Changeset 125761 in webkit
- Timestamp:
- Aug 16, 2012 2:09:42 AM (12 years ago)
- Location:
- trunk/Source/WebCore
- Files:
-
- 8 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/Source/WebCore/ChangeLog
r125760 r125761 1 2012-08-16 Adam Barth <abarth@webkit.org> 2 3 Delete DOMWindow::securityOrigin() 4 https://bugs.webkit.org/show_bug.cgi?id=93991 5 6 Reviewed by Eric Seidel. 7 8 DOMWindow::securityOrigin() just calls through to 9 document()->securityOrigin(). This patch updates all the callers to do 10 that work themselves, making it clearer what's going on at each call 11 site. 12 13 * bindings/generic/BindingSecurity.cpp: 14 (WebCore::canAccessDocument): 15 * bindings/js/JSDOMWindowBase.cpp: 16 (WebCore::JSDOMWindowBase::allowsAccessFrom): 17 * bindings/js/JSDOMWindowCustom.h: 18 (WebCore::JSDOMWindowBase::allowsAccessFromPrivate): 19 * bindings/js/ScriptController.cpp: 20 (WebCore::ScriptController::collectIsolatedContexts): 21 * page/DOMWindow.cpp: 22 (WebCore::DOMWindow::isInsecureScriptAccess): 23 (WebCore::DOMWindow::createWindow): 24 * page/DOMWindow.h: 25 (DOMWindow): 26 * page/Location.cpp: 27 (WebCore::Location::reload): 28 1 29 2012-08-16 Sheriff Bot <webkit.review.bot@gmail.com> 2 30 -
trunk/Source/WebCore/bindings/generic/BindingSecurity.cpp
r125077 r125761 52 52 return false; 53 53 54 // If the embedder executes JavaScript synchronously during the didCreateScriptContext callback, 55 // in some cases the active SecurityOrigin will not yet be copied to the DOMWindow. For example, 56 // Frame::setDocument can trigger didCreateScriptContext during ScriptController::updateDocument. 57 // 58 // FIXME: Remove this branch once we manage to delete DOMWindow::m_securityOrigin. Ideally, we'd 59 // get the SecurityOrigin from the Document rather than the DOMWindow. In that case, there 60 // shouldn't ever be a chance to execute script before the SecurityOrigin object is created. 61 if (!active->securityOrigin()) 62 return false; 63 64 if (active->securityOrigin()->canAccess(targetDocument->securityOrigin())) 54 if (active->document()->securityOrigin()->canAccess(targetDocument->securityOrigin())) 65 55 return true; 66 56 -
trunk/Source/WebCore/bindings/js/JSDOMWindowBase.cpp
r125152 r125761 109 109 return true; 110 110 111 const SecurityOrigin* originSecurityOrigin = originWindow->impl()-> securityOrigin();112 const SecurityOrigin* targetSecurityOrigin = targetWindow->impl()-> securityOrigin();111 const SecurityOrigin* originSecurityOrigin = originWindow->impl()->document()->securityOrigin(); 112 const SecurityOrigin* targetSecurityOrigin = targetWindow->impl()->document()->securityOrigin(); 113 113 114 114 if (originSecurityOrigin->canAccess(targetSecurityOrigin)) -
trunk/Source/WebCore/bindings/js/JSDOMWindowCustom.h
r125152 r125761 74 74 return true; 75 75 76 const SecurityOrigin* originSecurityOrigin = originWindow->impl()-> securityOrigin();77 const SecurityOrigin* targetSecurityOrigin = targetWindow->impl()-> securityOrigin();76 const SecurityOrigin* originSecurityOrigin = originWindow->impl()->document()->securityOrigin(); 77 const SecurityOrigin* targetSecurityOrigin = targetWindow->impl()->document()->securityOrigin(); 78 78 79 79 return originSecurityOrigin->canAccess(targetSecurityOrigin); -
trunk/Source/WebCore/bindings/js/ScriptController.cpp
r125734 r125761 353 353 for (ShellMap::iterator iter = m_windowShells.begin(); iter != m_windowShells.end(); ++iter) { 354 354 JSC::ExecState* exec = iter->second->window()->globalExec(); 355 SecurityOrigin* origin = iter->second->window()->impl()-> securityOrigin();355 SecurityOrigin* origin = iter->second->window()->impl()->document()->securityOrigin(); 356 356 result.append(std::pair<ScriptState*, SecurityOrigin*>(exec, origin)); 357 357 } -
trunk/Source/WebCore/page/DOMWindow.cpp
r125615 r125761 1307 1307 } 1308 1308 1309 SecurityOrigin* DOMWindow::securityOrigin() const1310 {1311 return document() ? document()->securityOrigin() : 0;1312 }1313 1314 1309 PassRefPtr<StyleMedia> DOMWindow::styleMedia() const 1315 1310 { … … 1787 1782 // FIXME: The name canAccess seems to be a roundabout way to ask "can execute script". 1788 1783 // Can we name the SecurityOrigin function better to make this more clear? 1789 if (activeWindow-> securityOrigin()->canAccess(securityOrigin()))1784 if (activeWindow->document()->securityOrigin()->canAccess(document()->securityOrigin())) 1790 1785 return false; 1791 1786 } … … 1812 1807 ResourceRequest request(completedURL, referrer); 1813 1808 FrameLoader::addHTTPOriginIfNeeded(request, firstFrame->loader()->outgoingOrigin()); 1814 FrameLoadRequest frameRequest(activeWindow-> securityOrigin(), request, frameName);1809 FrameLoadRequest frameRequest(activeWindow->document()->securityOrigin(), request, frameName); 1815 1810 1816 1811 // We pass the opener frame for the lookupFrame in case the active frame is different from … … 1831 1826 1832 1827 if (created) 1833 newFrame->loader()->changeLocation(activeWindow-> securityOrigin(), completedURL, referrer, false, false);1828 newFrame->loader()->changeLocation(activeWindow->document()->securityOrigin(), completedURL, referrer, false, false); 1834 1829 else if (!urlString.isEmpty()) { 1835 1830 bool lockHistory = !ScriptController::processingUserGesture(); 1836 newFrame->navigationScheduler()->scheduleLocationChange(activeWindow-> securityOrigin(), completedURL.string(), referrer, lockHistory, false);1831 newFrame->navigationScheduler()->scheduleLocationChange(activeWindow->document()->securityOrigin(), completedURL.string(), referrer, lockHistory, false); 1837 1832 } 1838 1833 -
trunk/Source/WebCore/page/DOMWindow.h
r125613 r125761 115 115 116 116 PassRefPtr<MediaQueryList> matchMedia(const String&); 117 118 // FIXME: Callers should use document()->securityOrigin() directly.119 SecurityOrigin* securityOrigin() const;120 117 121 118 unsigned pendingUnloadEventListeners() const; -
trunk/Source/WebCore/page/Location.cpp
r125615 r125761 253 253 // Other location operations simply block use of JavaScript URLs cross origin. 254 254 DOMWindow* targetWindow = m_frame->document()->domWindow(); 255 if (!activeWindow-> securityOrigin()->canAccess(targetWindow->securityOrigin())) {255 if (!activeWindow->document()->securityOrigin()->canAccess(m_frame->document()->securityOrigin())) { 256 256 targetWindow->printErrorMessage(targetWindow->crossDomainAccessErrorMessage(activeWindow)); 257 257 return;
Note: See TracChangeset
for help on using the changeset viewer.