Changeset 263628 in webkit
- Timestamp:
- Jun 27, 2020 3:14:05 PM (4 years ago)
- Location:
- trunk
- Files:
-
- 2 added
- 11 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/LayoutTests/ChangeLog
r263626 r263628 1 2020-06-27 Mark Lam <mark.lam@apple.com> 2 3 Fix missing exception check in createIDBKeyFromValue(). 4 https://bugs.webkit.org/show_bug.cgi?id=213681 5 <rdar://problem/64804893> 6 7 Reviewed by Chris Dumez. 8 9 * storage/indexeddb/missing-exception-check-in-IDBKey-expected.txt: Added. 10 * storage/indexeddb/missing-exception-check-in-IDBKey.html: Added. 11 1 12 2020-06-27 Chris Dumez <cdumez@apple.com> 2 13 -
trunk/Source/WebCore/ChangeLog
r263627 r263628 1 2020-06-27 Mark Lam <mark.lam@apple.com> 2 3 Fix missing exception check in createIDBKeyFromValue(). 4 https://bugs.webkit.org/show_bug.cgi?id=213681 5 <rdar://problem/64804893> 6 7 Reviewed by Chris Dumez. 8 9 Test: storage/indexeddb/missing-exception-check-in-IDBKey.html 10 11 Also fixed up miscellaneous other exception check related code to enable the 12 new test to run with exception check validation. 13 14 * bindings/js/IDBBindingUtilities.cpp: 15 (WebCore::createIDBKeyFromValue): 16 * bindings/js/JSDOMBindingSecurity.cpp: 17 (WebCore::BindingSecurity::shouldAllowAccessToDOMWindow): 18 * bindings/js/JSDOMWindowBase.cpp: 19 (WebCore::JSDOMWindowBase::updateDocument): 20 * bindings/js/JSDOMWindowCustom.cpp: 21 (WebCore::JSDOMWindow::put): 22 (WebCore::JSDOMWindow::defineOwnProperty): 23 * bindings/js/ScriptController.cpp: 24 (WebCore::ScriptController::initScriptForWindowProxy): 25 * bindings/scripts/CodeGeneratorJS.pm: 26 (GenerateAttributeGetterBodyDefinition): 27 (GenerateAttributeSetterBodyDefinition): 28 (GenerateOperationBodyDefinition): 29 * bindings/scripts/test/JS/JSTestActiveDOMObject.cpp: 30 (WebCore::jsTestActiveDOMObjectExcitingAttrGetter): 31 (WebCore::jsTestActiveDOMObjectPrototypeFunctionExcitingFunctionBody): 32 (WebCore::jsTestActiveDOMObjectPrototypeFunctionOverloadedMethodOverloadDispatcher): 33 * bridge/objc/WebScriptObject.mm: 34 (-[WebScriptObject _isSafeScript]): 35 * testing/js/WebCoreTestSupport.cpp: 36 (WebCoreTestSupport::injectInternalsObject): 37 1 38 2020-06-27 Jer Noble <jer.noble@apple.com> 2 39 -
trunk/Source/WebCore/bindings/js/IDBBindingUtilities.cpp
r261574 r263628 2 2 * Copyright (C) 2010 Google Inc. All rights reserved. 3 3 * Copyright (C) 2012 Michael Pruett <michael@68k.org> 4 * Copyright (C) 2014-20 19Apple Inc. All rights reserved.4 * Copyright (C) 2014-2020 Apple Inc. All rights reserved. 5 5 * 6 6 * Redistribution and use in source and binary forms, with or without … … 188 188 { 189 189 VM& vm = lexicalGlobalObject.vm(); 190 auto scope = DECLARE_THROW_SCOPE(vm); 191 190 192 if (value.isNumber() && !std::isnan(value.toNumber(&lexicalGlobalObject))) 191 193 return IDBKey::createNumber(value.toNumber(&lexicalGlobalObject)); … … 216 218 for (size_t i = 0; i < length; i++) { 217 219 JSValue item = array->getIndex(&lexicalGlobalObject, i); 220 RETURN_IF_EXCEPTION(scope, { }); 218 221 RefPtr<IDBKey> subkey = createIDBKeyFromValue(lexicalGlobalObject, item, stack); 219 222 if (!subkey) -
trunk/Source/WebCore/bindings/js/JSDOMBindingSecurity.cpp
r251425 r263628 1 1 /* 2 2 * Copyright (C) 1999-2001 Harri Porten (porten@kde.org) 3 * Copyright (C) 2004-20 11, 2013, 2016Apple Inc. All rights reserved.3 * Copyright (C) 2004-2020 Apple Inc. All rights reserved. 4 4 * Copyright (C) 2007 Samuel Weinig <sam@webkit.org> 5 5 * Copyright (C) 2013 Michael Pruett <michael@68k.org> … … 88 88 bool BindingSecurity::shouldAllowAccessToDOMWindow(JSGlobalObject& lexicalGlobalObject, DOMWindow& globalObject, String& message) 89 89 { 90 if (BindingSecurity::shouldAllowAccessToDOMWindow(&lexicalGlobalObject, globalObject, DoNotReportSecurityError)) 90 VM& vm = lexicalGlobalObject.vm(); 91 auto scope = DECLARE_CATCH_SCOPE(vm); 92 93 bool shouldAllowAccess = BindingSecurity::shouldAllowAccessToDOMWindow(&lexicalGlobalObject, globalObject, DoNotReportSecurityError); 94 EXCEPTION_ASSERT_UNUSED(scope, !scope.exception()); 95 if (shouldAllowAccess) 91 96 return true; 92 97 message = globalObject.crossDomainAccessErrorMessage(activeDOMWindow(lexicalGlobalObject), IncludeTargetOrigin::No); -
trunk/Source/WebCore/bindings/js/JSDOMWindowBase.cpp
r261668 r263628 2 2 * Copyright (C) 2000 Harri Porten (porten@kde.org) 3 3 * Copyright (C) 2006 Jon Shier (jshier@iastate.edu) 4 * Copyright (C) 2003-20 17Apple Inc. All rights reseved.4 * Copyright (C) 2003-2020 Apple Inc. All rights reseved. 5 5 * Copyright (C) 2006 Alexey Proskuryakov (ap@webkit.org) 6 6 * Copyright (c) 2015 Canon Inc. All rights reserved. … … 127 127 ASSERT(m_wrapped->document()); 128 128 JSGlobalObject* lexicalGlobalObject = this; 129 VM& vm = lexicalGlobalObject->vm(); 130 auto scope = DECLARE_CATCH_SCOPE(vm); 131 129 132 bool shouldThrowReadOnlyError = false; 130 133 bool ignoreReadOnlyErrors = true; 131 134 bool putResult = false; 132 symbolTablePutTouchWatchpointSet(this, lexicalGlobalObject, static_cast<JSVMClientData*>(lexicalGlobalObject->vm().clientData)->builtinNames().documentPublicName(), toJS(lexicalGlobalObject, this, m_wrapped->document()), shouldThrowReadOnlyError, ignoreReadOnlyErrors, putResult); 135 symbolTablePutTouchWatchpointSet(this, lexicalGlobalObject, static_cast<JSVMClientData*>(vm.clientData)->builtinNames().documentPublicName(), toJS(lexicalGlobalObject, this, m_wrapped->document()), shouldThrowReadOnlyError, ignoreReadOnlyErrors, putResult); 136 EXCEPTION_ASSERT_UNUSED(scope, !scope.exception()); 133 137 } 134 138 -
trunk/Source/WebCore/bindings/js/JSDOMWindowCustom.cpp
r261668 r263628 1 1 /* 2 * Copyright (C) 2007-20 19Apple Inc. All rights reserved.2 * Copyright (C) 2007-2020 Apple Inc. All rights reserved. 3 3 * Copyright (C) 2011 Google Inc. All rights reserved. 4 4 * … … 300 300 } 301 301 302 return Base::put(thisObject, lexicalGlobalObject, propertyName, value, slot);302 RELEASE_AND_RETURN(scope, Base::put(thisObject, lexicalGlobalObject, propertyName, value, slot)); 303 303 } 304 304 … … 419 419 { 420 420 JSC::VM& vm = lexicalGlobalObject->vm(); 421 auto scope = DECLARE_THROW_SCOPE(vm); 422 421 423 JSDOMWindow* thisObject = jsCast<JSDOMWindow*>(object); 422 424 // Only allow defining properties in this way by frames in the same origin, as it allows setters to be introduced. 423 425 if (!BindingSecurity::shouldAllowAccessToDOMWindow(lexicalGlobalObject, thisObject->wrapped(), ThrowSecurityError)) 424 return false; 425 426 RELEASE_AND_RETURN(scope, false); 427 428 EXCEPTION_ASSERT(!scope.exception()); 426 429 // Don't allow shadowing location using accessor properties. 427 430 if (descriptor.isAccessorDescriptor() && propertyName == Identifier::fromString(vm, "location")) 428 431 return false; 429 432 430 return Base::defineOwnProperty(thisObject, lexicalGlobalObject, propertyName, descriptor, shouldThrow);433 RELEASE_AND_RETURN(scope, Base::defineOwnProperty(thisObject, lexicalGlobalObject, propertyName, descriptor, shouldThrow)); 431 434 } 432 435 -
trunk/Source/WebCore/bindings/js/ScriptController.cpp
r263422 r263628 265 265 { 266 266 auto& world = windowProxy.world(); 267 JSC::VM& vm = world.vm(); 268 auto scope = DECLARE_CATCH_SCOPE(vm); 267 269 268 270 jsCast<JSDOMWindow*>(windowProxy.window())->updateDocument(); 271 EXCEPTION_ASSERT_UNUSED(scope, !scope.exception()); 269 272 270 273 if (Document* document = m_frame.document()) -
trunk/Source/WebCore/bindings/scripts/CodeGeneratorJS.pm
r263450 r263628 4975 4975 AddToImplIncludes("JSDOMBindingSecurity.h", $conditional); 4976 4976 if ($interface->type->name eq "DOMWindow") { 4977 push(@$outputArray, " if (!BindingSecurity::shouldAllowAccessToDOMWindow(&lexicalGlobalObject, thisObject.wrapped(), ThrowSecurityError))\n");4977 push(@$outputArray, " bool shouldAllowAccess = BindingSecurity::shouldAllowAccessToDOMWindow(&lexicalGlobalObject, thisObject.wrapped(), ThrowSecurityError);\n"); 4978 4978 } else { 4979 push(@$outputArray, " if (!BindingSecurity::shouldAllowAccessToDOMWindow(&lexicalGlobalObject, thisObject.wrapped().window(), ThrowSecurityError))\n"); 4980 } 4979 push(@$outputArray, " bool shouldAllowAccess = BindingSecurity::shouldAllowAccessToDOMWindow(&lexicalGlobalObject, thisObject.wrapped().window(), ThrowSecurityError);\n"); 4980 } 4981 push(@$outputArray, " EXCEPTION_ASSERT(!throwScope.exception() || !shouldAllowAccess);\n"); 4982 push(@$outputArray, " if (!shouldAllowAccess)\n"); 4981 4983 push(@$outputArray, " return jsUndefined();\n"); 4982 4984 } … … 5108 5110 AddToImplIncludes("JSDOMBindingSecurity.h", $conditional); 5109 5111 if ($interface->type->name eq "DOMWindow") { 5110 push(@$outputArray, " if (!BindingSecurity::shouldAllowAccessToDOMWindow(&lexicalGlobalObject, thisObject.wrapped(), ThrowSecurityError))\n");5112 push(@$outputArray, " bool shouldAllowAccess = BindingSecurity::shouldAllowAccessToDOMWindow(&lexicalGlobalObject, thisObject.wrapped(), ThrowSecurityError);\n"); 5111 5113 } else { 5112 push(@$outputArray, " if (!BindingSecurity::shouldAllowAccessToDOMWindow(&lexicalGlobalObject, thisObject.wrapped().window(), ThrowSecurityError))\n"); 5113 } 5114 push(@$outputArray, " bool shouldAllowAccess = BindingSecurity::shouldAllowAccessToDOMWindow(&lexicalGlobalObject, thisObject.wrapped().window(), ThrowSecurityError);\n"); 5115 } 5116 push(@$outputArray, " EXCEPTION_ASSERT(!throwScope.exception() || !shouldAllowAccess);\n"); 5117 push(@$outputArray, " if (!shouldAllowAccess)\n"); 5114 5118 push(@$outputArray, " return false;\n"); 5115 5119 } … … 5329 5333 AddToImplIncludes("JSDOMBindingSecurity.h", $conditional); 5330 5334 if ($interface->type->name eq "DOMWindow") { 5331 push(@$outputArray, " if (!BindingSecurity::shouldAllowAccessToDOMWindow(lexicalGlobalObject, castedThis->wrapped(), ThrowSecurityError))\n"); 5332 push(@$outputArray, " return JSValue::encode(jsUndefined());\n"); 5335 push(@$outputArray, " bool shouldAllowAccess = BindingSecurity::shouldAllowAccessToDOMWindow(lexicalGlobalObject, castedThis->wrapped(), ThrowSecurityError);\n"); 5333 5336 } else { 5334 push(@$outputArray, " if (!BindingSecurity::shouldAllowAccessToDOMWindow(lexicalGlobalObject, castedThis->wrapped().window(), ThrowSecurityError))\n"); 5335 push(@$outputArray, " return JSValue::encode(jsUndefined());\n"); 5337 push(@$outputArray, " bool shouldAllowAccess = BindingSecurity::shouldAllowAccessToDOMWindow(lexicalGlobalObject, castedThis->wrapped().window(), ThrowSecurityError);\n"); 5336 5338 } 5339 push(@$outputArray, " EXCEPTION_ASSERT(!throwScope.exception() || !shouldAllowAccess);\n"); 5340 push(@$outputArray, " if (!shouldAllowAccess)\n"); 5341 push(@$outputArray, " return JSValue::encode(jsUndefined());\n"); 5337 5342 } 5338 5343 } -
trunk/Source/WebCore/bindings/scripts/test/JS/JSTestActiveDOMObject.cpp
r260992 r263628 219 219 UNUSED_PARAM(throwScope); 220 220 UNUSED_PARAM(lexicalGlobalObject); 221 if (!BindingSecurity::shouldAllowAccessToDOMWindow(&lexicalGlobalObject, thisObject.wrapped().window(), ThrowSecurityError)) 221 bool shouldAllowAccess = BindingSecurity::shouldAllowAccessToDOMWindow(&lexicalGlobalObject, thisObject.wrapped().window(), ThrowSecurityError); 222 EXCEPTION_ASSERT(!throwScope.exception() || !shouldAllowAccess); 223 if (!shouldAllowAccess) 222 224 return jsUndefined(); 223 225 auto& impl = thisObject.wrapped(); … … 236 238 UNUSED_PARAM(callFrame); 237 239 UNUSED_PARAM(throwScope); 238 if (!BindingSecurity::shouldAllowAccessToDOMWindow(lexicalGlobalObject, castedThis->wrapped().window(), ThrowSecurityError)) 240 bool shouldAllowAccess = BindingSecurity::shouldAllowAccessToDOMWindow(lexicalGlobalObject, castedThis->wrapped().window(), ThrowSecurityError); 241 EXCEPTION_ASSERT(!throwScope.exception() || !shouldAllowAccess); 242 if (!shouldAllowAccess) 239 243 return JSValue::encode(jsUndefined()); 240 244 auto& impl = castedThis->wrapped(); … … 308 312 UNUSED_PARAM(callFrame); 309 313 UNUSED_PARAM(throwScope); 310 if (!BindingSecurity::shouldAllowAccessToDOMWindow(lexicalGlobalObject, castedThis->wrapped().window(), ThrowSecurityError)) 314 bool shouldAllowAccess = BindingSecurity::shouldAllowAccessToDOMWindow(lexicalGlobalObject, castedThis->wrapped().window(), ThrowSecurityError); 315 EXCEPTION_ASSERT(!throwScope.exception() || !shouldAllowAccess); 316 if (!shouldAllowAccess) 311 317 return JSValue::encode(jsUndefined()); 312 318 VM& vm = JSC::getVM(lexicalGlobalObject); -
trunk/Source/WebCore/bridge/objc/WebScriptObject.mm
r261070 r263628 1 1 /* 2 * Copyright (C) 2004-20 19Apple Inc. All rights reserved.2 * Copyright (C) 2004-2020 Apple Inc. All rights reserved. 3 3 * 4 4 * Redistribution and use in source and binary forms, with or without … … 276 276 // JSDOMWindowBase* isn't the right object to represent the currently executing 277 277 // JavaScript. Instead, we should use JSGlobalObject, like we do elsewhere. 278 auto* target = JSC::jsDynamicCast<JSDOMWindowBase*>(root->globalObject()->vm(), root->globalObject()); 278 JSC::JSGlobalObject* globalObject = root->globalObject(); 279 JSC::VM& vm = globalObject->vm(); 280 auto scope = DECLARE_CATCH_SCOPE(vm); 281 282 auto* target = JSC::jsDynamicCast<JSDOMWindowBase*>(vm, globalObject); 279 283 if (!target) 280 284 return false; 281 return BindingSecurity::shouldAllowAccessToDOMWindow(_private->originRootObject->globalObject(), target->wrapped()); 285 286 bool isSafe = BindingSecurity::shouldAllowAccessToDOMWindow(_private->originRootObject->globalObject(), target->wrapped()); 287 EXCEPTION_ASSERT_UNUSED(scope, !scope.exception()); 288 return isSafe; 282 289 } 283 290 -
trunk/Source/WebCore/testing/js/WebCoreTestSupport.cpp
r261539 r263628 1 1 /* 2 2 * Copyright (C) 2011, 2015 Google Inc. All rights reserved. 3 * Copyright (C) 2016-20 19Apple Inc. All rights reserved.3 * Copyright (C) 2016-2020 Apple Inc. All rights reserved. 4 4 * 5 5 * Redistribution and use in source and binary forms, with or without … … 59 59 JSGlobalObject* lexicalGlobalObject = toJS(context); 60 60 VM& vm = lexicalGlobalObject->vm(); 61 auto scope = DECLARE_CATCH_SCOPE(vm); 61 62 JSLockHolder lock(vm); 62 63 JSDOMGlobalObject* globalObject = jsCast<JSDOMGlobalObject*>(lexicalGlobalObject); … … 67 68 globalObject->exposeDollarVM(vm); 68 69 } 70 EXCEPTION_ASSERT_UNUSED(scope, !scope.exception()); 69 71 } 70 72
Note: See TracChangeset
for help on using the changeset viewer.