Changeset 191008 in webkit
- Timestamp:
- Oct 13, 2015 2:46:10 PM (9 years ago)
- Location:
- trunk
- Files:
-
- 2 added
- 4 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/ChangeLog
r190909 r191008 1 2015-10-13 Dean Jackson <dino@apple.com> 2 3 Device motion and orientation should only be visible from the main frame's security origin 4 https://bugs.webkit.org/show_bug.cgi?id=150072 5 <rdar://problem/23082036> 6 7 Reviewed by Brent Fulgham. 8 9 Add a manual test for cross-origin device orientation events, while 10 we're waiting on the mock client to be supported everywhere. 11 12 * ManualTests/deviceorientation-child-frame.html: Added. 13 * ManualTests/deviceorientation-main-frame-only.html: Added. 14 1 15 2015-10-12 Philip Chimento <philip.chimento@gmail.com> 2 16 -
trunk/Source/WebCore/ChangeLog
r191007 r191008 1 2015-10-13 Dean Jackson <dino@apple.com> 2 3 Device motion and orientation should only be visible from the main frame's security origin 4 https://bugs.webkit.org/show_bug.cgi?id=150072 5 <rdar://problem/23082036> 6 7 Reviewed by Brent Fulgham. 8 9 There are reports that gyroscope and accelerometer information can 10 be used to detect keyboard entry. One initial step to reduce the 11 risk is to forbid device motion and orientation events from 12 being fired in frames that are a different security origin from the main page. 13 14 Manual test: deviceorientation-main-frame-only.html 15 16 * page/DOMWindow.cpp: 17 (WebCore::DOMWindow::isSameSecurityOriginAsMainFrame): New helper function. 18 (WebCore::DOMWindow::addEventListener): Check if we are the main frame, or the 19 same security origin as the main frame. If not, don't add the event 20 listeners. 21 1 22 2015-10-12 Dean Jackson <dino@apple.com> 2 23 -
trunk/Source/WebCore/page/DOMWindow.cpp
r190510 r191008 1692 1692 } 1693 1693 1694 bool DOMWindow::isSameSecurityOriginAsMainFrame() const 1695 { 1696 if (!m_frame || !m_frame->page() || !document()) 1697 return false; 1698 1699 if (m_frame->isMainFrame()) 1700 return true; 1701 1702 Document* mainFrameDocument = m_frame->mainFrame().document(); 1703 1704 if (mainFrameDocument && document()->securityOrigin()->canAccess(mainFrameDocument->securityOrigin())) 1705 return true; 1706 1707 return false; 1708 } 1709 1694 1710 bool DOMWindow::addEventListener(const AtomicString& eventType, RefPtr<EventListener>&& listener, bool useCapture) 1695 1711 { … … 1713 1729 #if ENABLE(DEVICE_ORIENTATION) 1714 1730 #if PLATFORM(IOS) 1715 else if (eventType == eventNames().devicemotionEvent && document()) 1716 document()->deviceMotionController()->addDeviceEventListener(this); 1717 else if (eventType == eventNames().deviceorientationEvent && document()) 1718 document()->deviceOrientationController()->addDeviceEventListener(this); 1731 else if ((eventType == eventNames().devicemotionEvent || eventType == eventNames().deviceorientationEvent) && document()) { 1732 if (isSameSecurityOriginAsMainFrame()) { 1733 if (eventType == eventNames().deviceorientationEvent) 1734 document()->deviceOrientationController()->addDeviceEventListener(this); 1735 else 1736 document()->deviceMotionController()->addDeviceEventListener(this); 1737 } else if (document()) 1738 document()->addConsoleMessage(MessageSource::JS, MessageLevel::Warning, ASCIILiteral("Blocked attempt add device motion or orientation listener from child frame that wasn't the same security origin as the main page.")); 1739 } 1719 1740 #else 1720 1741 else if (eventType == eventNames().devicemotionEvent && RuntimeEnabledFeatures::sharedFeatures().deviceMotionEnabled()) { 1721 if (DeviceMotionController* controller = DeviceMotionController::from(page())) 1722 controller->addDeviceEventListener(this); 1742 if (isSameSecurityOriginAsMainFrame()) { 1743 if (DeviceMotionController* controller = DeviceMotionController::from(page())) 1744 controller->addDeviceEventListener(this); 1745 } else if (document()) 1746 document()->addConsoleMessage(MessageSource::JS, MessageLevel::Warning, ASCIILiteral("Blocked attempt add device motion listener from child frame that wasn't the same security origin as the main page.")); 1723 1747 } else if (eventType == eventNames().deviceorientationEvent && RuntimeEnabledFeatures::sharedFeatures().deviceOrientationEnabled()) { 1724 if (DeviceOrientationController* controller = DeviceOrientationController::from(page())) 1725 controller->addDeviceEventListener(this); 1748 if (isSameSecurityOriginAsMainFrame()) { 1749 if (DeviceOrientationController* controller = DeviceOrientationController::from(page())) 1750 controller->addDeviceEventListener(this); 1751 } else if (document()) 1752 document()->addConsoleMessage(MessageSource::JS, MessageLevel::Warning, ASCIILiteral("Blocked attempt add device orientation listener from child frame that wasn't the same security origin as the main page.")); 1726 1753 } 1727 1754 #endif // PLATFORM(IOS) -
trunk/Source/WebCore/page/DOMWindow.h
r190017 r191008 362 362 void willDestroyDocumentInFrame(); 363 363 364 bool isSameSecurityOriginAsMainFrame() const; 365 364 366 #if ENABLE(GAMEPAD) 365 367 void incrementGamepadEventListenerCount();
Note: See TracChangeset
for help on using the changeset viewer.