Changeset 126249 in webkit

Timestamp:

Aug 21, 2012 6:50:40 PM (12 years ago)

Author:

abarth@webkit.org

Message:

V8 shouldn't have its own way of printing cross-origin error messages
​https://bugs.webkit.org/show_bug.cgi?id=94641

Reviewed by Eric Seidel.

Source/WebCore:

V8 used to re-implement (poorly) the code for printing out an error
message when a same-origin check failed. This patch deletes that code
in favor of just calling the WebCore version of the code. There more to
clean up here, but I had to stop before spidering over the whole
codebase.

• bindings/generic/BindingSecurity.cpp:

(WebCore::canAccessDocument):

• bindings/js/BindingState.cpp:
• bindings/js/BindingState.h:
• bindings/v8/BindingState.cpp:

(WebCore::printErrorMessageForFrame):

• bindings/v8/BindingState.h:

(WebCore):

• bindings/v8/V8DOMWindowShell.cpp:

(WebCore::reportUnsafeJavaScriptAccess):

• bindings/v8/V8Proxy.cpp:
• bindings/v8/V8Proxy.h:

(V8Proxy):

LayoutTests:

Update these results to reflect the new error messages. These error
messages are both more correct and more like JavaScriptCore.

• platform/chromium/http/tests/security/cross-frame-access-private-browsing-expected.txt: Added.
  • We don't use the private browsing setting to implement private browsing.
• platform/chromium/http/tests/security/cross-frame-access-document-direct-expected.txt:
• platform/chromium/http/tests/security/inactive-document-with-empty-security-origin-expected.txt:
• platform/chromium/http/tests/security/listener/xss-inactive-closure-expected.txt:
• platform/chromium/http/tests/security/xss-eval-expected.txt:
  • Previously, we were incorrectly using the first script rather than the active script when printing the error message.
• platform/chromium/http/tests/security/listener/xss-JSTargetNode-onclick-addEventListener-expected.txt: Removed.
• platform/chromium/http/tests/security/listener/xss-JSTargetNode-onclick-shortcut-expected.txt: Removed.
• platform/chromium/http/tests/security/listener/xss-XMLHttpRequest-addEventListener-expected.txt: Removed.
• platform/chromium/http/tests/security/listener/xss-XMLHttpRequest-shortcut-expected.txt: Removed.
• platform/chromium/http/tests/security/listener/xss-window-onclick-addEventListener-expected.txt: Removed.
• platform/chromium/http/tests/security/listener/xss-window-onclick-shortcut-expected.txt: Removed.
  • These results are now identical to JSC.

Location:

trunk

Files:

• LayoutTests/ChangeLog (modified) (1 diff)
• LayoutTests/platform/chromium/http/tests/security/cross-frame-access-document-direct-expected.txt (modified) (1 diff)
• LayoutTests/platform/chromium/http/tests/security/cross-frame-access-private-browsing-expected.txt (added)
• LayoutTests/platform/chromium/http/tests/security/inactive-document-with-empty-security-origin-expected.txt (modified) (1 diff)
• LayoutTests/platform/chromium/http/tests/security/listener/xss-JSTargetNode-onclick-addEventListener-expected.txt (deleted)
• LayoutTests/platform/chromium/http/tests/security/listener/xss-JSTargetNode-onclick-shortcut-expected.txt (deleted)
• LayoutTests/platform/chromium/http/tests/security/listener/xss-XMLHttpRequest-addEventListener-expected.txt (deleted)
• LayoutTests/platform/chromium/http/tests/security/listener/xss-XMLHttpRequest-shortcut-expected.txt (deleted)
• LayoutTests/platform/chromium/http/tests/security/listener/xss-inactive-closure-expected.txt (modified) (1 diff)
• LayoutTests/platform/chromium/http/tests/security/listener/xss-window-onclick-addEventListener-expected.txt (deleted)
• LayoutTests/platform/chromium/http/tests/security/listener/xss-window-onclick-shortcut-expected.txt (deleted)
• LayoutTests/platform/chromium/http/tests/security/xss-eval-expected.txt (modified) (1 diff)
• Source/WebCore/ChangeLog (modified) (1 diff)
• Source/WebCore/bindings/generic/BindingSecurity.cpp (modified) (1 diff)
• Source/WebCore/bindings/js/BindingState.cpp (modified) (1 diff)
• Source/WebCore/bindings/js/BindingState.h (modified) (1 diff)
• Source/WebCore/bindings/v8/BindingState.cpp (modified) (1 diff)
• Source/WebCore/bindings/v8/BindingState.h (modified) (2 diffs)
• Source/WebCore/bindings/v8/V8DOMWindowShell.cpp (modified) (1 diff)
• Source/WebCore/bindings/v8/V8Proxy.cpp (modified) (1 diff)
• Source/WebCore/bindings/v8/V8Proxy.h (modified) (1 diff)

trunk/LayoutTests/ChangeLog

@@ +1 @@
+2012-08-21  Adam Barth  <abarth@webkit.org>
+
+        V8 shouldn't have its own way of printing cross-origin error messages
+        https://bugs.webkit.org/show_bug.cgi?id=94641
+
+        Reviewed by Eric Seidel.
+
+        Update these results to reflect the new error messages. These error
+        messages are both more correct and more like JavaScriptCore.
+
+        * platform/chromium/http/tests/security/cross-frame-access-private-browsing-expected.txt: Added.
+            - We don't use the private browsing setting to implement private browsing.
+        * platform/chromium/http/tests/security/cross-frame-access-document-direct-expected.txt:
+        * platform/chromium/http/tests/security/inactive-document-with-empty-security-origin-expected.txt:
+        * platform/chromium/http/tests/security/listener/xss-inactive-closure-expected.txt:
+        * platform/chromium/http/tests/security/xss-eval-expected.txt:
+            - Previously, we were incorrectly using the first script rather
+              than the active script when printing the error message.
+        * platform/chromium/http/tests/security/listener/xss-JSTargetNode-onclick-addEventListener-expected.txt: Removed.
+        * platform/chromium/http/tests/security/listener/xss-JSTargetNode-onclick-shortcut-expected.txt: Removed.
+        * platform/chromium/http/tests/security/listener/xss-XMLHttpRequest-addEventListener-expected.txt: Removed.
+        * platform/chromium/http/tests/security/listener/xss-XMLHttpRequest-shortcut-expected.txt: Removed.
+        * platform/chromium/http/tests/security/listener/xss-window-onclick-addEventListener-expected.txt: Removed.
+        * platform/chromium/http/tests/security/listener/xss-window-onclick-shortcut-expected.txt: Removed.
+            - These results are now identical to JSC.
+
 2012-08-21  Shinya Kawanaka  <shinyak@chromium.org>
 

trunk/LayoutTests/platform/chromium/http/tests/security/cross-frame-access-document-direct-expected.txt

@@ -1 @@
-CONSOLE MESSAGE: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe-for-document-direct-test-victim.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-document-direct.html. Domains, protocols and ports must match.
+CONSOLE MESSAGE: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe-for-document-direct-test-victim.html from frame with URL http://127.0.0.1:8000/security/resources/cross-frame-iframe-for-document-direct-test.html. Domains, protocols and ports must match.
 
 Test cross-origin direct document access.

trunk/LayoutTests/platform/chromium/http/tests/security/inactive-document-with-empty-security-origin-expected.txt

@@ -1 @@
-CONSOLE MESSAGE: Unsafe JavaScript attempt to access frame with URL about:blank from frame with URL http://127.0.0.1:8000/security/inactive-document-with-empty-security-origin.html. Domains, protocols and ports must match.
+CONSOLE MESSAGE: Unsafe JavaScript attempt to access frame with URL about:blank from frame with URL http://127.0.0.1:8000/security/inactive-document-with-empty-security-origin.html#stop. Domains, protocols and ports must match.
 
 This test passes if it doesn't alert something ugly.

trunk/LayoutTests/platform/chromium/http/tests/security/listener/xss-inactive-closure-expected.txt

@@ -1 @@
-CONSOLE MESSAGE: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/listener/resources/xss-inactive-closure-child-2.html from frame with URL http://127.0.0.1:8000/security/listener/resources/childWithButton.html. Domains, protocols and ports must match.
+CONSOLE MESSAGE: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/listener/resources/xss-inactive-closure-child-2.html from frame with URL http://127.0.0.1:8000/security/listener/resources/xss-inactive-closure-child.html. Domains, protocols and ports must match.
 
 This tests that when a frame navigates to a new page, closures in the old page cannot access page content of the new page if there are from different domains.

trunk/LayoutTests/platform/chromium/http/tests/security/xss-eval-expected.txt

@@ -1 @@
-CONSOLE MESSAGE: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/xss-eval3.html from frame with URL http://127.0.0.1:8000/security/xss-eval.html. Domains, protocols and ports must match.
+CONSOLE MESSAGE: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/xss-eval3.html from frame with URL http://127.0.0.1:8000/security/resources/xss-eval2.html. Domains, protocols and ports must match.
 
 This page verifies that you can't use eval to subvert cross-domain checks.

trunk/Source/WebCore/ChangeLog

@@ +1 @@
+2012-08-21  Adam Barth  <abarth@webkit.org>
+
+        V8 shouldn't have its own way of printing cross-origin error messages
+        https://bugs.webkit.org/show_bug.cgi?id=94641
+
+        Reviewed by Eric Seidel.
+
+        V8 used to re-implement (poorly) the code for printing out an error
+        message when a same-origin check failed. This patch deletes that code
+        in favor of just calling the WebCore version of the code. There more to
+        clean up here, but I had to stop before spidering over the whole
+        codebase.
+
+        * bindings/generic/BindingSecurity.cpp:
+        (WebCore::canAccessDocument):
+        * bindings/js/BindingState.cpp:
+        * bindings/js/BindingState.h:
+        * bindings/v8/BindingState.cpp:
+        (WebCore::printErrorMessageForFrame):
+        * bindings/v8/BindingState.h:
+        (WebCore):
+        * bindings/v8/V8DOMWindowShell.cpp:
+        (WebCore::reportUnsafeJavaScriptAccess):
+        * bindings/v8/V8Proxy.cpp:
+        * bindings/v8/V8Proxy.h:
+        (V8Proxy):
+
 2012-08-21  Shinya Kawanaka  <shinyak@chromium.org>
 

trunk/Source/WebCore/bindings/generic/BindingSecurity.cpp

@@ -56 +56 @@
 
     if (reportingOption == ReportSecurityError)
-        immediatelyReportUnsafeAccessTo(state, targetDocument);
+        printErrorMessageForFrame(targetDocument->frame(), targetDocument->domWindow()->crossDomainAccessErrorMessage(active));
 
     return false;

trunk/Source/WebCore/bindings/js/BindingState.cpp

@@ -48 +48 @@
 }
 
-void immediatelyReportUnsafeAccessTo(ExecState* exec, Document* target)
-{
-    printErrorMessageForFrame(target->frame(), target->domWindow()->crossDomainAccessErrorMessage(activeDOMWindow(exec)));
 }
-
-}

trunk/Source/WebCore/bindings/js/BindingState.h

@@ -49 +49 @@
 inline Frame* firstFrame(BindingState*) { return 0; }
 
-void immediatelyReportUnsafeAccessTo(BindingState*, Document* target);
-
 }
 

trunk/Source/WebCore/bindings/v8/BindingState.cpp

@@ -99 +99 @@
 }
 
-void immediatelyReportUnsafeAccessTo(BindingState*, Document* targetDocument)
+void printErrorMessageForFrame(Frame* frame, const String& message)
 {
-    V8Proxy::reportUnsafeAccessTo(targetDocument);
+    if (!frame)
+        return;
+    frame->document()->domWindow()->printErrorMessage(message);
 }
 

trunk/Source/WebCore/bindings/v8/BindingState.h

@@ -32 +32 @@
 #define BindingState_h
 
+#include <wtf/text/WTFString.h>
+
 namespace WebCore {
 
@@ -56 +58 @@
 Document* currentDocument(BindingState*);
 
-void immediatelyReportUnsafeAccessTo(BindingState*, Document* targetDocument);
+// FIXME: This function is redundant with the copy in JSDOMBinding.cpp.
+void printErrorMessageForFrame(Frame*, const String& message);
 
 }

trunk/Source/WebCore/bindings/v8/V8DOMWindowShell.cpp

@@ -154 +154 @@
 {
     Frame* target = getTargetFrame(host, data);
-    if (target)
-        V8Proxy::reportUnsafeAccessTo(target->document());
+    if (!target)
+        return;
+    DOMWindow* targetWindow = target->document()->domWindow();
+    targetWindow->printErrorMessage(targetWindow->crossDomainAccessErrorMessage(activeDOMWindow(BindingState::instance())));
 }
 

trunk/Source/WebCore/bindings/v8/V8Proxy.cpp

@@ -78 +78 @@
 namespace WebCore {
 
-void V8Proxy::reportUnsafeAccessTo(Document* targetDocument)
-{
-    if (!targetDocument)
-        return;
-
-    // FIXME: We should pass both the active and target documents in as arguments.
-    Frame* source = firstFrame(BindingState::instance());
-    if (!source)
-        return;
-
-    Document* sourceDocument = source->document();
-    if (!sourceDocument)
-        return; // Ignore error if the source document is gone.
-
-    // FIXME: This error message should contain more specifics of why the same
-    // origin check has failed.
-    String str = "Unsafe JavaScript attempt to access frame with URL " + targetDocument->url().string() +
-                 " from frame with URL " + sourceDocument->url().string() + ". Domains, protocols and ports must match.\n";
-
-    RefPtr<ScriptCallStack> stackTrace = createScriptCallStack(ScriptCallStack::maxCallStackSizeToCapture, true);
-
-    // NOTE: Safari prints the message in the target page, but it seems like
-    // it should be in the source page. Even for delayed messages, we put it in
-    // the source page.
-    sourceDocument->addConsoleMessage(JSMessageSource, LogMessageType, ErrorMessageLevel, str, stackTrace.release());
-}
-
 // FIXME: This will be soon removed when we move runScript() to ScriptController.
 static v8::Local<v8::Value> handleMaxRecursionDepthExceeded()

trunk/Source/WebCore/bindings/v8/V8Proxy.h

@@ -111 +111 @@
         V8DOMWindowShell* windowShell() const;
 
-        static void reportUnsafeAccessTo(Document* targetDocument);
-
         // FIXME: Move m_isolatedWorlds to ScriptController and remove this getter.
         IsolatedWorldMap& isolatedWorlds() { return m_isolatedWorlds; }