Changeset 191008 in webkit


Ignore:
Timestamp:
Oct 13, 2015 2:46:10 PM (9 years ago)
Author:
dino@apple.com
Message:

Device motion and orientation should only be visible from the main frame's security origin
https://bugs.webkit.org/show_bug.cgi?id=150072
<rdar://problem/23082036>

Reviewed by Brent Fulgham.

.:

Add a manual test for cross-origin device orientation events, while
we're waiting on the mock client to be supported everywhere.

  • ManualTests/deviceorientation-child-frame.html: Added.
  • ManualTests/deviceorientation-main-frame-only.html: Added.

Source/WebCore:

There are reports that gyroscope and accelerometer information can
be used to detect keyboard entry. One initial step to reduce the
risk is to forbid device motion and orientation events from
being fired in frames that are a different security origin from the main page.

Manual test: deviceorientation-main-frame-only.html

  • page/DOMWindow.cpp:

(WebCore::DOMWindow::isSameSecurityOriginAsMainFrame): New helper function.
(WebCore::DOMWindow::addEventListener): Check if we are the main frame, or the
same security origin as the main frame. If not, don't add the event
listeners.

Location:
trunk
Files:
2 added
4 edited

Legend:

Unmodified
Added
Removed

  • trunk/ChangeLog

    r190909 r191008  
     12015-10-13  Dean Jackson  <dino@apple.com>
     2
     3        Device motion and orientation should only be visible from the main frame's security origin
     4        https://bugs.webkit.org/show_bug.cgi?id=150072
     5        <rdar://problem/23082036>
     6
     7        Reviewed by Brent Fulgham.
     8
     9        Add a manual test for cross-origin device orientation events, while
     10        we're waiting on the mock client to be supported everywhere.
     11
     12        * ManualTests/deviceorientation-child-frame.html: Added.
     13        * ManualTests/deviceorientation-main-frame-only.html: Added.
     14
    1152015-10-12  Philip Chimento  <philip.chimento@gmail.com>
    216

  • trunk/Source/WebCore/ChangeLog

    r191007 r191008  
     12015-10-13  Dean Jackson  <dino@apple.com>
     2
     3        Device motion and orientation should only be visible from the main frame's security origin
     4        https://bugs.webkit.org/show_bug.cgi?id=150072
     5        <rdar://problem/23082036>
     6
     7        Reviewed by Brent Fulgham.
     8
     9        There are reports that gyroscope and accelerometer information can
     10        be used to detect keyboard entry. One initial step to reduce the
     11        risk is to forbid device motion and orientation events from
     12        being fired in frames that are a different security origin from the main page.
     13
     14        Manual test: deviceorientation-main-frame-only.html
     15
     16        * page/DOMWindow.cpp:
     17        (WebCore::DOMWindow::isSameSecurityOriginAsMainFrame): New helper function.
     18        (WebCore::DOMWindow::addEventListener): Check if we are the main frame, or the
     19        same security origin as the main frame. If not, don't add the event
     20        listeners.
     21
    1222015-10-12  Dean Jackson  <dino@apple.com>
    223

  • trunk/Source/WebCore/page/DOMWindow.cpp

    r190510 r191008  
    16921692}
    16931693
     1694bool DOMWindow::isSameSecurityOriginAsMainFrame() const
     1695{
     1696    if (!m_frame || !m_frame->page() || !document())
     1697        return false;
     1698
     1699    if (m_frame->isMainFrame())
     1700        return true;
     1701
     1702    Document* mainFrameDocument = m_frame->mainFrame().document();
     1703
     1704    if (mainFrameDocument && document()->securityOrigin()->canAccess(mainFrameDocument->securityOrigin()))
     1705        return true;
     1706
     1707    return false;
     1708}
     1709
    16941710bool DOMWindow::addEventListener(const AtomicString& eventType, RefPtr<EventListener>&& listener, bool useCapture)
    16951711{
     
    17131729#if ENABLE(DEVICE_ORIENTATION)
    17141730#if PLATFORM(IOS)
    1715     else if (eventType == eventNames().devicemotionEvent && document())
    1716         document()->deviceMotionController()->addDeviceEventListener(this);
    1717     else if (eventType == eventNames().deviceorientationEvent && document())
    1718         document()->deviceOrientationController()->addDeviceEventListener(this);
     1731    else if ((eventType == eventNames().devicemotionEvent || eventType == eventNames().deviceorientationEvent) && document()) {
     1732        if (isSameSecurityOriginAsMainFrame()) {
     1733            if (eventType == eventNames().deviceorientationEvent)
     1734                document()->deviceOrientationController()->addDeviceEventListener(this);
     1735            else
     1736                document()->deviceMotionController()->addDeviceEventListener(this);
     1737        } else if (document())
     1738            document()->addConsoleMessage(MessageSource::JS, MessageLevel::Warning, ASCIILiteral("Blocked attempt add device motion or orientation listener from child frame that wasn't the same security origin as the main page."));
     1739    }
    17191740#else
    17201741    else if (eventType == eventNames().devicemotionEvent && RuntimeEnabledFeatures::sharedFeatures().deviceMotionEnabled()) {
    1721         if (DeviceMotionController* controller = DeviceMotionController::from(page()))
    1722             controller->addDeviceEventListener(this);
     1742        if (isSameSecurityOriginAsMainFrame()) {
     1743            if (DeviceMotionController* controller = DeviceMotionController::from(page()))
     1744                controller->addDeviceEventListener(this);
     1745        } else if (document())
     1746            document()->addConsoleMessage(MessageSource::JS, MessageLevel::Warning, ASCIILiteral("Blocked attempt add device motion listener from child frame that wasn't the same security origin as the main page."));
    17231747    } else if (eventType == eventNames().deviceorientationEvent && RuntimeEnabledFeatures::sharedFeatures().deviceOrientationEnabled()) {
    1724         if (DeviceOrientationController* controller = DeviceOrientationController::from(page()))
    1725             controller->addDeviceEventListener(this);
     1748        if (isSameSecurityOriginAsMainFrame()) {
     1749            if (DeviceOrientationController* controller = DeviceOrientationController::from(page()))
     1750                controller->addDeviceEventListener(this);
     1751        } else if (document())
     1752            document()->addConsoleMessage(MessageSource::JS, MessageLevel::Warning, ASCIILiteral("Blocked attempt add device orientation listener from child frame that wasn't the same security origin as the main page."));
    17261753    }
    17271754#endif // PLATFORM(IOS)

  • trunk/Source/WebCore/page/DOMWindow.h

    r190017 r191008  
    362362        void willDestroyDocumentInFrame();
    363363
     364        bool isSameSecurityOriginAsMainFrame() const;
     365
    364366#if ENABLE(GAMEPAD)
    365367        void incrementGamepadEventListenerCount();
Note: See TracChangeset for help on using the changeset viewer.