Changeset 125761 in webkit

Timestamp:

Aug 16, 2012 2:09:42 AM (12 years ago)

Author:

abarth@webkit.org

Message:

Delete DOMWindow::securityOrigin()
​https://bugs.webkit.org/show_bug.cgi?id=93991

Reviewed by Eric Seidel.

DOMWindow::securityOrigin() just calls through to
document()->securityOrigin(). This patch updates all the callers to do
that work themselves, making it clearer what's going on at each call
site.

• bindings/generic/BindingSecurity.cpp:

(WebCore::canAccessDocument):

• bindings/js/JSDOMWindowBase.cpp:

(WebCore::JSDOMWindowBase::allowsAccessFrom):

• bindings/js/JSDOMWindowCustom.h:

(WebCore::JSDOMWindowBase::allowsAccessFromPrivate):

• bindings/js/ScriptController.cpp:

(WebCore::ScriptController::collectIsolatedContexts):

• page/DOMWindow.cpp:

(WebCore::DOMWindow::isInsecureScriptAccess):
(WebCore::DOMWindow::createWindow):

• page/DOMWindow.h:

(DOMWindow):

• page/Location.cpp:

(WebCore::Location::reload):

Location:

trunk/Source/WebCore

Files:

• ChangeLog (modified) (1 diff)
• bindings/generic/BindingSecurity.cpp (modified) (1 diff)
• bindings/js/JSDOMWindowBase.cpp (modified) (1 diff)
• bindings/js/JSDOMWindowCustom.h (modified) (1 diff)
• bindings/js/ScriptController.cpp (modified) (1 diff)
• page/DOMWindow.cpp (modified) (4 diffs)
• page/DOMWindow.h (modified) (1 diff)
• page/Location.cpp (modified) (1 diff)

trunk/Source/WebCore/ChangeLog

@@ +1 @@
+2012-08-16  Adam Barth  <abarth@webkit.org>
+
+        Delete DOMWindow::securityOrigin()
+        https://bugs.webkit.org/show_bug.cgi?id=93991
+
+        Reviewed by Eric Seidel.
+
+        DOMWindow::securityOrigin() just calls through to
+        document()->securityOrigin(). This patch updates all the callers to do
+        that work themselves, making it clearer what's going on at each call
+        site.
+
+        * bindings/generic/BindingSecurity.cpp:
+        (WebCore::canAccessDocument):
+        * bindings/js/JSDOMWindowBase.cpp:
+        (WebCore::JSDOMWindowBase::allowsAccessFrom):
+        * bindings/js/JSDOMWindowCustom.h:
+        (WebCore::JSDOMWindowBase::allowsAccessFromPrivate):
+        * bindings/js/ScriptController.cpp:
+        (WebCore::ScriptController::collectIsolatedContexts):
+        * page/DOMWindow.cpp:
+        (WebCore::DOMWindow::isInsecureScriptAccess):
+        (WebCore::DOMWindow::createWindow):
+        * page/DOMWindow.h:
+        (DOMWindow):
+        * page/Location.cpp:
+        (WebCore::Location::reload):
+
 2012-08-16  Sheriff Bot  <webkit.review.bot@gmail.com>
 

trunk/Source/WebCore/bindings/generic/BindingSecurity.cpp

@@ -52 +52 @@
         return false;
 
-    // If the embedder executes JavaScript synchronously during the didCreateScriptContext callback,
-    // in some cases the active SecurityOrigin will not yet be copied to the DOMWindow. For example,
-    // Frame::setDocument can trigger didCreateScriptContext during ScriptController::updateDocument.
-    //
-    // FIXME: Remove this branch once we manage to delete DOMWindow::m_securityOrigin. Ideally, we'd
-    //        get the SecurityOrigin from the Document rather than the DOMWindow. In that case, there
-    //        shouldn't ever be a chance to execute script before the SecurityOrigin object is created.
-    if (!active->securityOrigin())
-        return false;
-
-    if (active->securityOrigin()->canAccess(targetDocument->securityOrigin()))
+    if (active->document()->securityOrigin()->canAccess(targetDocument->securityOrigin()))
         return true;
 

trunk/Source/WebCore/bindings/js/JSDOMWindowBase.cpp

@@ -109 +109 @@
         return true;
 
-    const SecurityOrigin* originSecurityOrigin = originWindow->impl()->securityOrigin();
-    const SecurityOrigin* targetSecurityOrigin = targetWindow->impl()->securityOrigin();
+    const SecurityOrigin* originSecurityOrigin = originWindow->impl()->document()->securityOrigin();
+    const SecurityOrigin* targetSecurityOrigin = targetWindow->impl()->document()->securityOrigin();
 
     if (originSecurityOrigin->canAccess(targetSecurityOrigin))

trunk/Source/WebCore/bindings/js/JSDOMWindowCustom.h

@@ -74 +74 @@
         return true;
 
-    const SecurityOrigin* originSecurityOrigin = originWindow->impl()->securityOrigin();
-    const SecurityOrigin* targetSecurityOrigin = targetWindow->impl()->securityOrigin();
+    const SecurityOrigin* originSecurityOrigin = originWindow->impl()->document()->securityOrigin();
+    const SecurityOrigin* targetSecurityOrigin = targetWindow->impl()->document()->securityOrigin();
 
     return originSecurityOrigin->canAccess(targetSecurityOrigin);

trunk/Source/WebCore/bindings/js/ScriptController.cpp

@@ -353 +353 @@
     for (ShellMap::iterator iter = m_windowShells.begin(); iter != m_windowShells.end(); ++iter) {
         JSC::ExecState* exec = iter->second->window()->globalExec();
-        SecurityOrigin* origin = iter->second->window()->impl()->securityOrigin();
+        SecurityOrigin* origin = iter->second->window()->impl()->document()->securityOrigin();
         result.append(std::pair<ScriptState*, SecurityOrigin*>(exec, origin));
     }

trunk/Source/WebCore/page/DOMWindow.cpp

@@ -1307 +1307 @@
 }
 
-SecurityOrigin* DOMWindow::securityOrigin() const
-{
-    return document() ? document()->securityOrigin() : 0;
-}
-
 PassRefPtr<StyleMedia> DOMWindow::styleMedia() const
 {
@@ -1787 +1782 @@
         // FIXME: The name canAccess seems to be a roundabout way to ask "can execute script".
         // Can we name the SecurityOrigin function better to make this more clear?
-        if (activeWindow->securityOrigin()->canAccess(securityOrigin()))
+        if (activeWindow->document()->securityOrigin()->canAccess(document()->securityOrigin()))
             return false;
     }
@@ -1812 +1807 @@
     ResourceRequest request(completedURL, referrer);
     FrameLoader::addHTTPOriginIfNeeded(request, firstFrame->loader()->outgoingOrigin());
-    FrameLoadRequest frameRequest(activeWindow->securityOrigin(), request, frameName);
+    FrameLoadRequest frameRequest(activeWindow->document()->securityOrigin(), request, frameName);
 
     // We pass the opener frame for the lookupFrame in case the active frame is different from
@@ -1831 +1826 @@
 
     if (created)
-        newFrame->loader()->changeLocation(activeWindow->securityOrigin(), completedURL, referrer, false, false);
+        newFrame->loader()->changeLocation(activeWindow->document()->securityOrigin(), completedURL, referrer, false, false);
     else if (!urlString.isEmpty()) {
         bool lockHistory = !ScriptController::processingUserGesture();
-        newFrame->navigationScheduler()->scheduleLocationChange(activeWindow->securityOrigin(), completedURL.string(), referrer, lockHistory, false);
+        newFrame->navigationScheduler()->scheduleLocationChange(activeWindow->document()->securityOrigin(), completedURL.string(), referrer, lockHistory, false);
     }
 

trunk/Source/WebCore/page/DOMWindow.h

@@ -115 +115 @@
 
         PassRefPtr<MediaQueryList> matchMedia(const String&);
-
-        // FIXME: Callers should use document()->securityOrigin() directly.
-        SecurityOrigin* securityOrigin() const;
 
         unsigned pendingUnloadEventListeners() const;

trunk/Source/WebCore/page/Location.cpp

@@ -253 +253 @@
     // Other location operations simply block use of JavaScript URLs cross origin.
     DOMWindow* targetWindow = m_frame->document()->domWindow();
-    if (!activeWindow->securityOrigin()->canAccess(targetWindow->securityOrigin())) {
+    if (!activeWindow->document()->securityOrigin()->canAccess(m_frame->document()->securityOrigin())) {
         targetWindow->printErrorMessage(targetWindow->crossDomainAccessErrorMessage(activeWindow));
         return;