Changeset 54587 in webkit
- Timestamp:
- Feb 10, 2010 12:36:58 AM (14 years ago)
- Location:
- trunk
- Files:
-
- 11 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/LayoutTests/ChangeLog
r54573 r54587 1 2010-02-10 Adam Barth <abarth@webkit.org> 2 3 Reviewed by Darin Adler. 4 5 Freeze sandbox attributes on creation 6 https://bugs.webkit.org/show_bug.cgi?id=34184 7 8 Test that allow-forms is frozen on document creation. 9 10 * fast/frames/resources/sandboxed-iframe-form-dynamic-allowed.html: Added. 11 * fast/frames/resources/sandboxed-iframe-form-dynamic-disallowed.html: Added. 12 * fast/frames/sandboxed-iframe-forms-dynamic-expected.txt: Added. 13 * fast/frames/sandboxed-iframe-forms-dynamic.html: Added. 14 1 15 2010-02-09 Csaba Osztrogonác <ossy@webkit.org> 2 16 -
trunk/WebCore/ChangeLog
r54585 r54587 1 2010-02-10 Adam Barth <abarth@webkit.org> 2 3 Reviewed by Darin Adler. 4 5 Freeze sandbox attributes on creation 6 https://bugs.webkit.org/show_bug.cgi?id=34184 7 8 This is how the spec works now. 9 10 Test: fast/frames/sandboxed-iframe-forms-dynamic.html 11 12 * bindings/ScriptControllerBase.cpp: 13 (WebCore::ScriptController::canExecuteScripts): 14 * bindings/generic/BindingDOMWindow.h: 15 (WebCore::::createWindow): 16 * bindings/js/JSDOMWindowCustom.cpp: 17 (WebCore::createWindow): 18 * dom/Document.cpp: 19 * dom/Document.h: 20 * loader/FrameLoader.cpp: 21 (WebCore::FrameLoader::submitForm): 22 (WebCore::FrameLoader::requestObject): 23 (WebCore::FrameLoader::shouldAllowNavigation): 24 (WebCore::FrameLoader::updateSandboxFlags): 25 * page/SecurityOrigin.cpp: 26 * page/SecurityOrigin.h: 27 1 28 2010-02-09 Ariya Hidayat <ariya.hidayat@gmail.com> 2 29 -
trunk/WebCore/bindings/ScriptControllerBase.cpp
r53046 r54587 34 34 bool ScriptController::canExecuteScripts() 35 35 { 36 // FIXME: We should get this information from the document instead of the frame. 36 37 if (m_frame->loader()->isSandboxed(SandboxScripts)) 37 38 return false; -
trunk/WebCore/bindings/generic/BindingDOMWindow.h
r52810 r54587 36 36 #include "GenericBinding.h" 37 37 #include "Page.h" 38 #include "SecurityOrigin.h" 38 39 39 40 namespace WebCore { … … 69 70 ASSERT(enteredFrame); 70 71 71 // Sandboxed iframes cannot open new auxiliary browsing contexts. 72 if (callingFrame && callingFrame->loader()->isSandboxed(SandboxNavigation)) 73 return 0; 72 if (Document* callingDocument = callingFrame->document()) { 73 // Sandboxed iframes cannot open new auxiliary browsing contexts. 74 if (callingDocument->securityOrigin()->isSandboxed(SandboxNavigation)) 75 return 0; 76 } 74 77 75 78 ResourceRequest request; -
trunk/WebCore/bindings/js/JSDOMWindowCustom.cpp
r54400 r54587 667 667 ASSERT(dynamicFrame); 668 668 669 // Sandboxed iframes cannot open new auxiliary browsing contexts. 670 if (lexicalFrame && lexicalFrame->loader()->isSandboxed(SandboxNavigation)) 671 return 0; 669 if (Document* lexicalDocument = lexicalFrame->document()) { 670 // Sandboxed iframes cannot open new auxiliary browsing contexts. 671 if (lexicalDocument->securityOrigin()->isSandboxed(SandboxNavigation)) 672 return 0; 673 } 672 674 673 675 ResourceRequest request; -
trunk/WebCore/dom/Document.cpp
r54438 r54587 4493 4493 } 4494 4494 4495 void Document::updateSandboxFlags()4496 {4497 if (m_frame && securityOrigin())4498 securityOrigin()->setSandboxFlags(m_frame->loader()->sandboxFlags());4499 }4500 4501 4495 void Document::updateFocusAppearanceSoon(bool restorePreviousSelection) 4502 4496 { -
trunk/WebCore/dom/Document.h
r54438 r54587 916 916 void statePopped(SerializedScriptValue*); 917 917 918 void updateSandboxFlags(); // Set sandbox flags as determined by the frame.919 920 918 bool processingLoadEvent() const { return m_processingLoadEvent; } 921 919 -
trunk/WebCore/loader/FrameLoader.cpp
r54329 r54587 451 451 return; 452 452 453 if (is Sandboxed(SandboxForms))453 if (isDocumentSandboxed(SandboxForms)) 454 454 return; 455 455 … … 1279 1279 || (!settings->isJavaEnabled() && MIMETypeRegistry::isJavaAppletMIMEType(mimeType))) 1280 1280 return false; 1281 if (is Sandboxed(SandboxPlugins))1281 if (isDocumentSandboxed(SandboxPlugins)) 1282 1282 return false; 1283 1283 return loadPlugin(renderer, completedURL, mimeType, paramNames, paramValues, useFallback); … … 2242 2242 2243 2243 // A sandboxed frame can only navigate itself and its descendants. 2244 if (is Sandboxed(SandboxNavigation) && !targetFrame->tree()->isDescendantOf(m_frame))2244 if (isDocumentSandboxed(SandboxNavigation) && !targetFrame->tree()->isDescendantOf(m_frame)) 2245 2245 return false; 2246 2246 … … 3951 3951 m_sandboxFlags = flags; 3952 3952 3953 m_frame->document()->updateSandboxFlags();3954 3955 3953 for (Frame* child = m_frame->tree()->firstChild(); child; child = child->tree()->nextSibling()) 3956 3954 child->loader()->updateSandboxFlags(); 3955 } 3956 3957 bool FrameLoader::isDocumentSandboxed(SandboxFlags mask) const 3958 { 3959 return m_frame->document() && m_frame->document()->securityOrigin()->isSandboxed(mask); 3957 3960 } 3958 3961 -
trunk/WebCore/loader/FrameLoader.h
r53361 r54587 446 446 447 447 void updateSandboxFlags(); 448 448 // FIXME: isDocumentSandboxed should eventually replace isSandboxed. 449 bool isDocumentSandboxed(SandboxFlags) const; 450 449 451 Frame* m_frame; 450 452 FrameLoaderClient* m_client; -
trunk/WebCore/page/SecurityOrigin.cpp
r53423 r54587 285 285 { 286 286 m_universalAccess = true; 287 }288 289 void SecurityOrigin::setSandboxFlags(SandboxFlags flags)290 {291 // Although you might think that we should set m_isUnique based on292 // SandboxOrigin, that's not actually the right behavior. We're supposed to293 // freeze the origin of a document when it is created, even if the sandbox294 // flags change after that point in time.295 m_sandboxFlags = flags;296 287 } 297 288 -
trunk/WebCore/page/SecurityOrigin.h
r53423 r54587 115 115 void grantUniversalAccess(); 116 116 117 void setSandboxFlags(SandboxFlags);118 117 bool isSandboxed(SandboxFlags mask) const { return m_sandboxFlags & mask; } 119 118
Note: See TracChangeset
for help on using the changeset viewer.