Changeset 32791 in webkit

Timestamp:

May 1, 2008 7:08:43 PM (16 years ago)

Author:

weinig@apple.com

Message:

WebCore:

2008-05-01 Sam Weinig <​sam@webkit.org>

Reviewed by Geoffrey Garen.

Fixes:

• ​https://bugs.webkit.org/show_bug.cgi?id=17249 Incorrect lexical scope after navigation leads to UXSS <rdar://problem/5738497>

• ​https://bugs.webkit.org/show_bug.cgi?id=16824 Script authorization should follow lexical (not dynamic) scope <rdar://problem/5683032>

This patch changes us to perform same-origin checks based on the lexical global object)
rather than dynamic global object, which is now possible we don't re-use the window on
navigations, but rather switch in a new one and re-use the outer shell. This is both
more secure and conforms with the HTML5 specification. Now that all the checks are
done based on the lexical global object, we can remove the SecurityOrigin::Reason
concept, as it was only around to work around an ebay.com bug that required the check to
be done that way.

An important thing to note is that we currently implement a stricter than necessary policy
and perform the same-origin check based on the currently active global object to avoid leaking
the document in cases when the target frame is navigated before access. This will be fixed in
an upcoming patch.

• bindings/js/JSDOMWindowBase.cpp: (WebCore::JSDOMWindowBase::allowsAccessFrom): (WebCore::JSDOMWindowBase::allowsAccessFromNoErrorMessage): (WebCore::JSDOMWindowBase::allowsAccessFromPrivate): (WebCore::JSDOMWindowBase::crossDomainAccessErrorMessage): (WebCore::JSDOMWindowBase::printErrorMessage): (WebCore::asJSDOMWindow):
• bindings/js/JSDOMWindowBase.h:
• html/CanvasRenderingContext2D.cpp: (WebCore::CanvasRenderingContext2D::checkOrigin): (WebCore::CanvasRenderingContext2D::createPattern):
• loader/FrameLoader.cpp: (WebCore::FrameLoader::begin): (WebCore::FrameLoader::write): (WebCore::FrameLoader::setOpener): (WebCore::FrameLoader::shouldAllowNavigation):
• page/DOMWindow.h: (WebCore::DOMWindow::setSecurityOrigin): (WebCore::DOMWindow::securityOrigin): (WebCore::DOMWindow::setURL): (WebCore::DOMWindow::url):
• platform/SecurityOrigin.cpp: (WebCore::SecurityOrigin::canAccess): (WebCore::SecurityOrigin::isSecureTransitionTo):
• platform/SecurityOrigin.h:

LayoutTests:

2008-05-01 Sam Weinig <​sam@webkit.org>

Reviewed by Geoffrey Garen.

• http/tests/security/listener/xss-JSTargetNode-onclick-addEventListener-expected.txt:
• http/tests/security/listener/xss-JSTargetNode-onclick-shortcut-expected.txt:
• http/tests/security/listener/xss-XMLHttpRequest-addEventListener-expected.txt:
• http/tests/security/listener/xss-XMLHttpRequest-shortcut-expected.txt:
• http/tests/security/listener/xss-window-onclick-addEventListener-expected.txt:
• http/tests/security/listener/xss-window-onclick-shortcut-expected.txt:
• http/tests/security/xss-eval-expected.txt:

Location:

trunk

Files:

• LayoutTests/ChangeLog (modified) (1 diff)
• LayoutTests/http/tests/security/listener/xss-JSTargetNode-onclick-addEventListener-expected.txt (modified) (1 diff)
• LayoutTests/http/tests/security/listener/xss-JSTargetNode-onclick-shortcut-expected.txt (modified) (1 diff)
• LayoutTests/http/tests/security/listener/xss-XMLHttpRequest-addEventListener-expected.txt (modified) (1 diff)
• LayoutTests/http/tests/security/listener/xss-XMLHttpRequest-shortcut-expected.txt (modified) (1 diff)
• LayoutTests/http/tests/security/listener/xss-window-onclick-addEventListener-expected.txt (modified) (1 diff)
• LayoutTests/http/tests/security/listener/xss-window-onclick-shortcut-expected.txt (modified) (1 diff)
• LayoutTests/http/tests/security/xss-eval-expected.txt (modified) (1 diff)
• WebCore/ChangeLog (modified) (1 diff)
• WebCore/bindings/js/JSDOMWindowBase.cpp (modified) (5 diffs)
• WebCore/bindings/js/JSDOMWindowBase.h (modified) (4 diffs)
• WebCore/html/CanvasRenderingContext2D.cpp (modified) (2 diffs)
• WebCore/loader/FrameLoader.cpp (modified) (4 diffs)
• WebCore/page/DOMWindow.h (modified) (3 diffs)
• WebCore/platform/SecurityOrigin.cpp (modified) (3 diffs)
• WebCore/platform/SecurityOrigin.h (modified) (1 diff)

trunk/LayoutTests/ChangeLog

@@ +1 @@
+2008-05-01  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Geoffrey Garen.
+
+        * http/tests/security/listener/xss-JSTargetNode-onclick-addEventListener-expected.txt:
+        * http/tests/security/listener/xss-JSTargetNode-onclick-shortcut-expected.txt:
+        * http/tests/security/listener/xss-XMLHttpRequest-addEventListener-expected.txt:
+        * http/tests/security/listener/xss-XMLHttpRequest-shortcut-expected.txt:
+        * http/tests/security/listener/xss-window-onclick-addEventListener-expected.txt:
+        * http/tests/security/listener/xss-window-onclick-shortcut-expected.txt:
+        * http/tests/security/xss-eval-expected.txt:
+
 2008-05-01  Anders Carlsson  <andersca@apple.com>
 

trunk/LayoutTests/http/tests/security/listener/xss-JSTargetNode-onclick-addEventListener-expected.txt

@@ -1 @@
-CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe.html from frame with URL http://127.0.0.1:8000/security/listener/resources/childWithButton.html. Domains, protocols and ports must match.
+CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe.html from frame with URL http://127.0.0.1:8000/security/listener/resources/targetChild-JSTargetNode-onclick-addEventListener.html. Domains, protocols and ports must match.
 
 CONSOLE MESSAGE: line 6: Value undefined (result of expression alert) is not object.

trunk/LayoutTests/http/tests/security/listener/xss-JSTargetNode-onclick-shortcut-expected.txt

@@ -1 @@
-CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe.html from frame with URL http://127.0.0.1:8000/security/listener/resources/childWithButton.html. Domains, protocols and ports must match.
+CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe.html from frame with URL http://127.0.0.1:8000/security/listener/resources/targetChild-JSTargetNode-onclick-shortcut.html. Domains, protocols and ports must match.
 
 CONSOLE MESSAGE: line 6: Value undefined (result of expression alert) is not object.

trunk/LayoutTests/http/tests/security/listener/xss-XMLHttpRequest-addEventListener-expected.txt

@@ -1 @@
-CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe.html from frame with URL http://127.0.0.1:8000/security/listener/resources/childWithXMLHttpRequest.html. Domains, protocols and ports must match.
+CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe.html from frame with URL http://127.0.0.1:8000/security/listener/resources/targetChild-XMLHttpRequest-addEventListener.html. Domains, protocols and ports must match.
 
 CONSOLE MESSAGE: line 6: Value undefined (result of expression alert) is not object.

trunk/LayoutTests/http/tests/security/listener/xss-XMLHttpRequest-shortcut-expected.txt

@@ -1 @@
-CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe.html from frame with URL http://127.0.0.1:8000/security/listener/resources/childWithXMLHttpRequest.html. Domains, protocols and ports must match.
+CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe.html from frame with URL http://127.0.0.1:8000/security/listener/resources/targetChild-XMLHttpRequest-shortcut.html. Domains, protocols and ports must match.
 
 CONSOLE MESSAGE: line 6: Value undefined (result of expression alert) is not object.

trunk/LayoutTests/http/tests/security/listener/xss-window-onclick-addEventListener-expected.txt

@@ -1 @@
-CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe.html from frame with URL http://127.0.0.1:8000/security/listener/resources/childWindow.html. Domains, protocols and ports must match.
+CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe.html from frame with URL http://127.0.0.1:8000/security/listener/resources/targetChild-window-onclick-addEventListener.html. Domains, protocols and ports must match.
 
 CONSOLE MESSAGE: line 6: Value undefined (result of expression alert) is not object.

trunk/LayoutTests/http/tests/security/listener/xss-window-onclick-shortcut-expected.txt

@@ -1 @@
-CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe.html from frame with URL http://127.0.0.1:8000/security/listener/resources/childWindow.html. Domains, protocols and ports must match.
+CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe.html from frame with URL http://127.0.0.1:8000/security/listener/resources/targetChild-window-onclick-shortcut.html. Domains, protocols and ports must match.
 
 CONSOLE MESSAGE: line 6: Value undefined (result of expression alert) is not object.

trunk/LayoutTests/http/tests/security/xss-eval-expected.txt

@@ -1 @@
-CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/xss-eval3.html from frame with URL http://127.0.0.1:8000/security/xss-eval.html. Domains, protocols and ports must match.
+CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/xss-eval3.html from frame with URL http://127.0.0.1:8000/security/resources/xss-eval2.html. Domains, protocols and ports must match.
 
 This page verifies that you can't use eval to subvert cross-domain checks.

trunk/WebCore/ChangeLog

@@ +1 @@
+2008-05-01  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Geoffrey Garen.
+
+        Fixes:
+          - https://bugs.webkit.org/show_bug.cgi?id=17249
+            Incorrect lexical scope after navigation leads to UXSS
+            <rdar://problem/5738497>
+
+          - https://bugs.webkit.org/show_bug.cgi?id=16824
+            Script authorization should follow lexical (not dynamic) scope
+            <rdar://problem/5683032>
+
+        This patch changes us to perform same-origin checks based on the lexical global object) 
+        rather than dynamic global object, which is now possible we don't re-use the window on 
+        navigations, but rather switch in a new one and re-use the outer shell.  This is both
+        more secure and conforms with the HTML5 specification.  Now that all the checks are
+        done based on the lexical global object, we can remove the SecurityOrigin::Reason
+        concept, as it was only around to work around an ebay.com bug that required the check to
+        be done that way.
+
+        An important thing to note is that we currently implement a stricter than necessary policy
+        and perform the same-origin check based on the currently active global object to avoid leaking
+        the document in cases when the target frame is navigated before access.  This will be fixed in
+        an upcoming patch.
+
+        * bindings/js/JSDOMWindowBase.cpp:
+        (WebCore::JSDOMWindowBase::allowsAccessFrom):
+        (WebCore::JSDOMWindowBase::allowsAccessFromNoErrorMessage):
+        (WebCore::JSDOMWindowBase::allowsAccessFromPrivate):
+        (WebCore::JSDOMWindowBase::crossDomainAccessErrorMessage):
+        (WebCore::JSDOMWindowBase::printErrorMessage):
+        (WebCore::asJSDOMWindow):
+        * bindings/js/JSDOMWindowBase.h:
+        * html/CanvasRenderingContext2D.cpp:
+        (WebCore::CanvasRenderingContext2D::checkOrigin):
+        (WebCore::CanvasRenderingContext2D::createPattern):
+        * loader/FrameLoader.cpp:
+        (WebCore::FrameLoader::begin):
+        (WebCore::FrameLoader::write):
+        (WebCore::FrameLoader::setOpener):
+        (WebCore::FrameLoader::shouldAllowNavigation):
+        * page/DOMWindow.h:
+        (WebCore::DOMWindow::setSecurityOrigin):
+        (WebCore::DOMWindow::securityOrigin):
+        (WebCore::DOMWindow::setURL):
+        (WebCore::DOMWindow::url):
+        * platform/SecurityOrigin.cpp:
+        (WebCore::SecurityOrigin::canAccess):
+        (WebCore::SecurityOrigin::isSecureTransitionTo):
+        * platform/SecurityOrigin.h:
+
 2008-05-01  Anders Carlsson  <andersca@apple.com>
 

trunk/WebCore/bindings/js/JSDOMWindowBase.cpp

@@ -734 +734 @@
 bool JSDOMWindowBase::allowsAccessFrom(const JSGlobalObject* other) const
 {
-    SecurityOrigin::Reason reason;
-    if (allowsAccessFromPrivate(other, reason))
+    if (allowsAccessFromPrivate(other))
         return true;
-    printErrorMessage(crossDomainAccessErrorMessage(other, reason));
+    printErrorMessage(crossDomainAccessErrorMessage(other));
     return false;
 }
@@ -743 +742 @@
 bool JSDOMWindowBase::allowsAccessFrom(ExecState* exec) const
 {
-    SecurityOrigin::Reason reason;
-    if (allowsAccessFromPrivate(exec, reason))
+    if (allowsAccessFromPrivate(exec->lexicalGlobalObject()))
         return true;
-    printErrorMessage(crossDomainAccessErrorMessage(exec->dynamicGlobalObject(), reason));
+    printErrorMessage(crossDomainAccessErrorMessage(exec->lexicalGlobalObject()));
     return false;
 }
@@ -752 +750 @@
 bool JSDOMWindowBase::allowsAccessFromNoErrorMessage(ExecState* exec) const
 {
-    SecurityOrigin::Reason reason;
-    return allowsAccessFromPrivate(exec, reason);
+    return allowsAccessFromPrivate(exec->lexicalGlobalObject());
 }
 
 bool JSDOMWindowBase::allowsAccessFrom(ExecState* exec, String& message) const
 {
-    SecurityOrigin::Reason reason;
-    if (allowsAccessFromPrivate(exec, reason))
+    if (allowsAccessFromPrivate(exec->lexicalGlobalObject()))
         return true;
-    message = crossDomainAccessErrorMessage(exec->dynamicGlobalObject(), reason);
+    message = crossDomainAccessErrorMessage(exec->lexicalGlobalObject());
     return false;
 }
     
-ALWAYS_INLINE bool JSDOMWindowBase::allowsAccessFromPrivate(const ExecState* exec, SecurityOrigin::Reason& reason) const
-{
-    if (allowsAccessFromPrivate(exec->dynamicGlobalObject(), reason))
+ALWAYS_INLINE bool JSDOMWindowBase::allowsAccessFromPrivate(const JSGlobalObject* other) const
+{
+    const JSDOMWindow* originWindow = asJSDOMWindow(other);
+    const JSDOMWindow* targetWindow = toJSDOMWindow(impl()->frame());
+
+    if (originWindow == targetWindow)
         return true;
-    if (reason == SecurityOrigin::DomainSetInDOMMismatch) {
-        // If the only reason the access failed was a domainSetInDOM bit mismatch, try again against 
-        // lexical global object <rdar://problem/5698200>
-        if (allowsAccessFromPrivate(exec->lexicalGlobalObject(), reason))
-            return true;
-    }
-    return false;
-}
-
-ALWAYS_INLINE bool JSDOMWindowBase::allowsAccessFromPrivate(const JSGlobalObject* other, SecurityOrigin::Reason& reason) const
-{
-    const Frame* originFrame = static_cast<const JSDOMWindowBase*>(other)->impl()->frame();
-    if (!originFrame) {
-        reason = SecurityOrigin::GenericMismatch;
-        return false;
-    }
-
-    const Frame* targetFrame = impl()->frame();
-
-    if (originFrame == targetFrame)
-        return true;
-    
-    if (!targetFrame) {
-        reason = SecurityOrigin::GenericMismatch;
-        return false;
-    }
-
-    Document* targetDocument = targetFrame->document();
 
     // JS may be attempting to access the "window" object, which should be valid,
     // even if the document hasn't been constructed yet.  If the document doesn't
     // exist yet allow JS to access the window object.
-    if (!targetDocument)
+    if (!originWindow->impl()->document())
         return true;
 
-    Document* originDocument = originFrame->document();
-
-    const SecurityOrigin* originSecurityOrigin = originDocument->securityOrigin();
-    const SecurityOrigin* targetSecurityOrigin = targetDocument->securityOrigin();
-
-    if (originSecurityOrigin->canAccess(targetSecurityOrigin, reason))
-        return true;
-
-    return false;
-}
-
-String JSDOMWindowBase::crossDomainAccessErrorMessage(const JSGlobalObject* other, SecurityOrigin::Reason) const
-{
-    const Frame* originFrame = static_cast<const JSDOMWindowBase*>(other)->impl()->frame();
-    const Frame* targetFrame = impl()->frame();
-    if (!originFrame || !targetFrame)
+    const SecurityOrigin* originSecurityOrigin = originWindow->impl()->securityOrigin();
+    const SecurityOrigin* targetSecurityOrigin = targetWindow->impl()->securityOrigin();
+
+    return originSecurityOrigin->canAccess(targetSecurityOrigin);
+}
+
+String JSDOMWindowBase::crossDomainAccessErrorMessage(const JSGlobalObject* other) const
+{
+    KURL originURL = asJSDOMWindow(other)->impl()->url();
+    KURL targetURL = impl()->frame()->document()->url();
+    if (originURL.isNull() || targetURL.isNull())
         return String();
-    Document* targetDocument = targetFrame->document();
-    Document* originDocument = originFrame->document();
-    if (!originDocument || !targetDocument)
-        return String();
+
     // FIXME: this error message should contain more specifics of why the same origin check has failed.
     return String::format("Unsafe JavaScript attempt to access frame with URL %s from frame with URL %s. Domains, protocols and ports must match.\n",
-        targetDocument->url().string().utf8().data(), originDocument->url().string().utf8().data());
+        targetURL.string().utf8().data(), originURL.string().utf8().data());
 }
 
@@ -845 +808 @@
         printf("%s", message.utf8().data());
 
-    frame->domWindow()->console()->addMessage(JSMessageSource, ErrorMessageLevel, message, 1, String()); // FIXME: provide a real line number and source URL.
+    impl()->console()->addMessage(JSMessageSource, ErrorMessageLevel, message, 1, String()); // FIXME: provide a real line number and source URL.
 }
 
@@ -1427 +1390 @@
 }
 
+const JSDOMWindow* asJSDOMWindow(const JSGlobalObject* globalObject)
+{
+    return static_cast<const JSDOMWindow*>(globalObject);
+}
+
 } // namespace WebCore

trunk/WebCore/bindings/js/JSDOMWindowBase.h

@@ -22 +22 @@
 
 #include "PlatformString.h"
-#include "SecurityOrigin.h"
 #include "kjs_binding.h"
 #include <kjs/protect.h>
@@ -41 +40 @@
     class PausedTimeouts;
     class ScheduledAction;
+    class SecurityOrigin;
 
     class JSDOMWindowBasePrivate;
@@ -149 +149 @@
         int installTimeout(ScheduledAction*, int interval, bool singleShot);
 
-        bool allowsAccessFromPrivate(const KJS::JSGlobalObject*, SecurityOrigin::Reason&) const;
-        bool allowsAccessFromPrivate(const KJS::ExecState*, SecurityOrigin::Reason&) const;
-        String crossDomainAccessErrorMessage(const KJS::JSGlobalObject*, SecurityOrigin::Reason) const;
+        bool allowsAccessFromPrivate(const KJS::JSGlobalObject*) const;
+        String crossDomainAccessErrorMessage(const KJS::JSGlobalObject*) const;
 
         RefPtr<DOMWindow> m_impl;
@@ -176 +175 @@
 
     JSDOMWindow* asJSDOMWindow(KJS::JSGlobalObject*);
+    const JSDOMWindow* asJSDOMWindow(const KJS::JSGlobalObject*);
 
 } // namespace WebCore

trunk/WebCore/html/CanvasRenderingContext2D.cpp

@@ -946 +946 @@
 {
     RefPtr<SecurityOrigin> origin = SecurityOrigin::create(url);
-    SecurityOrigin::Reason reason;
-    if (!m_canvas->document()->securityOrigin()->canAccess(origin.get(), reason))
+    if (!m_canvas->document()->securityOrigin()->canAccess(origin.get()))
         m_canvas->setOriginTainted();
 }
@@ -1098 +1097 @@
         KURL url(cachedImage->url());
         RefPtr<SecurityOrigin> origin = SecurityOrigin::create(url);
-        SecurityOrigin::Reason reason;
-        originClean = m_canvas->document()->securityOrigin()->canAccess(origin.get(), reason);
+        originClean = m_canvas->document()->securityOrigin()->canAccess(origin.get());
     }
     return new CanvasPattern(image->cachedImage(), repeatX, repeatY, originClean);

trunk/WebCore/loader/FrameLoader.cpp

@@ -938 +938 @@
         document->setSecurityOrigin(forcedSecurityOrigin.get());
 
+    m_frame->domWindow()->setURL(document->url());
+    m_frame->domWindow()->setSecurityOrigin(document->securityOrigin());
+
     updatePolicyBaseURL();
 
@@ -989 +992 @@
         if (m_encoding.isEmpty()) {
             Frame* parentFrame = m_frame->tree()->parent();
-            SecurityOrigin::Reason reason;
-            if (parentFrame && parentFrame->document()->securityOrigin()->canAccess(m_frame->document()->securityOrigin(), reason))
+            if (parentFrame && parentFrame->document()->securityOrigin()->canAccess(m_frame->document()->securityOrigin()))
                 m_decoder->setEncoding(parentFrame->document()->inputEncoding(), TextResourceDecoder::DefaultEncoding);
         } else {
@@ -1773 +1775 @@
     m_opener = opener;
 
-    if (m_frame->document())
+    if (m_frame->document()) {
         m_frame->document()->initSecurityOrigin();
+        m_frame->domWindow()->setSecurityOrigin(m_frame->document()->securityOrigin());
+    }
 }
 
@@ -2445 +2449 @@
             return true;
 
-        SecurityOrigin::Reason reason;
         const SecurityOrigin* ancestorSecurityOrigin = ancestorDocument->securityOrigin();
-        if (activeSecurityOrigin->canAccess(ancestorSecurityOrigin, reason))
+        if (activeSecurityOrigin->canAccess(ancestorSecurityOrigin))
             return true;
     }

trunk/WebCore/page/DOMWindow.h

@@ -27 +27 @@
 #define DOMWindow_h
 
+#include "KURL.h"
 #include "PlatformString.h"
+#include "SecurityOrigin.h"
+#include <wtf/Forward.h>
 #include <wtf/RefCounted.h>
-#include <wtf/Forward.h>
 #include <wtf/RefPtr.h>
 
@@ -68 +70 @@
 
         void clear();
+
+        void setSecurityOrigin(SecurityOrigin* securityOrigin) { m_securityOrigin = securityOrigin; }
+        SecurityOrigin* securityOrigin() const { return m_securityOrigin.get(); }
+
+        void setURL(const KURL& url) { m_url = url; }
+        KURL url() const { return m_url; }
 
         static void adjustWindowRect(const FloatRect& screen, FloatRect& window, const FloatRect& pendingChanges);
@@ -200 +208 @@
         DOMApplicationCache* optionalApplicationCache() const { return m_applicationCache.get(); }
 #endif
-        
+
     private:
         DOMWindow(Frame*);
-        
+
+        RefPtr<SecurityOrigin> m_securityOrigin;
+        KURL m_url;
+
         Frame* m_frame;
         mutable RefPtr<Screen> m_screen;

trunk/WebCore/platform/SecurityOrigin.cpp

@@ -136 +136 @@
 }
 
-bool SecurityOrigin::canAccess(const SecurityOrigin* other, Reason& reason) const
+bool SecurityOrigin::canAccess(const SecurityOrigin* other) const
 {  
     if (FrameLoader::shouldTreatSchemeAsLocal(m_protocol))
         return true;
 
-    if (m_noAccess || other->m_noAccess) {
-        reason = SecurityOrigin::GenericMismatch;
-        return false;
-    }
+    if (m_noAccess || other->m_noAccess)
+        return false;
 
     // Here are three cases where we should permit access:
@@ -179 +177 @@
                 return true;
         } else {
-            if (m_host == other->m_host && m_port == other->m_port) {
-                reason = DomainSetInDOMMismatch;
+            if (m_host == other->m_host && m_port == other->m_port)
                 return false;
-            }
         }
     }
     
-    reason = SecurityOrigin::GenericMismatch;
     return false;
 }
@@ -197 +192 @@
 
     RefPtr<SecurityOrigin> other = SecurityOrigin::create(url);
-    Reason reason;
-    return canAccess(other.get(), reason);
+    return canAccess(other.get());
 }
 

trunk/WebCore/platform/SecurityOrigin.h

@@ -55 +55 @@
         String domain() const { return m_domain; }
         unsigned short port() const { return m_port; }
-        
-        enum Reason  {
-            GenericMismatch,
-            DomainSetInDOMMismatch
-        };
-        bool canAccess(const SecurityOrigin*, Reason&) const;
+
+        bool canAccess(const SecurityOrigin*) const;
         bool isSecureTransitionTo(const KURL&) const;