Changeset 52812 in webkit
- Timestamp:
- Jan 5, 2010 11:06:29 AM (14 years ago)
- Location:
- trunk/WebCore
- Files:
-
- 8 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/WebCore/ChangeLog
r52811 r52812 1 2010-01-05 Nate Chapin <japhet@chromium.org> 2 3 Reviewed by Adam Barth. 4 5 Move allowSetting{Frame}SrcToJavascriptUrl from V8Custom to BindingSecurity and 6 remove the v8-specific pieces. 7 8 https://bugs.webkit.org/show_bug.cgi?id=33182 9 10 * bindings/BindingSecurity.h: 11 (WebCore::::allowSettingFrameSrcToJavascriptUrl): Moved from V8CustomBinding.cpp. 12 (WebCore::::allowSettingSrcToJavascriptURL): Moved from V8CustomBinding.cpp. 13 * bindings/v8/custom/V8AttrCustom.cpp: 14 (WebCore::V8Attr::valueAccessorSetter): 15 * bindings/v8/custom/V8CustomBinding.cpp: 16 * bindings/v8/custom/V8CustomBinding.h: 17 * bindings/v8/custom/V8ElementCustom.cpp: 18 (WebCore::V8Element::setAttributeCallback): 19 (WebCore::V8Element::setAttributeNodeCallback): 20 (WebCore::V8Element::setAttributeNSCallback): 21 (WebCore::V8Element::setAttributeNodeNSCallback): 22 * bindings/v8/custom/V8HTMLFrameElementCustom.cpp: 23 (WebCore::V8HTMLFrameElement::srcAccessorSetter): 24 (WebCore::V8HTMLFrameElement::locationAccessorSetter): 25 * bindings/v8/custom/V8HTMLIFrameElementCustom.cpp: 26 (WebCore::V8HTMLIFrameElement::srcAccessorSetter): 27 1 28 2010-01-05 Adam Barth <abarth@webkit.org> 2 29 -
trunk/WebCore/bindings/generic/BindingSecurity.h
r52810 r52812 33 33 34 34 #include "BindingSecurityBase.h" 35 #include "CSSHelper.h" 36 #include "Element.h" 35 37 #include "GenericBinding.h" 38 #include "HTMLFrameElementBase.h" 36 39 37 40 namespace WebCore { … … 51 54 // current security context. 52 55 static bool checkNodeSecurity(State<Binding>*, Node* target); 56 57 static bool allowSettingFrameSrcToJavascriptUrl(State<Binding>*, HTMLFrameElementBase*, String value); 58 static bool allowSettingSrcToJavascriptURL(State<Binding>*, Element*, String name, String value); 53 59 54 60 private: … … 103 109 } 104 110 111 template <class Binding> 112 bool BindingSecurity<Binding>::allowSettingFrameSrcToJavascriptUrl(State<Binding>* state, HTMLFrameElementBase* frame, String value) 113 { 114 if (protocolIsJavaScript(deprecatedParseURL(value))) { 115 Node* contentDoc = frame->contentDocument(); 116 if (contentDoc && !checkNodeSecurity(state, contentDoc)) 117 return false; 118 } 119 return true; 120 } 121 122 template <class Binding> 123 bool BindingSecurity<Binding>::allowSettingSrcToJavascriptURL(State<Binding>* state, Element* element, String name, String value) 124 { 125 if ((element->hasTagName(HTMLNames::iframeTag) || element->hasTagName(HTMLNames::frameTag)) && equalIgnoringCase(name, "src")) 126 return allowSettingFrameSrcToJavascriptUrl(state, static_cast<HTMLFrameElementBase*>(element), value); 127 return true; 128 } 129 105 130 } 106 131 -
trunk/WebCore/bindings/v8/custom/V8AttrCustom.cpp
r52672 r52812 36 36 #include "ExceptionCode.h" 37 37 #include "V8Binding.h" 38 #include "V8BindingState.h" 38 39 #include "V8CustomBinding.h" 39 40 #include "V8Proxy.h" … … 47 48 Element* ownerElement = imp->ownerElement(); 48 49 49 if (ownerElement && ! allowSettingSrcToJavascriptURL(ownerElement, imp->name(), attrValue))50 if (ownerElement && !V8BindingSecurity::allowSettingSrcToJavascriptURL(V8BindingState::Only(), ownerElement, imp->name(), attrValue)) 50 51 return; 51 52 -
trunk/WebCore/bindings/v8/custom/V8CustomBinding.cpp
r52672 r52812 49 49 50 50 namespace WebCore { 51 52 bool allowSettingFrameSrcToJavascriptUrl(HTMLFrameElementBase* frame, String value)53 {54 if (protocolIs(deprecatedParseURL(value), "javascript")) {55 Node* contentDoc = frame->contentDocument();56 if (contentDoc && !V8BindingSecurity::checkNodeSecurity(V8BindingState::Only(), contentDoc))57 return false;58 }59 return true;60 }61 62 bool allowSettingSrcToJavascriptURL(Element* element, String name, String value)63 {64 if ((element->hasTagName(HTMLNames::iframeTag) || element->hasTagName(HTMLNames::frameTag)) && equalIgnoringCase(name, "src"))65 return allowSettingFrameSrcToJavascriptUrl(static_cast<HTMLFrameElementBase*>(element), value);66 return true;67 }68 51 69 52 // --------------- Security Checks ------------------------- -
trunk/WebCore/bindings/v8/custom/V8CustomBinding.h
r52747 r52812 79 79 class V8Proxy; 80 80 81 bool allowSettingFrameSrcToJavascriptUrl(HTMLFrameElementBase*, String value);82 bool allowSettingSrcToJavascriptURL(Element*, String name, String value);83 84 81 class V8Custom { 85 82 public: -
trunk/WebCore/bindings/v8/custom/V8ElementCustom.cpp
r52459 r52812 43 43 #include "V8Attr.h" 44 44 #include "V8Binding.h" 45 #include "V8BindingState.h" 45 46 #include "V8CustomBinding.h" 46 47 #include "V8Proxy.h" … … 57 58 String value = toWebCoreString(args[1]); 58 59 59 if (! allowSettingSrcToJavascriptURL(element, name, value))60 if (!V8BindingSecurity::allowSettingSrcToJavascriptURL(V8BindingState::Only(), element, name, value)) 60 61 return v8::Undefined(); 61 62 … … 77 78 Element* element = V8DOMWrapper::convertDOMWrapperToNode<Element>(args.Holder()); 78 79 79 if (! allowSettingSrcToJavascriptURL(element, newAttr->name(), newAttr->value()))80 if (!V8BindingSecurity::allowSettingSrcToJavascriptURL(V8BindingState::Only(), element, newAttr->name(), newAttr->value())) 80 81 return v8::Undefined(); 81 82 … … 96 97 String value = toWebCoreString(args[2]); 97 98 98 if (! allowSettingSrcToJavascriptURL(element, qualifiedName, value))99 if (!V8BindingSecurity::allowSettingSrcToJavascriptURL(V8BindingState::Only(), element, qualifiedName, value)) 99 100 return v8::Undefined(); 100 101 … … 116 117 Element* element = V8DOMWrapper::convertDOMWrapperToNode<Element>(args.Holder()); 117 118 118 if (! allowSettingSrcToJavascriptURL(element, newAttr->name(), newAttr->value()))119 if (!V8BindingSecurity::allowSettingSrcToJavascriptURL(V8BindingState::Only(), element, newAttr->name(), newAttr->value())) 119 120 return v8::Undefined(); 120 121 -
trunk/WebCore/bindings/v8/custom/V8HTMLFrameElementCustom.cpp
r52672 r52812 35 35 #include "HTMLNames.h" 36 36 #include "V8Binding.h" 37 #include "V8BindingState.h" 37 38 #include "V8CustomBinding.h" 38 39 #include "V8Proxy.h" … … 47 48 String srcValue = toWebCoreStringWithNullCheck(value); 48 49 49 if (! allowSettingFrameSrcToJavascriptUrl(frame, srcValue))50 if (!V8BindingSecurity::allowSettingFrameSrcToJavascriptUrl(V8BindingState::Only(), frame, srcValue)) 50 51 return; 51 52 … … 58 59 String locationValue = toWebCoreStringWithNullCheck(value); 59 60 60 if (! allowSettingFrameSrcToJavascriptUrl(frame, locationValue))61 if (!V8BindingSecurity::allowSettingFrameSrcToJavascriptUrl(V8BindingState::Only(), frame, locationValue)) 61 62 return; 62 63 -
trunk/WebCore/bindings/v8/custom/V8HTMLIFrameElementCustom.cpp
r52672 r52812 35 35 #include "HTMLNames.h" 36 36 #include "V8Binding.h" 37 #include "V8BindingState.h" 37 38 #include "V8CustomBinding.h" 38 39 #include "V8Proxy.h" … … 47 48 String v = toWebCoreStringWithNullCheck(value); 48 49 49 if (! allowSettingFrameSrcToJavascriptUrl(iframe, v))50 if (!V8BindingSecurity::allowSettingFrameSrcToJavascriptUrl(V8BindingState::Only(), iframe, v)) 50 51 return; 51 52
Note: See TracChangeset
for help on using the changeset viewer.