Changeset 86458 in webkit

Timestamp:

May 13, 2011 1:40:23 PM (13 years ago)

Author:

abarth@webkit.org

Message:

2011-05-13 Adam Barth <​abarth@webkit.org>

Reviewed by Eric Seidel.

indexedDB is visible inside iframe sandbox
​https://bugs.webkit.org/show_bug.cgi?id=60785

• http/tests/security/no-indexeddb-from-sandbox-expected.txt: Added.
• http/tests/security/no-indexeddb-from-sandbox.html: Added.

2011-05-13 Adam Barth <​abarth@webkit.org>

Reviewed by Eric Seidel.

indexedDB is visible inside iframe sandbox
​https://bugs.webkit.org/show_bug.cgi?id=60785

We're supposed to return a null indexedDB factory when inside an iframe
sandbox.

Test: http/tests/security/no-indexeddb-from-sandbox.html

• page/DOMWindow.cpp: (WebCore::DOMWindow::webkitIndexedDB):

Location:

trunk

Files:

• LayoutTests/ChangeLog (modified) (1 diff)
• LayoutTests/http/tests/security/no-indexeddb-from-sandbox-expected.txt (added)
• LayoutTests/http/tests/security/no-indexeddb-from-sandbox.html (added)
• Source/WebCore/ChangeLog (modified) (1 diff)
• Source/WebCore/page/DOMWindow.cpp (modified) (1 diff)

trunk/LayoutTests/ChangeLog

@@ +1 @@
+2011-05-13  Adam Barth  <abarth@webkit.org>
+
+        Reviewed by Eric Seidel.
+
+        indexedDB is visible inside iframe sandbox
+        https://bugs.webkit.org/show_bug.cgi?id=60785
+
+        * http/tests/security/no-indexeddb-from-sandbox-expected.txt: Added.
+        * http/tests/security/no-indexeddb-from-sandbox.html: Added.
+
 2011-05-13  Mark Pilgrim  <pilgrim@chromium.org>
 

trunk/Source/WebCore/ChangeLog

@@ +1 @@
+2011-05-13  Adam Barth  <abarth@webkit.org>
+
+        Reviewed by Eric Seidel.
+
+        indexedDB is visible inside iframe sandbox
+        https://bugs.webkit.org/show_bug.cgi?id=60785
+
+        We're supposed to return a null indexedDB factory when inside an iframe
+        sandbox.
+
+        Test: http/tests/security/no-indexeddb-from-sandbox.html
+
+        * page/DOMWindow.cpp:
+        (WebCore::DOMWindow::webkitIndexedDB):
+
 2011-05-13  Adam Roben  <aroben@apple.com>
 

trunk/Source/WebCore/page/DOMWindow.cpp

@@ -730 +730 @@
 IDBFactory* DOMWindow::webkitIndexedDB() const
 {
-    if (m_idbFactory)
-        return m_idbFactory.get();
-
     Document* document = this->document();
     if (!document)
         return 0;
 
-    // FIXME: See if access is allowed.
-
     Page* page = document->page();
     if (!page)
         return 0;
 
-    // FIXME: See if indexedDatabase access is allowed.
-
-    m_idbFactory = IDBFactory::create(page->group().idbFactory());
+    if (!document->securityOrigin()->canAccessDatabase())
+        return 0;
+
+    if (!m_idbFactory)
+        m_idbFactory = IDBFactory::create(page->group().idbFactory());
     return m_idbFactory.get();
 }