Changeset 224290 in webkit
- Timestamp:
- Nov 1, 2017 1:38:58 PM (6 years ago)
- Location:
- trunk/Source/WebCore
- Files:
-
- 4 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/Source/WebCore/ChangeLog
r224287 r224290 1 2017-11-01 Ryosuke Niwa <rniwa@webkit.org> 2 3 Assert that NoEventDispatchAssertion is not in the stack when executing a script 4 https://bugs.webkit.org/show_bug.cgi?id=179107 5 6 Reviewed by Simon Fraser. 7 8 Assert that NoEventDispatchAssertion::isEventAllowedInMainThread() is true when we're about to execute a script 9 by adding the assertion in ScriptController::canExecuteScripts which gets called with AboutToExecuteScript 10 whenever we're about to run scripts in event handlers, etc... 11 12 We don't assert the construction of event handlers in JSLazyEventListener since this happens while copying 13 the DOM tree inside a SVG use element and creating a event handler's JS function won't execute arbitrary scripts. 14 15 No new tests since there should be no behavioral change other 16 17 * bindings/js/JSLazyEventListener.cpp: 18 (WebCore::JSLazyEventListener::initializeJSFunction const): Use newly added AboutToCreateEventListener. 19 (WebCore::JSLazyEventListener::create): Ditto. 20 * bindings/js/ScriptController.cpp: 21 (WebCore::ScriptController::canExecuteScripts): Added the assertion. 22 * bindings/js/ScriptController.h: 23 1 24 2017-11-01 Chris Dumez <cdumez@apple.com> 2 25 -
trunk/Source/WebCore/bindings/js/JSLazyEventListener.cpp
r223476 r224290 98 98 99 99 ScriptController& script = document.frame()->script(); 100 if (!script.canExecuteScripts(AboutTo ExecuteScript) || script.isPaused())100 if (!script.canExecuteScripts(AboutToCreateEventListener) || script.isPaused()) 101 101 return nullptr; 102 102 … … 169 169 String sourceURL; 170 170 if (Frame* frame = arguments.document.frame()) { 171 if (!frame->script().canExecuteScripts(AboutTo ExecuteScript))171 if (!frame->script().canExecuteScripts(AboutToCreateEventListener)) 172 172 return nullptr; 173 173 position = frame->script().eventHandlerPosition(); -
trunk/Source/WebCore/bindings/js/ScriptController.cpp
r223777 r224290 44 44 #include "ModuleFetchParameters.h" 45 45 #include "NP_jsobject.h" 46 #include "NoEventDispatchAssertion.h" 46 47 #include "Page.h" 47 48 #include "PageConsoleClient.h" … … 677 678 bool ScriptController::canExecuteScripts(ReasonForCallingCanExecuteScripts reason) 678 679 { 680 if (reason == AboutToExecuteScript) 681 ASSERT_WITH_SECURITY_IMPLICATION(NoEventDispatchAssertion::isEventAllowedInMainThread()); 682 679 683 if (m_frame.document() && m_frame.document()->isSandboxed(SandboxScripts)) { 680 684 // FIXME: This message should be moved off the console once a solution to https://bugs.webkit.org/show_bug.cgi?id=103274 exists. 681 if (reason == AboutToExecuteScript )685 if (reason == AboutToExecuteScript || reason == AboutToCreateEventListener) 682 686 m_frame.document()->addConsoleMessage(MessageSource::Security, MessageLevel::Error, "Blocked script execution in '" + m_frame.document()->url().stringCenterEllipsizedToLength() + "' because the document's frame is sandboxed and the 'allow-scripts' permission is not set."); 683 687 return false; -
trunk/Source/WebCore/bindings/js/ScriptController.h
r223777 r224290 65 65 66 66 enum ReasonForCallingCanExecuteScripts { 67 AboutToCreateEventListener, 67 68 AboutToExecuteScript, 68 69 NotAboutToExecuteScript
Note: See TracChangeset
for help on using the changeset viewer.