Changeset 125126 in webkit

Timestamp:

Aug 8, 2012 5:41:02 PM (12 years ago)

Author:

abarth@webkit.org

Message:

Rewire the same-origin checks for the JavaScriptCore bindings through BindingSecurity
​https://bugs.webkit.org/show_bug.cgi?id=93382

Reviewed by Eric Seidel.

This patch rewires the same-origin policy checks in the JavaScriptCore
bindings to use the implementation in BindingSecurity.cpp, which is now
shared by JavaScriptCore and V8. There are still a few places were we
use the JSDOMWindowCustom-based code path, but I plan to change those
in a follow up patch in the interest of keeping this patch as small as
possible.

This patch as two main benefits:

1) We no longer need to maintain duplicate code in the JSC and the V8

bindings for as delicate an area as the same-origin check.
Previously, the two implementations accomplished the same task using
a slightly different mechansim. After this patch, they use the same
mechanism, which means we only need to convince ourselves that one
implementation is correct.

2) This patch will make it easier to remove DOMWindow::m_securityOrigin

because there will be only one piece of code that needs to change.
Prior to this patch, we would have had to change both
implementations of the same-origin policy not to rely upon
DOMWindow::m_securityOrigin.

• bindings/js/BindingState.cpp:

(WebCore::immediatelyReportUnsafeAccessTo):
(WebCore):

• bindings/js/BindingState.h:

(WebCore):

• bindings/js/JSDOMBinding.cpp:

(WebCore::shouldAllowAccessToNode):
(WebCore::shouldAllowAccessToFrame):

Location:

trunk/Source/WebCore

Files:

• CMakeLists.txt (modified) (1 diff)
• ChangeLog (modified) (1 diff)
• bindings/js/BindingState.cpp (modified) (1 diff)
• bindings/js/BindingState.h (modified) (1 diff)
• bindings/js/JSDOMBinding.cpp (modified) (2 diffs)

trunk/Source/WebCore/CMakeLists.txt

@@ -974 +974 @@
 
     bindings/generic/ActiveDOMCallback.cpp
+    bindings/generic/BindingSecurity.cpp
     bindings/generic/RuntimeEnabledFeatures.cpp
 

trunk/Source/WebCore/ChangeLog

@@ +1 @@
+2012-08-08  Adam Barth  <abarth@webkit.org>
+
+        Rewire the same-origin checks for the JavaScriptCore bindings through BindingSecurity
+        https://bugs.webkit.org/show_bug.cgi?id=93382
+
+        Reviewed by Eric Seidel.
+
+        This patch rewires the same-origin policy checks in the JavaScriptCore
+        bindings to use the implementation in BindingSecurity.cpp, which is now
+        shared by JavaScriptCore and V8. There are still a few places were we
+        use the JSDOMWindowCustom-based code path, but I plan to change those
+        in a follow up patch in the interest of keeping this patch as small as
+        possible.
+
+        This patch as two main benefits:
+
+        1) We no longer need to maintain duplicate code in the JSC and the V8
+           bindings for as delicate an area as the same-origin check.
+           Previously, the two implementations accomplished the same task using
+           a slightly different mechansim. After this patch, they use the same
+           mechanism, which means we only need to convince ourselves that one
+           implementation is correct.
+
+        2) This patch will make it easier to remove DOMWindow::m_securityOrigin
+           because there will be only one piece of code that needs to change.
+           Prior to this patch, we would have had to change both
+           implementations of the same-origin policy not to rely upon
+           DOMWindow::m_securityOrigin.
+
+        * bindings/js/BindingState.cpp:
+        (WebCore::immediatelyReportUnsafeAccessTo):
+        (WebCore):
+        * bindings/js/BindingState.h:
+        (WebCore):
+        * bindings/js/JSDOMBinding.cpp:
+        (WebCore::shouldAllowAccessToNode):
+        (WebCore::shouldAllowAccessToFrame):
+
 2012-08-08  Brady Eidson  <beidson@apple.com>
 

trunk/Source/WebCore/bindings/js/BindingState.cpp

@@ -48 +48 @@
 }
 
+void immediatelyReportUnsafeAccessTo(ExecState* exec, Document* target)
+{
+    printErrorMessageForFrame(target->frame(), target->domWindow()->crossDomainAccessErrorMessage(activeDOMWindow(exec)));
 }
+
+}

trunk/Source/WebCore/bindings/js/BindingState.h

@@ -49 +49 @@
 inline Frame* firstFrame(BindingState*) { return 0; }
 
-inline void immediatelyReportUnsafeAccessTo(BindingState*, Document*) { }
+void immediatelyReportUnsafeAccessTo(BindingState*, Document* target);
 
 }

trunk/Source/WebCore/bindings/js/JSDOMBinding.cpp

@@ -22 +22 @@
 #include "JSDOMBinding.h"
 
+#include "BindingSecurity.h"
 #include "DOMObjectHashTableMap.h"
 #include "DOMStringList.h"
@@ -224 +225 @@
 bool shouldAllowAccessToNode(ExecState* exec, Node* node)
 {
-    return node && shouldAllowAccessToFrame(exec, node->document()->frame());
+    return BindingSecurity::shouldAllowAccessToNode(exec, node);
 }
 
 bool shouldAllowAccessToFrame(ExecState* exec, Frame* frame)
+{
+    return BindingSecurity::shouldAllowAccessToFrame(exec, frame);
+}
+
+bool shouldAllowAccessToFrame(ExecState* exec, Frame* frame, String& message)
 {
     if (!frame)
         return false;
-    JSDOMWindow* window = toJSDOMWindow(frame, currentWorld(exec));
-    return window && window->allowsAccessFrom(exec);
-}
-
-bool shouldAllowAccessToFrame(ExecState* exec, Frame* frame, String& message)
-{
-    if (!frame)
-        return false;
-    JSDOMWindow* window = toJSDOMWindow(frame, currentWorld(exec));
-    return window && window->allowsAccessFrom(exec, message);
+    bool result = BindingSecurity::shouldAllowAccessToFrame(exec, frame, DoNotReportSecurityError);
+    // FIXME: The following line of code should move somewhere that it can be shared with immediatelyReportUnsafeAccessTo.
+    message = frame->domWindow()->crossDomainAccessErrorMessage(activeDOMWindow(exec));
+    return result;
 }