Changeset 125126 in webkit
- Timestamp:
- Aug 8, 2012 5:41:02 PM (12 years ago)
- Location:
- trunk/Source/WebCore
- Files:
-
- 5 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/Source/WebCore/CMakeLists.txt
r125025 r125126 974 974 975 975 bindings/generic/ActiveDOMCallback.cpp 976 bindings/generic/BindingSecurity.cpp 976 977 bindings/generic/RuntimeEnabledFeatures.cpp 977 978 -
trunk/Source/WebCore/ChangeLog
r125124 r125126 1 2012-08-08 Adam Barth <abarth@webkit.org> 2 3 Rewire the same-origin checks for the JavaScriptCore bindings through BindingSecurity 4 https://bugs.webkit.org/show_bug.cgi?id=93382 5 6 Reviewed by Eric Seidel. 7 8 This patch rewires the same-origin policy checks in the JavaScriptCore 9 bindings to use the implementation in BindingSecurity.cpp, which is now 10 shared by JavaScriptCore and V8. There are still a few places were we 11 use the JSDOMWindowCustom-based code path, but I plan to change those 12 in a follow up patch in the interest of keeping this patch as small as 13 possible. 14 15 This patch as two main benefits: 16 17 1) We no longer need to maintain duplicate code in the JSC and the V8 18 bindings for as delicate an area as the same-origin check. 19 Previously, the two implementations accomplished the same task using 20 a slightly different mechansim. After this patch, they use the same 21 mechanism, which means we only need to convince ourselves that one 22 implementation is correct. 23 24 2) This patch will make it easier to remove DOMWindow::m_securityOrigin 25 because there will be only one piece of code that needs to change. 26 Prior to this patch, we would have had to change both 27 implementations of the same-origin policy not to rely upon 28 DOMWindow::m_securityOrigin. 29 30 * bindings/js/BindingState.cpp: 31 (WebCore::immediatelyReportUnsafeAccessTo): 32 (WebCore): 33 * bindings/js/BindingState.h: 34 (WebCore): 35 * bindings/js/JSDOMBinding.cpp: 36 (WebCore::shouldAllowAccessToNode): 37 (WebCore::shouldAllowAccessToFrame): 38 1 39 2012-08-08 Brady Eidson <beidson@apple.com> 2 40 -
trunk/Source/WebCore/bindings/js/BindingState.cpp
r124835 r125126 48 48 } 49 49 50 void immediatelyReportUnsafeAccessTo(ExecState* exec, Document* target) 51 { 52 printErrorMessageForFrame(target->frame(), target->domWindow()->crossDomainAccessErrorMessage(activeDOMWindow(exec))); 50 53 } 54 55 } -
trunk/Source/WebCore/bindings/js/BindingState.h
r124835 r125126 49 49 inline Frame* firstFrame(BindingState*) { return 0; } 50 50 51 inline void immediatelyReportUnsafeAccessTo(BindingState*, Document*) { } 51 void immediatelyReportUnsafeAccessTo(BindingState*, Document* target); 52 52 53 53 } -
trunk/Source/WebCore/bindings/js/JSDOMBinding.cpp
r124835 r125126 22 22 #include "JSDOMBinding.h" 23 23 24 #include "BindingSecurity.h" 24 25 #include "DOMObjectHashTableMap.h" 25 26 #include "DOMStringList.h" … … 224 225 bool shouldAllowAccessToNode(ExecState* exec, Node* node) 225 226 { 226 return node && shouldAllowAccessToFrame(exec, node->document()->frame());227 return BindingSecurity::shouldAllowAccessToNode(exec, node); 227 228 } 228 229 229 230 bool shouldAllowAccessToFrame(ExecState* exec, Frame* frame) 231 { 232 return BindingSecurity::shouldAllowAccessToFrame(exec, frame); 233 } 234 235 bool shouldAllowAccessToFrame(ExecState* exec, Frame* frame, String& message) 230 236 { 231 237 if (!frame) 232 238 return false; 233 JSDOMWindow* window = toJSDOMWindow(frame, currentWorld(exec)); 234 return window && window->allowsAccessFrom(exec); 235 } 236 237 bool shouldAllowAccessToFrame(ExecState* exec, Frame* frame, String& message) 238 { 239 if (!frame) 240 return false; 241 JSDOMWindow* window = toJSDOMWindow(frame, currentWorld(exec)); 242 return window && window->allowsAccessFrom(exec, message); 239 bool result = BindingSecurity::shouldAllowAccessToFrame(exec, frame, DoNotReportSecurityError); 240 // FIXME: The following line of code should move somewhere that it can be shared with immediatelyReportUnsafeAccessTo. 241 message = frame->domWindow()->crossDomainAccessErrorMessage(activeDOMWindow(exec)); 242 return result; 243 243 } 244 244
Note: See TracChangeset
for help on using the changeset viewer.