Changeset 86837 in webkit

Timestamp:

May 19, 2011 4:47:02 AM (13 years ago)

Author:

yurys@chromium.org

Message:

2011-05-18 Yury Semikhatsky <​yurys@chromium.org>

Reviewed by Pavel Feldman.

InjectedScriptSource.js - "Don't be eval()."
​https://bugs.webkit.org/show_bug.cgi?id=60800

• inspector/console/console-eval-blocked-expected.txt: Added.
• inspector/console/console-eval-blocked.html: Added.

2011-05-18 Yury Semikhatsky <​yurys@chromium.org>

Reviewed by Pavel Feldman.

InjectedScriptSource.js - "Don't be eval()."
​https://bugs.webkit.org/show_bug.cgi?id=60800

Thanks to Adam Barth for providing JSC implementation!

InjectedScriptHost.evaluate is used to perform script evaluations for
inspector needs. This method is not affected by CSP and should fix inspector
on pages with CSP restrictions.

Test: inspector/console/console-eval-blocked.html

• bindings/js/JSInjectedScriptHostCustom.cpp: (WebCore::JSInjectedScriptHost::evaluate):
• bindings/v8/custom/V8InjectedScriptHostCustom.cpp: (WebCore::V8InjectedScriptHost::evaluateCallback): (WebCore::V8InjectedScriptHost::inspectedNodeCallback):
• inspector/InjectedScriptHost.idl:
• inspector/InjectedScriptSource.js: (.):

Location:

trunk

Files:

• LayoutTests/ChangeLog (modified) (1 diff)
• LayoutTests/inspector/console/console-eval-blocked-expected.txt (added)
• LayoutTests/inspector/console/console-eval-blocked.html (added)
• Source/JavaScriptCore/JavaScriptCore.exp (modified) (1 diff)
• Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def (modified) (1 diff)
• Source/JavaScriptCore/runtime/Executable.cpp (modified) (1 diff)
• Source/JavaScriptCore/runtime/FunctionConstructor.cpp (modified) (1 diff)
• Source/JavaScriptCore/runtime/JSGlobalObject.cpp (modified) (1 diff)
• Source/JavaScriptCore/runtime/JSGlobalObject.h (modified) (4 diffs)
• Source/WebCore/ChangeLog (modified) (1 diff)
• Source/WebCore/bindings/js/JSInjectedScriptHostCustom.cpp (modified) (2 diffs)
• Source/WebCore/bindings/js/ScriptController.cpp (modified) (1 diff)
• Source/WebCore/bindings/v8/custom/V8InjectedScriptHostCustom.cpp (modified) (2 diffs)
• Source/WebCore/inspector/InjectedScriptHost.idl (modified) (1 diff)
• Source/WebCore/inspector/InjectedScriptSource.js (modified) (5 diffs)

trunk/LayoutTests/ChangeLog

@@ +1 @@
+2011-05-18  Yury Semikhatsky  <yurys@chromium.org>
+
+        Reviewed by Pavel Feldman.
+
+        InjectedScriptSource.js - "Don't be eval()."
+        https://bugs.webkit.org/show_bug.cgi?id=60800
+
+        * inspector/console/console-eval-blocked-expected.txt: Added.
+        * inspector/console/console-eval-blocked.html: Added.
+
 2011-05-19  Chang Shu  <cshu@webkit.org>
 

trunk/Source/JavaScriptCore/JavaScriptCore.exp

@@ -156 +156 @@
 __ZN3JSC13StatementNode6setLocEii
 __ZN3JSC14JSGlobalObject10globalExecEv
-__ZN3JSC14JSGlobalObject11disableEvalEv
 __ZN3JSC14JSGlobalObject12defineGetterEPNS_9ExecStateERKNS_10IdentifierEPNS_8JSObjectEj
 __ZN3JSC14JSGlobalObject12defineSetterEPNS_9ExecStateERKNS_10IdentifierEPNS_8JSObjectEj

trunk/Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def

@@ -153 +153 @@
     ?detachThread@WTF@@YAXI@Z
     ?didTimeOut@TimeoutChecker@JSC@@QAE_NPAVExecState@2@@Z
-    ?disableEval@JSGlobalObject@JSC@@QAEXXZ
     ?dtoa@WTF@@YAXQADNAA_NAAHAAI@Z
     ?dumpSampleData@JSGlobalData@JSC@@QAEXPAVExecState@2@@Z

trunk/Source/JavaScriptCore/runtime/Executable.cpp

@@ -103 +103 @@
     JSGlobalData* globalData = &exec->globalData();
     JSGlobalObject* lexicalGlobalObject = exec->lexicalGlobalObject();
-    if (!lexicalGlobalObject->isEvalEnabled())
+    if (!lexicalGlobalObject->evalEnabled())
         return throwError(exec, createEvalError(exec, "Eval is disabled"));
     RefPtr<EvalNode> evalNode = globalData->parser->parse<EvalNode>(lexicalGlobalObject, lexicalGlobalObject->debugger(), exec, m_source, 0, isStrictMode() ? JSParseStrict : JSParseNormal, &exception);

trunk/Source/JavaScriptCore/runtime/FunctionConstructor.cpp

@@ -75 +75 @@
 JSObject* constructFunction(ExecState* exec, JSGlobalObject* globalObject, const ArgList& args, const Identifier& functionName, const UString& sourceURL, int lineNumber)
 {
-    if (!globalObject->isEvalEnabled())
+    if (!globalObject->evalEnabled())
         return throwError(exec, createEvalError(exec, "Function constructor is disabled"));
     return constructFunctionSkippingEvalEnabledCheck(exec, globalObject, args, functionName, sourceURL, lineNumber);

trunk/Source/JavaScriptCore/runtime/JSGlobalObject.cpp

@@ -377 +377 @@
 }
 
-void JSGlobalObject::disableEval()
-{
-    ASSERT(m_isEvalEnabled);
-    m_isEvalEnabled = false;
-}
-
 void JSGlobalObject::copyGlobalsFrom(RegisterFile& registerFile)
 {

trunk/Source/JavaScriptCore/runtime/JSGlobalObject.h

@@ -120 +120 @@
         SymbolTable m_symbolTable;
 
-        bool m_isEvalEnabled;
+        bool m_evalEnabled;
 
     public:
@@ -130 +130 @@
             , m_globalScopeChain()
             , m_weakRandom(static_cast<unsigned>(randomNumber() * (std::numeric_limits<unsigned>::max() + 1.0)))
-            , m_isEvalEnabled(true)
+            , m_evalEnabled(true)
         {
             COMPILE_ASSERT(JSGlobalObject::AnonymousSlotCount == 1, JSGlobalObject_has_only_a_single_slot);
@@ -145 +145 @@
             , m_globalScopeChain()
             , m_weakRandom(static_cast<unsigned>(randomNumber() * (std::numeric_limits<unsigned>::max() + 1.0)))
-            , m_isEvalEnabled(true)
+            , m_evalEnabled(true)
         {
             COMPILE_ASSERT(JSGlobalObject::AnonymousSlotCount == 1, JSGlobalObject_has_only_a_single_slot);
@@ -236 +236 @@
         virtual bool isDynamicScope(bool& requiresDynamicChecks) const;
 
-        void disableEval();
-        bool isEvalEnabled() { return m_isEvalEnabled; }
+        void setEvalEnabled(bool enabled) { m_evalEnabled = enabled; }
+        bool evalEnabled() { return m_evalEnabled; }
 
         void copyGlobalsFrom(RegisterFile&);

trunk/Source/WebCore/ChangeLog

@@ +1 @@
+2011-05-18  Yury Semikhatsky  <yurys@chromium.org>
+
+        Reviewed by Pavel Feldman.
+
+        InjectedScriptSource.js - "Don't be eval()."
+        https://bugs.webkit.org/show_bug.cgi?id=60800
+
+        Thanks to Adam Barth for providing JSC implementation!
+
+        InjectedScriptHost.evaluate is used to perform script evaluations for
+        inspector needs. This method is not affected by CSP and should fix inspector
+        on pages with CSP restrictions.
+
+        Test: inspector/console/console-eval-blocked.html
+
+        * bindings/js/JSInjectedScriptHostCustom.cpp:
+        (WebCore::JSInjectedScriptHost::evaluate):
+        * bindings/v8/custom/V8InjectedScriptHostCustom.cpp:
+        (WebCore::V8InjectedScriptHost::evaluateCallback):
+        (WebCore::V8InjectedScriptHost::inspectedNodeCallback):
+        * inspector/InjectedScriptHost.idl:
+        * inspector/InjectedScriptSource.js:
+        (.):
+
 2011-05-19  Pavel Feldman  <pfeldman@google.com>
 

trunk/Source/WebCore/bindings/js/JSInjectedScriptHostCustom.cpp

@@ -54 +54 @@
 #endif
 #include <runtime/DateInstance.h>
+#include <runtime/Error.h>
 #include <runtime/JSArray.h>
+#include <runtime/JSFunction.h>
 #include <runtime/JSLock.h>
 #include <runtime/RegExpObject.h>
@@ -73 +75 @@
     JSLock lock(SilenceAssertionsOnly);
     return ScriptValue(state->globalData(), toJS(state, deprecatedGlobalObjectForPrototype(state), node));
+}
+
+JSValue JSInjectedScriptHost::evaluate(ExecState* exec)
+{
+    JSValue expression = exec->argument(0);
+    if (!expression.isString())
+        return throwError(exec, createError(exec, "String argument expected."));
+    JSGlobalObject* globalObject = exec->lexicalGlobalObject();
+    JSFunction* evalFunction = globalObject->evalFunction();
+    CallData callData;
+    CallType callType = evalFunction->getCallData(callData);
+    if (callType == CallTypeNone)
+        return jsUndefined();
+    MarkedArgumentBuffer args;
+    args.append(expression);
+
+    bool wasEvalEnabled = globalObject->evalEnabled();
+    globalObject->setEvalEnabled(true);
+    JSValue result = JSC::call(exec, evalFunction, callType, callData, exec->globalThisValue(), args);
+    globalObject->setEvalEnabled(wasEvalEnabled);
+
+    return result;
 }
 

trunk/Source/WebCore/bindings/js/ScriptController.cpp

@@ -241 +241 @@
 void ScriptController::disableEval()
 {
-    windowShell(mainThreadNormalWorld())->window()->disableEval();
+    windowShell(mainThreadNormalWorld())->window()->setEvalEnabled(false);
 }
 

trunk/Source/WebCore/bindings/v8/custom/V8InjectedScriptHostCustom.cpp

@@ -66 +66 @@
 }
 
+v8::Handle<v8::Value> V8InjectedScriptHost::evaluateCallback(const v8::Arguments& args)
+{
+    INC_STATS("InjectedScriptHost.evaluate()");
+    if (args.Length() < 1)
+        return v8::ThrowException(v8::Exception::Error(v8::String::New("One argument expected.")));
+
+    v8::Handle<v8::String> expression = args[0]->ToString();
+    if (expression.IsEmpty())
+        return v8::ThrowException(v8::Exception::Error(v8::String::New("The argument must be a string.")));
+
+    v8::Handle<v8::Script> script = v8::Script::Compile(expression);
+    return script->Run();
+}
+
 v8::Handle<v8::Value> V8InjectedScriptHost::inspectedNodeCallback(const v8::Arguments& args)
 {
@@ -73 +87 @@
 
     InjectedScriptHost* host = V8InjectedScriptHost::toNative(args.Holder());
-    
+
     Node* node = host->inspectedNode(args[0]->ToInt32()->Value());
     if (!node)

trunk/Source/WebCore/inspector/InjectedScriptHost.idl

@@ -35 +35 @@
         void clearConsoleMessages();
 
+        [Custom] DOMObject evaluate(in DOMString text);
+
         void copyText(in DOMString text);
         [Custom] void inspect(in DOMObject objectId, in DOMObject hints);

trunk/Source/WebCore/inspector/InjectedScriptSource.js

@@ -117 +117 @@
     _parseObjectId: function(objectId)
     {
-        return eval("(" + objectId + ")");
+        return InjectedScriptHost.evaluate("(" + objectId + ")");
     },
 
@@ -132 +132 @@
     dispatch: function(methodName, args)
     {
-        var argsArray = eval("(" + args + ")");
+        var argsArray = InjectedScriptHost.evaluate("(" + args + ")");
         var result = this[methodName].apply(this, argsArray);
         if (typeof result === "undefined") {
@@ -200 +200 @@
             // not call frame while on a breakpoint.
             // TODO: bring evaluation against call frame back.
-            var result = inspectedWindow.eval("(" + expression + ")");
+            var result = InjectedScriptHost.evaluate("(" + expression + ")");
             // Store the result in the property.
             object[propertyName] = result;
         } catch(e) {
             try {
-                var result = inspectedWindow.eval("\"" + expression.replace(/"/g, "\\\"") + "\"");
+                var result = InjectedScriptHost.evaluate("\"" + expression.replace(/"/g, "\\\"") + "\"");
                 object[propertyName] = result;
             } catch(e) {
@@ -246 +246 @@
     evaluate: function(expression, objectGroup, injectCommandLineAPI)
     {
-        return this._evaluateAndWrap(inspectedWindow.eval, inspectedWindow, expression, objectGroup, false, injectCommandLineAPI);
+        return this._evaluateAndWrap(InjectedScriptHost.evaluate, InjectedScriptHost, expression, objectGroup, false, injectCommandLineAPI);
     },
 
@@ -316 +316 @@
     _callFrameForId: function(topCallFrame, callFrameId)
     {
-        var parsedCallFrameId = eval("(" + callFrameId + ")");
+        var parsedCallFrameId = InjectedScriptHost.evaluate("(" + callFrameId + ")");
         var ordinal = parsedCallFrameId.ordinal;
         var callFrame = topCallFrame;