Changeset 126165 in webkit
- Timestamp:
- Aug 21, 2012 9:54:26 AM (12 years ago)
- Location:
- trunk
- Files:
-
- 19 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/LayoutTests/ChangeLog
r126163 r126165 1 2012-08-21 Adam Barth <abarth@webkit.org> 2 3 Implement JSDOMWindow*::allowsAccessFrom* in terms of BindingSecurity 4 https://bugs.webkit.org/show_bug.cgi?id=93407 5 6 Reviewed by Eric Seidel. 7 8 These test results are now more similar (although not identical) to the 9 results for the V8 bindings. 10 11 * http/tests/security/listener/xss-JSTargetNode-onclick-addEventListener-expected.txt: 12 * http/tests/security/listener/xss-JSTargetNode-onclick-shortcut-expected.txt: 13 * http/tests/security/listener/xss-XMLHttpRequest-addEventListener-expected.txt: 14 * http/tests/security/listener/xss-XMLHttpRequest-shortcut-expected.txt: 15 * http/tests/security/listener/xss-window-onclick-addEventListener-expected.txt: 16 * http/tests/security/listener/xss-window-onclick-shortcut-expected.txt: 17 1 18 2012-08-21 Brady Eidson <beidson@apple.com> 2 19 -
trunk/LayoutTests/http/tests/security/listener/xss-JSTargetNode-onclick-addEventListener-expected.txt
r104803 r126165 1 CONSOLE MESSAGE: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe.html from frame with URL http://127.0.0.1:8000/security/listener/resources/targetChild-JSTargetNode-onclick-addEventListener.html. Domains, protocols and ports must match.2 3 1 CONSOLE MESSAGE: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe.html from frame with URL http://127.0.0.1:8000/security/listener/resources/targetChild-JSTargetNode-onclick-addEventListener.html. Domains, protocols and ports must match. 4 2 -
trunk/LayoutTests/http/tests/security/listener/xss-JSTargetNode-onclick-shortcut-expected.txt
r104803 r126165 1 CONSOLE MESSAGE: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe.html from frame with URL http://127.0.0.1:8000/security/listener/resources/targetChild-JSTargetNode-onclick-shortcut.html. Domains, protocols and ports must match.2 3 1 CONSOLE MESSAGE: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe.html from frame with URL http://127.0.0.1:8000/security/listener/resources/targetChild-JSTargetNode-onclick-shortcut.html. Domains, protocols and ports must match. 4 2 -
trunk/LayoutTests/http/tests/security/listener/xss-XMLHttpRequest-addEventListener-expected.txt
r104803 r126165 1 CONSOLE MESSAGE: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe.html from frame with URL http://127.0.0.1:8000/security/listener/resources/targetChild-XMLHttpRequest-addEventListener.html. Domains, protocols and ports must match.2 3 1 CONSOLE MESSAGE: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe.html from frame with URL http://127.0.0.1:8000/security/listener/resources/targetChild-XMLHttpRequest-addEventListener.html. Domains, protocols and ports must match. 4 2 -
trunk/LayoutTests/http/tests/security/listener/xss-XMLHttpRequest-shortcut-expected.txt
r104803 r126165 1 CONSOLE MESSAGE: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe.html from frame with URL http://127.0.0.1:8000/security/listener/resources/targetChild-XMLHttpRequest-shortcut.html. Domains, protocols and ports must match.2 3 1 CONSOLE MESSAGE: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe.html from frame with URL http://127.0.0.1:8000/security/listener/resources/targetChild-XMLHttpRequest-shortcut.html. Domains, protocols and ports must match. 4 2 -
trunk/LayoutTests/http/tests/security/listener/xss-window-onclick-addEventListener-expected.txt
r104803 r126165 1 CONSOLE MESSAGE: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe.html from frame with URL http://127.0.0.1:8000/security/listener/resources/targetChild-window-onclick-addEventListener.html. Domains, protocols and ports must match.2 3 1 CONSOLE MESSAGE: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe.html from frame with URL http://127.0.0.1:8000/security/listener/resources/targetChild-window-onclick-addEventListener.html. Domains, protocols and ports must match. 4 2 -
trunk/LayoutTests/http/tests/security/listener/xss-window-onclick-shortcut-expected.txt
r104803 r126165 1 CONSOLE MESSAGE: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe.html from frame with URL http://127.0.0.1:8000/security/listener/resources/targetChild-window-onclick-shortcut.html. Domains, protocols and ports must match.2 3 1 CONSOLE MESSAGE: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe.html from frame with URL http://127.0.0.1:8000/security/listener/resources/targetChild-window-onclick-shortcut.html. Domains, protocols and ports must match. 4 2 -
trunk/Source/WebCore/ChangeLog
r126164 r126165 1 2012-08-21 Adam Barth <abarth@webkit.org> 2 3 Implement JSDOMWindow*::allowsAccessFrom* in terms of BindingSecurity 4 https://bugs.webkit.org/show_bug.cgi?id=93407 5 6 Reviewed by Eric Seidel. 7 8 This patch removes allowsAccessFrom and implements the security checks 9 in terms of shouldAllowAccessToDOMWindow directly. 10 11 * bindings/generic/BindingSecurity.cpp: 12 (WebCore::BindingSecurity::shouldAllowAccessToDOMWindow): 13 (WebCore): 14 * bindings/generic/BindingSecurity.h: 15 (BindingSecurity): 16 * bindings/js/JSDOMBinding.cpp: 17 (WebCore::shouldAllowAccessToFrame): 18 (WebCore): 19 (WebCore::shouldAllowAccessToDOMWindow): 20 * bindings/js/JSDOMBinding.h: 21 (WebCore): 22 * bindings/js/JSDOMWindowBase.cpp: 23 (WebCore::shouldAllowAccessFrom): 24 (WebCore): 25 * bindings/js/JSDOMWindowBase.h: 26 (JSDOMWindowBase): 27 * bindings/js/JSDOMWindowCustom.cpp: 28 (WebCore::namedItemGetter): 29 (WebCore::JSDOMWindow::getOwnPropertySlot): 30 (WebCore::JSDOMWindow::getOwnPropertyDescriptor): 31 (WebCore::JSDOMWindow::put): 32 (WebCore::JSDOMWindow::deleteProperty): 33 (WebCore::JSDOMWindow::getPropertyNames): 34 (WebCore::JSDOMWindow::getOwnPropertyNames): 35 (WebCore::JSDOMWindow::defineOwnProperty): 36 (WebCore::JSDOMWindow::setLocation): 37 * bindings/js/JSDOMWindowCustom.h: 38 * bindings/js/JSInjectedScriptManager.cpp: 39 (WebCore::InjectedScriptManager::canAccessInspectedWindow): 40 * bindings/objc/WebScriptObject.mm: 41 (-[WebScriptObject _isSafeScript]): 42 * bindings/scripts/CodeGeneratorJS.pm: 43 (GenerateGetOwnPropertyDescriptorBody): 44 (GenerateImplementation): 45 1 46 2012-08-21 Dan Bernstein <mitz@apple.com> 2 47 -
trunk/Source/WebCore/bindings/generic/BindingSecurity.cpp
r125761 r126165 61 61 } 62 62 63 bool BindingSecurity::shouldAllowAccessToDOMWindow(BindingState* state, DOMWindow* target, SecurityReportingOption reportingOption) 64 { 65 return target && canAccessDocument(state, target->document(), reportingOption); 66 } 67 63 68 bool BindingSecurity::shouldAllowAccessToFrame(BindingState* state, Frame* target, SecurityReportingOption reportingOption) 64 69 { -
trunk/Source/WebCore/bindings/generic/BindingSecurity.h
r124847 r126165 48 48 public: 49 49 static bool shouldAllowAccessToNode(BindingState*, Node*); 50 static bool shouldAllowAccessToDOMWindow(BindingState*, DOMWindow*, SecurityReportingOption = ReportSecurityError); 50 51 static bool shouldAllowAccessToFrame(BindingState*, Frame*, SecurityReportingOption = ReportSecurityError); 51 52 static bool allowSettingFrameSrcToJavascriptUrl(BindingState*, HTMLFrameElementBase*, const String& value); -
trunk/Source/WebCore/bindings/js/JSDOMBinding.cpp
r125946 r126165 213 213 } 214 214 215 bool shouldAllowAccessToFrame(ExecState* exec, Frame* frame)216 { 217 return BindingSecurity::shouldAllowAccessToFrame(exec, frame);215 bool shouldAllowAccessToFrame(ExecState* exec, Frame* target) 216 { 217 return BindingSecurity::shouldAllowAccessToFrame(exec, target); 218 218 } 219 219 … … 228 228 } 229 229 230 bool shouldAllowAccessToDOMWindow(ExecState* exec, DOMWindow* target, String& message) 231 { 232 if (!target) 233 return false; 234 bool result = BindingSecurity::shouldAllowAccessToDOMWindow(exec, target, DoNotReportSecurityError); 235 // FIXME: The following line of code should move somewhere that it can be shared with immediatelyReportUnsafeAccessTo. 236 message = target->crossDomainAccessErrorMessage(activeDOMWindow(exec)); 237 return result; 238 } 239 230 240 void printErrorMessageForFrame(Frame* frame, const String& message) 231 241 { -
trunk/Source/WebCore/bindings/js/JSDOMBinding.h
r125484 r126165 402 402 } 403 403 404 // FIXME: Implement allowAccessToContext(JSC::ExecState*, ScriptExecutionContext*);405 404 bool shouldAllowAccessToNode(JSC::ExecState*, Node*); 406 405 bool shouldAllowAccessToFrame(JSC::ExecState*, Frame*); 407 406 bool shouldAllowAccessToFrame(JSC::ExecState*, Frame*, String& message); 408 // FIXME: Implement allowAccessToDOMWindow(JSC::ExecState*, DOMWindow*);407 bool shouldAllowAccessToDOMWindow(BindingState*, DOMWindow*, String& message); 409 408 410 409 void printErrorMessageForFrame(Frame*, const String& message); -
trunk/Source/WebCore/bindings/js/JSDOMWindowBase.cpp
r125761 r126165 24 24 #include "JSDOMWindowBase.h" 25 25 26 #include "BindingSecurity.h" 26 27 #include "Chrome.h" 27 28 #include "Console.h" … … 43 44 namespace WebCore { 44 45 46 static bool shouldAllowAccessFrom(const JSGlobalObject* thisObject, ExecState* exec) 47 { 48 return BindingSecurity::shouldAllowAccessToDOMWindow(exec, asJSDOMWindow(thisObject)->impl()); 49 } 50 45 51 const ClassInfo JSDOMWindowBase::s_info = { "Window", &JSDOMGlobalObject::s_info, 0, 0, CREATE_METHOD_TABLE(JSDOMWindowBase) }; 46 52 47 const GlobalObjectMethodTable JSDOMWindowBase::s_globalObjectMethodTable = { & allowsAccessFrom, &supportsProfiling, &supportsRichSourceInfo, &shouldInterruptScript, &javaScriptExperimentsEnabled };53 const GlobalObjectMethodTable JSDOMWindowBase::s_globalObjectMethodTable = { &shouldAllowAccessFrom, &supportsProfiling, &supportsRichSourceInfo, &shouldInterruptScript, &javaScriptExperimentsEnabled }; 48 54 49 55 JSDOMWindowBase::JSDOMWindowBase(JSGlobalData& globalData, Structure* structure, PassRefPtr<DOMWindow> window, JSDOMWindowShell* shell) … … 84 90 } 85 91 86 String JSDOMWindowBase::crossDomainAccessErrorMessage(const JSGlobalObject* other) const87 {88 return m_shell->window()->impl()->crossDomainAccessErrorMessage(asJSDOMWindow(other)->impl());89 }90 91 92 void JSDOMWindowBase::printErrorMessage(const String& message) const 92 93 { 93 94 printErrorMessageForFrame(impl()->frame(), message); 94 }95 96 // This method checks whether accesss to *this* global object is permitted from97 // the given context; this differs from allowsAccessFromPrivate, since that98 // method checks whether the given context is permitted to access the current99 // window the shell is referencing (which may come from a different security100 // origin to this global object).101 bool JSDOMWindowBase::allowsAccessFrom(const JSGlobalObject* thisObject, ExecState* exec)102 {103 JSGlobalObject* otherObject = exec->lexicalGlobalObject();104 105 const JSDOMWindow* originWindow = asJSDOMWindow(otherObject);106 const JSDOMWindow* targetWindow = asJSDOMWindow(thisObject);107 108 if (originWindow == targetWindow)109 return true;110 111 const SecurityOrigin* originSecurityOrigin = originWindow->impl()->document()->securityOrigin();112 const SecurityOrigin* targetSecurityOrigin = targetWindow->impl()->document()->securityOrigin();113 114 if (originSecurityOrigin->canAccess(targetSecurityOrigin))115 return true;116 117 targetWindow->printErrorMessage(targetWindow->crossDomainAccessErrorMessage(otherObject));118 return false;119 95 } 120 96 -
trunk/Source/WebCore/bindings/js/JSDOMWindowBase.h
r125152 r126165 65 65 static bool shouldInterruptScript(const JSC::JSGlobalObject*); 66 66 static bool javaScriptExperimentsEnabled(const JSC::JSGlobalObject*); 67 static bool allowsAccessFrom(const JSC::JSGlobalObject*, JSC::ExecState*);68 69 bool allowsAccessFrom(JSC::ExecState*) const;70 bool allowsAccessFromNoErrorMessage(JSC::ExecState*) const;71 bool allowsAccessFrom(JSC::ExecState*, String& message) const;72 67 void printErrorMessage(const String&) const; 73 68 74 // Don't call this version of allowsAccessFrom -- it's a slightly incorrect implementation used only by WebScriptObject75 bool allowsAccessFrom(const JSC::JSGlobalObject*) const;76 77 69 static JSC::JSObject* toThisObject(JSC::JSCell*, JSC::ExecState*); 78 70 JSDOMWindowShell* shell() const; … … 83 75 RefPtr<DOMWindow> m_impl; 84 76 JSDOMWindowShell* m_shell; 85 86 bool allowsAccessFromPrivate(const JSC::JSGlobalObject*) const;87 String crossDomainAccessErrorMessage(const JSC::JSGlobalObject*) const;88 77 }; 89 78 -
trunk/Source/WebCore/bindings/js/JSDOMWindowCustom.cpp
r125711 r126165 22 22 #include "JSDOMWindowCustom.h" 23 23 24 #include "BindingSecurity.h" 24 25 #include "Frame.h" 25 26 #include "HTMLCollection.h" … … 113 114 Document* document = thisObj->impl()->frame()->document(); 114 115 115 ASSERT( thisObj->allowsAccessFrom(exec));116 ASSERT(BindingSecurity::shouldAllowAccessToDOMWindow(exec, thisObj->impl())); 116 117 ASSERT(document); 117 118 ASSERT(document->isHTMLDocument()); … … 159 160 // is allowed. 160 161 String errorMessage; 161 bool allowsAccess = thisObject->allowsAccessFrom(exec, errorMessage);162 bool allowsAccess = shouldAllowAccessToDOMWindow(exec, thisObject->impl(), errorMessage); 162 163 163 164 // Look for overrides before looking at any of our own properties, but ignore overrides completely … … 167 168 168 169 // We need this code here because otherwise JSDOMWindowBase will stop the search before we even get to the 169 // prototype due to the blanket same origin ( allowsAccessFrom) check at the end of getOwnPropertySlot.170 // prototype due to the blanket same origin (shouldAllowAccessToDOMWindow) check at the end of getOwnPropertySlot. 170 171 // Also, it's important to get the implementation straight out of the DOMWindow prototype regardless of 171 172 // what prototype is actually set on this object. … … 273 274 JSDOMWindow* thisObject = jsCast<JSDOMWindow*>(object); 274 275 // Never allow cross-domain getOwnPropertyDescriptor 275 if (! thisObject->allowsAccessFrom(exec))276 if (!BindingSecurity::shouldAllowAccessToDOMWindow(exec, thisObject->impl())) 276 277 return false; 277 278 … … 350 351 // Optimization: access JavaScript global variables directly before involving the DOM. 351 352 if (thisObject->JSGlobalObject::hasOwnPropertyForWrite(exec, propertyName)) { 352 if ( thisObject->allowsAccessFrom(exec))353 if (BindingSecurity::shouldAllowAccessToDOMWindow(exec, thisObject->impl())) 353 354 JSGlobalObject::put(thisObject, exec, propertyName, value, slot); 354 355 return; … … 358 359 return; 359 360 360 if ( thisObject->allowsAccessFrom(exec))361 if (BindingSecurity::shouldAllowAccessToDOMWindow(exec, thisObject->impl())) 361 362 Base::put(thisObject, exec, propertyName, value, slot); 362 363 } … … 366 367 JSDOMWindow* thisObject = jsCast<JSDOMWindow*>(cell); 367 368 // Only allow deleting properties by frames in the same origin. 368 if (! thisObject->allowsAccessFrom(exec))369 if (!BindingSecurity::shouldAllowAccessToDOMWindow(exec, thisObject->impl())) 369 370 return false; 370 371 return Base::deleteProperty(thisObject, exec, propertyName); … … 375 376 JSDOMWindow* thisObject = jsCast<JSDOMWindow*>(object); 376 377 // Only allow the window to enumerated by frames in the same origin. 377 if (! thisObject->allowsAccessFrom(exec))378 if (!BindingSecurity::shouldAllowAccessToDOMWindow(exec, thisObject->impl())) 378 379 return; 379 380 Base::getPropertyNames(thisObject, exec, propertyNames, mode); … … 384 385 JSDOMWindow* thisObject = jsCast<JSDOMWindow*>(object); 385 386 // Only allow the window to enumerated by frames in the same origin. 386 if (! thisObject->allowsAccessFrom(exec))387 if (!BindingSecurity::shouldAllowAccessToDOMWindow(exec, thisObject->impl())) 387 388 return; 388 389 Base::getOwnPropertyNames(thisObject, exec, propertyNames, mode); … … 393 394 JSDOMWindow* thisObject = jsCast<JSDOMWindow*>(object); 394 395 // Only allow defining properties in this way by frames in the same origin, as it allows setters to be introduced. 395 if (! thisObject->allowsAccessFrom(exec))396 if (!BindingSecurity::shouldAllowAccessToDOMWindow(exec, thisObject->impl())) 396 397 return false; 397 398 … … 413 414 if (Settings* settings = activeFrame->settings()) { 414 415 if (settings->usesDashboardBackwardCompatibilityMode() && !activeFrame->tree()->parent()) { 415 if ( allowsAccessFrom(exec))416 if (BindingSecurity::shouldAllowAccessToDOMWindow(exec, impl())) 416 417 putDirect(exec->globalData(), Identifier(exec, "location"), value); 417 418 return; -
trunk/Source/WebCore/bindings/js/JSDOMWindowCustom.h
r125761 r126165 37 37 } 38 38 39 inline bool JSDOMWindowBase::allowsAccessFrom(const JSGlobalObject* other) const40 {41 if (allowsAccessFromPrivate(other))42 return true;43 printErrorMessage(crossDomainAccessErrorMessage(other));44 return false;45 }46 47 inline bool JSDOMWindowBase::allowsAccessFrom(JSC::ExecState* exec) const48 {49 if (allowsAccessFromPrivate(exec->lexicalGlobalObject()))50 return true;51 printErrorMessage(crossDomainAccessErrorMessage(exec->lexicalGlobalObject()));52 return false;53 }54 55 inline bool JSDOMWindowBase::allowsAccessFromNoErrorMessage(JSC::ExecState* exec) const56 {57 return allowsAccessFromPrivate(exec->lexicalGlobalObject());58 }59 60 inline bool JSDOMWindowBase::allowsAccessFrom(JSC::ExecState* exec, String& message) const61 {62 if (allowsAccessFromPrivate(exec->lexicalGlobalObject()))63 return true;64 message = crossDomainAccessErrorMessage(exec->lexicalGlobalObject());65 return false;66 }67 68 ALWAYS_INLINE bool JSDOMWindowBase::allowsAccessFromPrivate(const JSGlobalObject* other) const69 {70 const JSDOMWindow* originWindow = asJSDOMWindow(other);71 const JSDOMWindow* targetWindow = m_shell->window();72 73 if (originWindow == targetWindow)74 return true;75 76 const SecurityOrigin* originSecurityOrigin = originWindow->impl()->document()->securityOrigin();77 const SecurityOrigin* targetSecurityOrigin = targetWindow->impl()->document()->securityOrigin();78 79 return originSecurityOrigin->canAccess(targetSecurityOrigin);80 }81 82 39 } 83 40 -
trunk/Source/WebCore/bindings/js/JSInjectedScriptManager.cpp
r125152 r126165 37 37 #include "InjectedScriptManager.h" 38 38 39 #include "BindingSecurity.h" 39 40 #include "ExceptionCode.h" 40 41 #include "JSDOMWindow.h" … … 86 87 if (!inspectedWindow) 87 88 return false; 88 return inspectedWindow->allowsAccessFromNoErrorMessage(scriptState);89 return BindingSecurity::shouldAllowAccessToDOMWindow(scriptState, inspectedWindow->impl(), DoNotReportSecurityError); 89 90 } 90 91 -
trunk/Source/WebCore/bindings/objc/WebScriptObject.mm
r125152 r126165 27 27 #import "WebScriptObjectPrivate.h" 28 28 29 #import "BindingSecurity.h" 29 30 #import "BridgeJSC.h" 30 31 #import "Console.h" … … 242 243 return false; 243 244 244 return jsCast<JSDOMWindowBase*>(root->globalObject())->allowsAccessFrom(_private->originRootObject->globalObject()); 245 // It's not actually correct to call shouldAllowAccessToFrame in this way because 246 // JSDOMWindowBase* isn't the right object to represent the currently executing 247 // JavaScript. Instead, we should use ExecState, like we do elsewhere. 248 JSDOMWindowBase* target = jsCast<JSDOMWindowBase*>(root->globalObject()); 249 return BindingSecurity::shouldAllowAccessToDOMWindow(_private->originRootObject->globalObject()->globalExec(), target->impl()); 245 250 } 246 251 -
trunk/Source/WebCore/bindings/scripts/CodeGeneratorJS.pm
r125745 r126165 476 476 if ($dataNode->extendedAttributes->{"CheckSecurity"}) { 477 477 if ($interfaceName eq "DOMWindow") { 478 push(@implContent, " if (!thisObject->allowsAccessFrom(exec))\n"); 478 $implIncludes{"BindingSecurity.h"} = 1; 479 push(@implContent, " if (!BindingSecurity::shouldAllowAccessToDOMWindow(exec, jsCast<$className*>(thisObject)->impl()))\n"); 479 480 } else { 480 481 push(@implContent, " if (!shouldAllowAccessToFrame(exec, thisObject->impl()->frame()))\n"); … … 1769 1770 !$attribute->signature->extendedAttributes->{"DoNotCheckSecurity"} && 1770 1771 !$attribute->signature->extendedAttributes->{"DoNotCheckSecurityOnGetter"}) { 1771 push(@implContent, " if (!castedThis->allowsAccessFrom(exec))\n"); 1772 $implIncludes{"BindingSecurity.h"} = 1; 1773 push(@implContent, " if (!BindingSecurity::shouldAllowAccessToDOMWindow(exec, castedThis->impl()))\n"); 1772 1774 push(@implContent, " return jsUndefined();\n"); 1773 1775 } … … 1884 1886 1885 1887 if ($dataNode->extendedAttributes->{"CheckSecurity"}) { 1886 push(@implContent, " if (!domObject->allowsAccessFrom(exec))\n"); 1888 $implIncludes{"BindingSecurity.h"} = 1; 1889 push(@implContent, " if (!BindingSecurity::shouldAllowAccessToDOMWindow(exec, domObject->impl()))\n"); 1887 1890 push(@implContent, " return jsUndefined();\n"); 1888 1891 } … … 1959 1962 if ($dataNode->extendedAttributes->{"CheckSecurity"} && !$attribute->signature->extendedAttributes->{"DoNotCheckSecurity"}) { 1960 1963 if ($interfaceName eq "DOMWindow") { 1961 push(@implContent, " if (!jsCast<$className*>(thisObject)->allowsAccessFrom(exec))\n"); 1964 $implIncludes{"BindingSecurity.h"} = 1; 1965 push(@implContent, " if (!BindingSecurity::shouldAllowAccessToDOMWindow(exec, jsCast<$className*>(thisObject)->impl()))\n"); 1962 1966 } else { 1963 1967 push(@implContent, " if (!shouldAllowAccessToFrame(exec, jsCast<$className*>(thisObject)->impl()->frame()))\n"); … … 2088 2092 if ($dataNode->extendedAttributes->{"CheckSecurity"}) { 2089 2093 if ($interfaceName eq "DOMWindow") { 2090 push(@implContent, " if (!jsCast<$className*>(thisObject)->allowsAccessFrom(exec))\n"); 2094 $implIncludes{"BindingSecurity.h"} = 1; 2095 push(@implContent, " if (!BindingSecurity::shouldAllowAccessToDOMWindow(exec, jsCast<$className*>(thisObject)->impl()))\n"); 2091 2096 } else { 2092 2097 push(@implContent, " if (!shouldAllowAccessToFrame(exec, jsCast<$className*>(thisObject)->impl()->frame()))\n"); … … 2195 2200 if ($dataNode->extendedAttributes->{"CheckSecurity"} and 2196 2201 !$function->signature->extendedAttributes->{"DoNotCheckSecurity"}) { 2197 push(@implContent, " if (!castedThis->allowsAccessFrom(exec))\n"); 2202 $implIncludes{"BindingSecurity.h"} = 1; 2203 push(@implContent, " if (!BindingSecurity::shouldAllowAccessToDOMWindow(exec, castedThis->impl()))\n"); 2198 2204 push(@implContent, " return JSValue::encode(jsUndefined());\n"); 2199 2205 }
Note: See TracChangeset
for help on using the changeset viewer.