[JSC] Don't sanitize window.onerror information on crossorigin-enabled scripts
authorcommit-queue@webkit.org <commit-queue@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 16 Nov 2012 23:30:31 +0000 (23:30 +0000)
committercommit-queue@webkit.org <commit-queue@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 16 Nov 2012 23:30:31 +0000 (23:30 +0000)
commit11ea415e14eeedb1edfd7f96c71fe335d65e98dc
tree5278c8e8624bdfa4c09c726a699d0639d07e5781
parent03c36d41b20c1858ec73590d3e1f016eaf665c88
[JSC] Don't sanitize window.onerror information on crossorigin-enabled scripts
https://bugs.webkit.org/show_bug.cgi?id=70574

Patch by Pablo Flouret <pablof@motorola.com> on 2012-11-16
Reviewed by Geoffrey Garen.

Source/WebCore:

For scripts that use CORS (via the crossorigin attribute in this case),
don't sanitize the information passed to the window's onerror handler (i.e.
message, url, and line number). Useful for scripts hosted on CDNs.

Tests: http/tests/security/script-crossorigin-onerror-information.html
       http/tests/security/script-no-crossorigin-onerror-should-be-sanitized.html

* WebCore.exp.in:
* WebCore.order:

* bindings/js/JSDOMBinding.cpp:
(WebCore::reportException):
* bindings/js/JSDOMBinding.h:
(WebCore):
* bindings/js/ScriptController.cpp:
(WebCore::ScriptController::evaluateInWorld):
* bindings/js/ScriptSourceCode.h:
(WebCore::ScriptSourceCode::ScriptSourceCode):
(WebCore::ScriptSourceCode::cachedScript):
(ScriptSourceCode):
* bindings/js/WorkerScriptController.cpp:
(WebCore::WorkerScriptController::evaluate):
    Keep a reference to the cached script in the ScriptSourceCode, so
    that it can be passed around and be available when reporting the
    exception.

* dom/ScriptExecutionContext.cpp:
(WebCore::ScriptExecutionContext::sanitizeScriptError):
(WebCore::ScriptExecutionContext::reportException):
(WebCore::ScriptExecutionContext::dispatchErrorEvent):
* dom/ScriptExecutionContext.h:
(WebCore):
(ScriptExecutionContext):
    Check if the script passes the access control checks, and if so,
    don't sanitize the error information.

* html/parser/HTMLPreloadScanner.cpp:
(WebCore::PreloadTask::processAttributes):
(WebCore::PreloadTask::preload):
(PreloadTask):
(WebCore::PreloadTask::crossOriginModeAllowsCookies):
    When preloading script elements, check for the crossorigin attribute
    and adjust the request's allowCookies value accordingly. Otherwise
    when the script is loaded from the cache later on, the cross origin mode
    (anonymous/use-credentials) will be effectively ignored.

LayoutTests:

* http/tests/security/resources/cors-script.php:
* http/tests/security/script-crossorigin-onerror-information-expected.txt: Added.
* http/tests/security/script-crossorigin-onerror-information.html: Added.
* http/tests/security/script-no-crossorigin-onerror-should-be-sanitized-expected.txt: Added.
* http/tests/security/script-no-crossorigin-onerror-should-be-sanitized.html: Added.

* platform/chromium/TestExpectations:
    This patch only deals with JSC right now, skip the new tests.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@135009 268f45cc-cd09-0410-ab3c-d52691b4dbfc
18 files changed:
LayoutTests/ChangeLog
LayoutTests/http/tests/security/resources/cors-script.php
LayoutTests/http/tests/security/script-crossorigin-onerror-information-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/script-crossorigin-onerror-information.html [new file with mode: 0644]
LayoutTests/http/tests/security/script-no-crossorigin-onerror-should-be-sanitized-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/script-no-crossorigin-onerror-should-be-sanitized.html [new file with mode: 0644]
LayoutTests/platform/chromium/TestExpectations
Source/WebCore/ChangeLog
Source/WebCore/WebCore.exp.in
Source/WebCore/WebCore.order
Source/WebCore/bindings/js/JSDOMBinding.cpp
Source/WebCore/bindings/js/JSDOMBinding.h
Source/WebCore/bindings/js/ScriptController.cpp
Source/WebCore/bindings/js/ScriptSourceCode.h
Source/WebCore/bindings/js/WorkerScriptController.cpp
Source/WebCore/dom/ScriptExecutionContext.cpp
Source/WebCore/dom/ScriptExecutionContext.h
Source/WebCore/html/parser/HTMLPreloadScanner.cpp