Changeset 56002 in webkit
- Timestamp:
- Mar 15, 2010 10:14:10 AM (14 years ago)
- Location:
- trunk
- Files:
-
- 14 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/LayoutTests/ChangeLog
r55998 r56002 1 2010-03-15 Patrik Persson <patrik.j.persson@ericsson.com> 2 3 Reviewed by Darin Adler. 4 5 https://bugs.webkit.org/show_bug.cgi?id=32369 6 7 Revised test of storage/databases in sandboxed iframes. 8 9 Verify that SECURITY_ERR is raised on access to 10 window.localStorage or window.openDatabase(). Also verify that 11 window.sessionStorage is now allowed in sandboxed iframes. 12 13 WebKit would previously return null references in these cases. The 14 new behavior is in accordance with HTML5: 15 16 - http://dev.w3.org/html5/webstorage/ (sections 4.2 and 4.3) 17 - http://dev.w3.org/html5/webdatabase/ (section 4.1) 18 - http://www.mail-archive.com/whatwg@lists.whatwg.org/msg19786.html 19 20 * fast/frames/resources/sandboxed-iframe-storage-disallowed.html: expect exceptions, not null 21 * fast/frames/sandboxed-iframe-storage-expected.txt: expect exceptions, not null 22 1 23 2010-03-15 Tony Chang <tony@chromium.org> 2 24 -
trunk/LayoutTests/fast/frames/resources/sandboxed-iframe-storage-disallowed.html
r55823 r56002 7 7 8 8 window.onload = function() { 9 should BeTrue("window.openDatabase('SandboxedIframeStorageDisallowed', '1.0', '', 1) == null");10 should BeTrue("window.localStorage == null");11 shouldBeTrue("window.sessionStorage == null");9 shouldThrow("window.openDatabase('SandboxedIframeStorageDisallowed', '1.0', '', 1)", "'Error: SECURITY_ERR: DOM Exception 18'"); 10 shouldThrow("window.localStorage", "'Error: SECURITY_ERR: DOM Exception 18'"); 11 shouldBeTrue("window.sessionStorage != null"); 12 12 } 13 13 -
trunk/LayoutTests/fast/frames/sandboxed-iframe-storage-expected.txt
r55823 r56002 15 15 Frame: '<!--framePath //<!--frame0-->-->' 16 16 -------- 17 PASS window.openDatabase('SandboxedIframeStorageDisallowed', '1.0', '', 1) == null is true18 PASS window.localStorage == null is true19 PASS window.sessionStorage == null is true17 PASS window.openDatabase('SandboxedIframeStorageDisallowed', '1.0', '', 1) threw exception Error: SECURITY_ERR: DOM Exception 18. 18 PASS window.localStorage threw exception Error: SECURITY_ERR: DOM Exception 18. 19 PASS window.sessionStorage != null is true 20 20 21 21 -
trunk/WebCore/ChangeLog
r55999 r56002 1 2010-03-15 Patrik Persson <patrik.j.persson@ericsson.com> 2 3 Reviewed by Darin Adler. 4 5 https://bugs.webkit.org/show_bug.cgi?id=32369 6 7 Revise iframe sandbox behavior to match the updated HTML5 spec. 8 9 - Enables window.sessionStorage in sandboxed iframes. 10 11 - Raises SECURITY_ERR exceptions when window.localStorage or 12 window.openDatabase() is blocked by iframe sandboxing. 13 14 Note: window.sessionStorage does not raise exceptions. 15 16 WebKit would previously return null references in these cases. The 17 new behavior is in accordance with HTML5: 18 19 http://dev.w3.org/html5/webstorage/ (sections 4.2 and 4.3) 20 http://dev.w3.org/html5/webdatabase/ (section 4.1) 21 http://www.mail-archive.com/whatwg@lists.whatwg.org/msg19786.html 22 23 * inspector/InspectorController.cpp: 24 (WebCore::InspectorController::selectDOMStorage): exception handling 25 * inspector/InspectorDOMStorageResource.cpp: 26 (WebCore::InspectorDOMStorageResource::handleEvent): exception handling 27 * page/DOMWindow.cpp: 28 (WebCore::DOMWindow::sessionStorage): re-enabled in iframe sandbox 29 (WebCore::DOMWindow::localStorage): raise exception rather than return null 30 (WebCore::DOMWindow::openDatabase): raise exception rather than return null 31 * page/DOMWindow.h: added exceptions to interface 32 * page/DOMWindow.idl: added exceptions to interface 33 * page/SecurityOrigin.h: 34 (WebCore::SecurityOrigin::canAccessLocalStorage): renamed function to reflect its purpose 35 * storage/StorageEventDispatcher.cpp: 36 (WebCore::StorageEventDispatcher::dispatch): exception handling 37 1 38 2010-03-15 Alexander Pavlov <apavlov@chromium.org> 2 39 -
trunk/WebCore/inspector/InspectorController.cpp
r55799 r56002 1364 1364 1365 1365 Frame* frame = storage->frame(); 1366 bool isLocalStorage = (frame->domWindow()->localStorage() == storage); 1366 ExceptionCode ec = 0; 1367 bool isLocalStorage = (frame->domWindow()->localStorage(ec) == storage && !ec); 1367 1368 int storageResourceId = 0; 1368 1369 DOMStorageResourcesMap::iterator domStorageEnd = m_domStorageResources.end(); -
trunk/WebCore/inspector/InspectorDOMStorageResource.cpp
r49830 r56002 105 105 StorageEvent* storageEvent = static_cast<StorageEvent*>(event); 106 106 Storage* storage = storageEvent->storageArea(); 107 bool isLocalStorage = storage->frame()->domWindow()->localStorage() == storage; 107 ExceptionCode ec = 0; 108 bool isLocalStorage = (storage->frame()->domWindow()->localStorage(ec) == storage && !ec); 108 109 if (isSameHostAndType(storage->frame(), isLocalStorage)) 109 110 m_frontend->updateDOMStorage(m_id); -
trunk/WebCore/page/DOMWindow.cpp
r55823 r56002 576 576 if (!document) 577 577 return 0; 578 579 if (!document->securityOrigin()->canAccessStorage())580 return 0;581 578 582 579 Page* page = document->page(); … … 593 590 } 594 591 595 Storage* DOMWindow::localStorage( ) const592 Storage* DOMWindow::localStorage(ExceptionCode& ec) const 596 593 { 597 594 if (m_localStorage) … … 602 599 return 0; 603 600 604 if (!document->securityOrigin()->canAccessStorage()) 605 return 0; 601 if (!document->securityOrigin()->canAccessLocalStorage()) { 602 ec = SECURITY_ERR; 603 return 0; 604 } 606 605 607 606 Page* page = document->page(); … … 1188 1187 1189 1188 Document* document = m_frame->document(); 1190 if (!document->securityOrigin()->canAccessDatabase()) 1191 return 0; 1189 if (!document->securityOrigin()->canAccessDatabase()) { 1190 ec = SECURITY_ERR; 1191 return 0; 1192 } 1192 1193 1193 1194 return Database::openDatabase(document, name, version, displayName, estimatedSize, creationCallback, ec); -
trunk/WebCore/page/DOMWindow.h
r55823 r56002 208 208 // HTML 5 key/value storage 209 209 Storage* sessionStorage() const; 210 Storage* localStorage( ) const;210 Storage* localStorage(ExceptionCode&) const; 211 211 #endif 212 212 -
trunk/WebCore/page/DOMWindow.idl
r55980 r56002 166 166 #if defined(ENABLE_DOM_STORAGE) && ENABLE_DOM_STORAGE 167 167 readonly attribute [EnabledAtRuntime] Storage sessionStorage; 168 readonly attribute [EnabledAtRuntime] Storage localStorage; 168 readonly attribute [EnabledAtRuntime] Storage localStorage 169 getter raises(DOMException); 169 170 #endif 170 171 #if defined(ENABLE_NOTIFICATIONS) && ENABLE_NOTIFICATIONS -
trunk/WebCore/page/SecurityOrigin.h
r55335 r56002 118 118 119 119 bool canAccessDatabase() const { return !isUnique(); } 120 bool canAccess Storage() const { return !isUnique(); }120 bool canAccessLocalStorage() const { return !isUnique(); } 121 121 bool canAccessCookies() const { return !isUnique(); } 122 122 -
trunk/WebCore/storage/StorageEventDispatcher.cpp
r53840 r56002 68 68 } 69 69 70 for (unsigned i = 0; i < frames.size(); ++i) 71 frames[i]->document()->enqueueStorageEvent(StorageEvent::create(eventNames().storageEvent, key, oldValue, newValue, sourceFrame->document()->url(), frames[i]->domWindow()->localStorage())); 70 for (unsigned i = 0; i < frames.size(); ++i) { 71 ExceptionCode ec = 0; 72 Storage* storage = frames[i]->domWindow()->localStorage(ec); 73 if (!ec) 74 frames[i]->document()->enqueueStorageEvent(StorageEvent::create(eventNames().storageEvent, key, oldValue, newValue, sourceFrame->document()->url(), storage)); 75 } 72 76 } 73 77 } -
trunk/WebKit/chromium/ChangeLog
r55998 r56002 1 2010-03-15 Patrik Persson <patrik.j.persson@ericsson.com> 2 3 Reviewed by Darin Adler. 4 5 https://bugs.webkit.org/show_bug.cgi?id=32369 6 7 Revise iframe sandbox behavior to match the updated HTML5 spec. 8 9 - Enables window.sessionStorage in sandboxed iframes. 10 11 - Raises SECURITY_ERR exceptions when window.localStorage or 12 window.openDatabase() is blocked by iframe sandboxing. 13 14 Note: window.sessionStorage does not raise exceptions. 15 16 WebKit would previously return null references in these cases. The 17 new behavior is in accordance with HTML5: 18 19 http://dev.w3.org/html5/webstorage/ (sections 4.2 and 4.3) 20 http://dev.w3.org/html5/webdatabase/ (section 4.1) 21 http://www.mail-archive.com/whatwg@lists.whatwg.org/msg19786.html 22 23 * src/StorageAreaProxy.cpp: 24 (WebCore::StorageAreaProxy::storageEvent): exception handling 25 * src/StorageEventDispatcherImpl.cpp: 26 (WebCore::StorageEventDispatcherImpl::dispatchStorageEvent): exception handling 27 1 28 2010-03-15 Tony Chang <tony@chromium.org> 2 29 -
trunk/WebKit/chromium/src/StorageAreaProxy.cpp
r55659 r56002 139 139 } 140 140 141 for (unsigned i = 0; i < frames.size(); ++i) 142 frames[i]->document()->enqueueStorageEvent(StorageEvent::create(eventNames().storageEvent, key, oldValue, newValue, sourceFrame->document()->url(), frames[i]->domWindow()->localStorage())); 141 for (unsigned i = 0; i < frames.size(); ++i) { 142 ExceptionCode ec = 0; 143 Storage* storage = frames[i]->domWindow()->localStorage(ec); 144 if (!ec) 145 frames[i]->document()->enqueueStorageEvent(StorageEvent::create(eventNames().storageEvent, key, oldValue, newValue, sourceFrame->document()->url(), storage)); 146 } 143 147 } 144 148 } -
trunk/WebKit/chromium/src/StorageEventDispatcherImpl.cpp
r50746 r56002 74 74 // FIXME: Figure out how to pass in the document URI. 75 75 for (unsigned i = 0; i < frames.size(); ++i) { 76 frames[i]->document()->dispatchWindowEvent(StorageEvent::create(eventNames().storageEvent, key, oldValue, newValue, 77 url, frames[i]->domWindow()->localStorage())); 76 ExceptionCode ec = 0; 77 Storage* storage = frames[i]->domWindow()->localStorage(ec); 78 if (!ec) 79 frames[i]->document()->dispatchWindowEvent(StorageEvent::create(eventNames().storageEvent, key, oldValue, newValue, 80 url, storage)); 78 81 } 79 82 }
Note: See TracChangeset
for help on using the changeset viewer.