Changeset 57438 in webkit


Ignore:
Timestamp:
Apr 10, 2010 10:17:02 PM (14 years ago)
Author:
eric@webkit.org
Message:

2010-04-10 Chris Evans <cevans@chromium.org>

Reviewed by Adam Barth.

Defense in depth: make sure an SVG document in the <img> context has
a unique origin.

https://bugs.webkit.org/show_bug.cgi?id=37392

  • svg/graphics/SVGImage.cpp: (WebCore::SVGImage::dataChanged): Force the temporary rendering context into a unique origin.
  • loader/FrameLoader.h: (WebCore::FrameLoader::setForceSandboxFlags): Support for setting sandbox flags that will always be applied.
  • loader/FrameLoader.cpp: (WebCore::FrameLoader::updateSandboxFlags): Always apply any forced flags.
Location:
trunk/WebCore
Files:
4 edited

Legend:

Unmodified
Added
Removed
  • trunk/WebCore/ChangeLog

    r57436 r57438  
     12010-04-10  Chris Evans  <cevans@chromium.org>
     2
     3        Reviewed by Adam Barth.
     4
     5        Defense in depth: make sure an SVG document in the <img> context has
     6        a unique origin.
     7
     8        https://bugs.webkit.org/show_bug.cgi?id=37392
     9
     10        * svg/graphics/SVGImage.cpp:
     11        (WebCore::SVGImage::dataChanged):
     12          Force the temporary rendering context into a unique origin.
     13        * loader/FrameLoader.h:
     14        (WebCore::FrameLoader::setForceSandboxFlags):
     15          Support for setting sandbox flags that will always be applied.
     16        * loader/FrameLoader.cpp:
     17        (WebCore::FrameLoader::updateSandboxFlags):
     18          Always apply any forced flags.
     19
    1202010-04-10  Vangelis Kokkevis  <vangelis@chromium.org>
    221
  • trunk/WebCore/loader/FrameLoader.cpp

    r57313 r57438  
    204204    , m_suppressOpenerInNewFrame(false)
    205205    , m_sandboxFlags(SandboxAll)
     206    , m_forceSandboxFlags(SandboxNone)
    206207#ifndef NDEBUG
    207208    , m_didDispatchDidCommitLoad(false)
     
    40114012void FrameLoader::updateSandboxFlags()
    40124013{
    4013     SandboxFlags flags = SandboxNone;
     4014    SandboxFlags flags = m_forceSandboxFlags;
    40144015    if (Frame* parentFrame = m_frame->tree()->parent())
    40154016        flags |= parentFrame->loader()->sandboxFlags();
  • trunk/WebCore/loader/FrameLoader.h

    r56650 r57438  
    260260    bool isSandboxed(SandboxFlags mask) const { return m_sandboxFlags & mask; }
    261261    SandboxFlags sandboxFlags() const { return m_sandboxFlags; }
     262    // The following sandbox flags will be forced, regardless of changes to
     263    // the sandbox attribute of any parent frames.
     264    void setForceSandboxFlags(SandboxFlags flags) { m_forceSandboxFlags = flags; m_sandboxFlags |= flags; }
    262265
    263266    // Mixed content related functions.
     
    531534   
    532535    SandboxFlags m_sandboxFlags;
     536    SandboxFlags m_forceSandboxFlags;
    533537
    534538#ifndef NDEBUG
  • trunk/WebCore/svg/graphics/SVGImage.cpp

    r57089 r57438  
    256256        ResourceRequest fakeRequest(KURL(ParsedURLString, ""));
    257257        FrameLoader* loader = frame->loader();
     258        loader->setForceSandboxFlags(SandboxAll);
    258259        loader->load(fakeRequest, false); // Make sure the DocumentLoader is created
    259260        loader->policyChecker()->cancelCheck(); // cancel any policy checks
Note: See TracChangeset for help on using the changeset viewer.