)
• bindings/scripts/CodeGeneratorV8.pm (modified) (2 diffs)
• bindings/scripts/test/JS/JSTestActiveDOMObject.cpp (modified) (1 diff)
• bindings/scripts/test/JS/JSTestObj.cpp (modified) (2 diffs)
• bindings/scripts/test/V8/V8TestObj.cpp (modified) (2 diffs)

trunk/Source/WebCore/ChangeLog

@@ +1 @@
+2012-02-02  Adam Barth  <abarth@webkit.org>
+
+        Rename checkNodeSecurity and allowsAccessFromFrame to have sensible names
+        https://bugs.webkit.org/show_bug.cgi?id=75796
+
+        Reviewed by Eric Seidel.
+
+        As requested by Darin Adler, this patch renames these functions be
+        clear that we're asking whether the access should be allowed rather
+        than explicitly allowing the access.
+
+        * bindings/generic/BindingSecurity.h:
+        (BindingSecurity):
+        (WebCore::::shouldAllowAccessToNode):
+        (WebCore::::allowSettingFrameSrcToJavascriptUrl):
+        * bindings/js/JSDOMBinding.cpp:
+        (WebCore::shouldAllowAccessToNode):
+        (WebCore::shouldAllowAccessToFrame):
+        * bindings/js/JSDOMBinding.h:
+        (WebCore):
+        * bindings/js/JSHTMLFrameElementCustom.cpp:
+        (WebCore::allowSettingJavascriptURL):
+        * bindings/js/JSHistoryCustom.cpp:
+        (WebCore::JSHistory::getOwnPropertySlotDelegate):
+        (WebCore::JSHistory::getOwnPropertyDescriptorDelegate):
+        (WebCore::JSHistory::putDelegate):
+        (WebCore::JSHistory::deleteProperty):
+        (WebCore::JSHistory::getOwnPropertyNames):
+        * bindings/js/JSLocationCustom.cpp:
+        (WebCore::JSLocation::getOwnPropertySlotDelegate):
+        (WebCore::JSLocation::getOwnPropertyDescriptorDelegate):
+        (WebCore::JSLocation::putDelegate):
+        (WebCore::JSLocation::deleteProperty):
+        (WebCore::JSLocation::getOwnPropertyNames):
+        (WebCore::JSLocation::toStringFunction):
+        * bindings/js/ScriptController.cpp:
+        (WebCore::ScriptController::canAccessFromCurrentOrigin):
+        * bindings/scripts/CodeGeneratorJS.pm:
+        (GenerateGetOwnPropertyDescriptorBody):
+        (GenerateImplementation):
+        * bindings/scripts/CodeGeneratorV8.pm:
+        (GenerateNormalAttrGetter):
+        (GenerateFunctionCallback):
+        * bindings/scripts/test/JS/JSTestActiveDOMObject.cpp:
+        (WebCore::JSTestActiveDOMObject::getOwnPropertyDescriptor):
+        * bindings/scripts/test/JS/JSTestObj.cpp:
+        (WebCore::jsTestObjContentDocument):
+        (WebCore::jsTestObjPrototypeFunctionGetSVGDocument):
+        * bindings/scripts/test/V8/V8TestObj.cpp:
+        (WebCore::TestObjInternal::contentDocumentAttrGetter):
+        (WebCore::TestObjInternal::getSVGDocumentCallback):
+
 2012-02-02  Kalev Lember  <kalevlember@gmail.com>
 

trunk/Source/WebCore/bindings/generic/BindingSecurity.h

@@ -56 +56 @@
     // Check if it is safe to access the given node from the
     // current security context.
-    static bool allowAccessToNode(State<Binding>*, Node* target);
+    static bool shouldAllowAccessToNode(State<Binding>*, Node* target);
 
     static bool allowPopUp(State<Binding>*);
@@ -102 +102 @@
 
 template <class Binding>
-bool BindingSecurity<Binding>::allowAccessToNode(State<Binding>* state, Node* node)
+bool BindingSecurity<Binding>::shouldAllowAccessToNode(State<Binding>* state, Node* node)
 {
     if (!node)
@@ -132 +132 @@
     if (protocolIsJavaScript(stripLeadingAndTrailingHTMLSpaces(value))) {
         Node* contentDoc = frame->contentDocument();
-        if (contentDoc && !allowAccessToNode(state, contentDoc))
+        if (contentDoc && !shouldAllowAccessToNode(state, contentDoc))
             return false;
     }

trunk/Source/WebCore/bindings/js/JSDOMBinding.cpp

@@ -217 +217 @@
 }
 
-bool allowAccessToNode(ExecState* exec, Node* node)
-{
-    return node && allowAccessToFrame(exec, node->document()->frame());
-}
-
-bool allowAccessToFrame(ExecState* exec, Frame* frame)
+bool shouldAllowAccessToNode(ExecState* exec, Node* node)
+{
+    return node && shouldAllowAccessToFrame(exec, node->document()->frame());
+}
+
+bool shouldAllowAccessToFrame(ExecState* exec, Frame* frame)
 {
     if (!frame)
@@ -230 +230 @@
 }
 
-bool allowAccessToFrame(ExecState* exec, Frame* frame, String& message)
+bool shouldAllowAccessToFrame(ExecState* exec, Frame* frame, String& message)
 {
     if (!frame)

trunk/Source/WebCore/bindings/js/JSDOMBinding.h

@@ -282 +282 @@
 
     // FIXME: Implement allowAccessToContext(JSC::ExecState*, ScriptExecutionContext*);
-    bool allowAccessToNode(JSC::ExecState*, Node*);
-    bool allowAccessToFrame(JSC::ExecState*, Frame*);
-    bool allowAccessToFrame(JSC::ExecState*, Frame*, String& message);
+    bool shouldAllowAccessToNode(JSC::ExecState*, Node*);
+    bool shouldAllowAccessToFrame(JSC::ExecState*, Frame*);
+    bool shouldAllowAccessToFrame(JSC::ExecState*, Frame*, String& message);
     // FIXME: Implement allowAccessToDOMWindow(JSC::ExecState*, DOMWindow*);
 

trunk/Source/WebCore/bindings/js/JSHTMLFrameElementCustom.cpp

@@ -46 +46 @@
     if (protocolIsJavaScript(stripLeadingAndTrailingHTMLSpaces(value))) {
         Document* contentDocument = imp->contentDocument();
-        if (contentDocument && !allowAccessToNode(exec, contentDocument))
+        if (contentDocument && !shouldAllowAccessToNode(exec, contentDocument))
             return false;
     }

trunk/Source/WebCore/bindings/js/JSHistoryCustom.cpp

@@ -62 +62 @@
     // allowed, return false so the normal lookup will take place.
     String message;
-    if (allowAccessToFrame(exec, impl()->frame(), message))
+    if (shouldAllowAccessToFrame(exec, impl()->frame(), message))
         return false;
 
@@ -102 +102 @@
 
     // Throw out all cross domain access
-    if (!allowAccessToFrame(exec, impl()->frame()))
+    if (!shouldAllowAccessToFrame(exec, impl()->frame()))
         return true;
 
@@ -142 +142 @@
 {
     // Only allow putting by frames in the same origin.
-    if (!allowAccessToFrame(exec, impl()->frame()))
+    if (!shouldAllowAccessToFrame(exec, impl()->frame()))
         return true;
     return false;
@@ -151 +151 @@
     JSHistory* thisObject = jsCast<JSHistory*>(cell);
     // Only allow deleting by frames in the same origin.
-    if (!allowAccessToFrame(exec, thisObject->impl()->frame()))
+    if (!shouldAllowAccessToFrame(exec, thisObject->impl()->frame()))
         return false;
     return Base::deleteProperty(thisObject, exec, propertyName);
@@ -160 +160 @@
     JSHistory* thisObject = jsCast<JSHistory*>(object);
     // Only allow the history object to enumerated by frames in the same origin.
-    if (!allowAccessToFrame(exec, thisObject->impl()->frame()))
+    if (!shouldAllowAccessToFrame(exec, thisObject->impl()->frame()))
         return;
     Base::getOwnPropertyNames(thisObject, exec, propertyNames, mode);

trunk/Source/WebCore/bindings/js/JSLocationCustom.cpp

@@ -60 +60 @@
     // allowed, return false so the normal lookup will take place.
     String message;
-    if (allowAccessToFrame(exec, frame, message))
+    if (shouldAllowAccessToFrame(exec, frame, message))
         return false;
 
@@ -96 +96 @@
     
     // throw out all cross domain access
-    if (!allowAccessToFrame(exec, frame))
+    if (!shouldAllowAccessToFrame(exec, frame))
         return true;
     
@@ -135 +135 @@
         return true;
 
-    bool sameDomainAccess = allowAccessToFrame(exec, frame);
+    bool sameDomainAccess = shouldAllowAccessToFrame(exec, frame);
 
     const HashEntry* entry = JSLocation::s_info.propHashTable(exec)->entry(exec, propertyName);
@@ -157 +157 @@
     JSLocation* thisObject = jsCast<JSLocation*>(cell);
     // Only allow deleting by frames in the same origin.
-    if (!allowAccessToFrame(exec, thisObject->impl()->frame()))
+    if (!shouldAllowAccessToFrame(exec, thisObject->impl()->frame()))
         return false;
     return Base::deleteProperty(thisObject, exec, propertyName);
@@ -166 +166 @@
     JSLocation* thisObject = jsCast<JSLocation*>(object);
     // Only allow the location object to enumerated by frames in the same origin.
-    if (!allowAccessToFrame(exec, thisObject->impl()->frame()))
+    if (!shouldAllowAccessToFrame(exec, thisObject->impl()->frame()))
         return;
     Base::getOwnPropertyNames(thisObject, exec, propertyNames, mode);
@@ -271 +271 @@
 {
     Frame* frame = impl()->frame();
-    if (!frame || !allowAccessToFrame(exec, frame))
+    if (!frame || !shouldAllowAccessToFrame(exec, frame))
         return jsUndefined();
 

trunk/Source/WebCore/bindings/js/ScriptController.cpp

@@ -248 +248 @@
     ExecState* exec = JSMainThreadExecState::currentState();
     if (exec)
-        return allowAccessToFrame(exec, frame);
+        return shouldAllowAccessToFrame(exec, frame);
     // If the current state is 0 we're in a call path where the DOM security 
     // check doesn't apply (eg. parser).

trunk/Source/WebCore/bindings/scripts/CodeGeneratorJS.pm

@@ -500 +500 @@
             push(@implContent, "    if (!thisObject->allowsAccessFrom(exec))\n");
         } else {
-            push(@implContent, "    if (!allowAccessToFrame(exec, thisObject->impl()->frame()))\n");
+            push(@implContent, "    if (!shouldAllowAccessToFrame(exec, thisObject->impl()->frame()))\n");
         }
         push(@implContent, "        return false;\n");
@@ -1701 +1701 @@
                     $implIncludes{"JSDOMBinding.h"} = 1;
                     push(@implContent, "    $implClassName* impl = static_cast<$implClassName*>(castedThis->impl());\n");
-                    push(@implContent, "    return allowAccessToNode(exec, impl->" . $attribute->signature->name . "()) ? " . NativeToJSValue($attribute->signature, 0, $implClassName, "impl->$implGetterFunctionName()", "castedThis") . " : jsUndefined();\n");
+                    push(@implContent, "    return shouldAllowAccessToNode(exec, impl->" . $attribute->signature->name . "()) ? " . NativeToJSValue($attribute->signature, 0, $implClassName, "impl->$implGetterFunctionName()", "castedThis") . " : jsUndefined();\n");
                 } elsif ($type eq "EventListener") {
                     $implIncludes{"EventListener.h"} = 1;
@@ -1890 +1890 @@
                                 push(@implContent, "    if (!static_cast<$className*>(thisObject)->allowsAccessFrom(exec))\n");
                             } else {
-                                push(@implContent, "    if (!allowAccessToFrame(exec, static_cast<$className*>(thisObject)->impl()->frame()))\n");
+                                push(@implContent, "    if (!shouldAllowAccessToFrame(exec, static_cast<$className*>(thisObject)->impl()->frame()))\n");
                             }
                             push(@implContent, "        return;\n");
@@ -2018 +2018 @@
                         push(@implContent, "    if (!static_cast<$className*>(thisObject)->allowsAccessFrom(exec))\n");
                     } else {
-                        push(@implContent, "    if (!allowAccessToFrame(exec, static_cast<$className*>(thisObject)->impl()->frame()))\n");
+                        push(@implContent, "    if (!shouldAllowAccessToFrame(exec, static_cast<$className*>(thisObject)->impl()->frame()))\n");
                     }
                     push(@implContent, "        return;\n");
@@ -2132 +2132 @@
 
                 if ($function->signature->extendedAttributes->{"CheckAccessToNode"} and !$function->isStatic) {
-                    push(@implContent, "    if (!allowAccessToNode(exec, impl->" . $function->signature->name . "(" . (@{$function->raisesExceptions} ? "ec" : "") .")))\n");
+                    push(@implContent, "    if (!shouldAllowAccessToNode(exec, impl->" . $function->signature->name . "(" . (@{$function->raisesExceptions} ? "ec" : "") .")))\n");
                     push(@implContent, "        return JSValue::encode(jsUndefined());\n");
                     $implIncludes{"JSDOMBinding.h"} = 1;

trunk/Source/WebCore/bindings/scripts/CodeGeneratorV8.pm

@@ -855 +855 @@
     # Generate security checks if necessary
     if ($attribute->signature->extendedAttributes->{"CheckAccessToNode"}) {
-        push(@implContentDecls, "    if (!V8BindingSecurity::allowAccessToNode(V8BindingState::Only(), imp->" . $attribute->signature->name . "()))\n    return v8::Handle<v8::Value>();\n\n");
+        push(@implContentDecls, "    if (!V8BindingSecurity::shouldAllowAccessToNode(V8BindingState::Only(), imp->" . $attribute->signature->name . "()))\n    return v8::Handle<v8::Value>();\n\n");
     }
 
@@ -1439 +1439 @@
     }
     if ($function->signature->extendedAttributes->{"CheckAccessToNode"}) {
-        push(@implContentDecls, "    if (!V8BindingSecurity::allowAccessToNode(V8BindingState::Only(), imp->" . $function->signature->name . "(ec)))\n");
+        push(@implContentDecls, "    if (!V8BindingSecurity::shouldAllowAccessToNode(V8BindingState::Only(), imp->" . $function->signature->name . "(ec)))\n");
         push(@implContentDecls, "        return v8::Handle<v8::Value>();\n");
 END

trunk/Source/WebCore/bindings/scripts/test/JS/JSTestActiveDOMObject.cpp

@@ -145 +145 @@
     JSTestActiveDOMObject* thisObject = jsCast<JSTestActiveDOMObject*>(object);
     ASSERT_GC_OBJECT_INHERITS(thisObject, &s_info);
-    if (!allowAccessToFrame(exec, thisObject->impl()->frame()))
+    if (!shouldAllowAccessToFrame(exec, thisObject->impl()->frame()))
         return false;
     return getStaticValueDescriptor<JSTestActiveDOMObject, Base>(exec, &JSTestActiveDOMObjectTable, thisObject, propertyName, descriptor);

trunk/Source/WebCore/bindings/scripts/test/JS/JSTestObj.cpp

@@ -763 +763 @@
     JSTestObj* castedThis = static_cast<JSTestObj*>(asObject(slotBase));
     TestObj* impl = static_cast<TestObj*>(castedThis->impl());
-    return allowAccessToNode(exec, impl->contentDocument()) ? toJS(exec, castedThis->globalObject(), WTF::getPtr(impl->contentDocument())) : jsUndefined();
+    return shouldAllowAccessToNode(exec, impl->contentDocument()) ? toJS(exec, castedThis->globalObject(), WTF::getPtr(impl->contentDocument())) : jsUndefined();
 }
 
@@ -1940 +1940 @@
     TestObj* impl = static_cast<TestObj*>(castedThis->impl());
     ExceptionCode ec = 0;
-    if (!allowAccessToNode(exec, impl->getSVGDocument(ec)))
+    if (!shouldAllowAccessToNode(exec, impl->getSVGDocument(ec)))
         return JSValue::encode(jsUndefined());
 

trunk/Source/WebCore/bindings/scripts/test/V8/V8TestObj.cpp

@@ -770 +770 @@
     INC_STATS("DOM.TestObj.contentDocument._get");
     TestObj* imp = V8TestObj::toNative(info.Holder());
-    if (!V8BindingSecurity::allowAccessToNode(V8BindingState::Only(), imp->contentDocument()))
+    if (!V8BindingSecurity::shouldAllowAccessToNode(V8BindingState::Only(), imp->contentDocument()))
     return v8::Handle<v8::Value>();
 
@@ -1434 +1434 @@
     ExceptionCode ec = 0;
     {
-    if (!V8BindingSecurity::allowAccessToNode(V8BindingState::Only(), imp->getSVGDocument(ec)))
+    if (!V8BindingSecurity::shouldAllowAccessToNode(V8BindingState::Only(), imp->getSVGDocument(ec)))
         return v8::Handle<v8::Value>();
     RefPtr<SVGDocument> result = imp->getSVGDocument(ec);