Return null when shouldAllowAccessToNode() fails
authorharaken@chromium.org <haraken@chromium.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 14 Mar 2012 07:06:03 +0000 (07:06 +0000)
committerharaken@chromium.org <haraken@chromium.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 14 Mar 2012 07:06:03 +0000 (07:06 +0000)
commit8ca18cb994545fc7415077b639603e5f74bfb885
tree776ca513e4cdea70d35c7553bd611a5c12ec866f
parent7ae672ef087155dacea66456f2833979d530f08f
Return null when shouldAllowAccessToNode() fails
https://bugs.webkit.org/show_bug.cgi?id=80205

Reviewed by Adam Barth.

shouldAllowAccessToNode() is used for window.frameElement, HTMLFrameElement.contentDocument,
and getSVGDocument(). The spec of window.frameElement and HTMLFrameElement.contentDocument
requires that they should return null when the security check fails.
Thus this patch changes the return value from undefined to null.

http://www.whatwg.org/specs/web-apps/current-work/multipage/browsers.html#navigating-nested-browsing-contexts-in-the-dom
http://www.whatwg.org/specs/web-apps/current-work/multipage/the-iframe-element.html#dom-iframe-contentdocument

Source/WebCore:

Tests: http/tests/security/local-iFrame-from-remote.html
       http/tests/security/cross-frame-access-frameelement.html
       http/tests/security/cross-frame-access-put.html

* bindings/scripts/CodeGeneratorJS.pm:
(GenerateImplementation):
* bindings/scripts/CodeGeneratorV8.pm:
(GenerateNormalAttrGetter):
(GenerateFunctionCallback):

* bindings/scripts/test/JS/JSTestObj.cpp: Updated run-bindings-tests results.
(WebCore::jsTestObjContentDocument):
(WebCore::jsTestObjPrototypeFunctionGetSVGDocument):
* bindings/scripts/test/V8/V8TestObj.cpp:
(WebCore::TestObjInternal::contentDocumentAttrGetter):
(WebCore::TestObjInternal::getSVGDocumentCallback):

LayoutTests:

* http/tests/security/cross-frame-access-frameelement-expected.txt:
* http/tests/security/local-iFrame-from-remote.html:
* platform/chromium/http/tests/security/cross-frame-access-put-expected.txt:
* platform/gtk/http/tests/security/cross-frame-access-put-expected.txt:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@110667 268f45cc-cd09-0410-ab3c-d52691b4dbfc
LayoutTests/ChangeLog
LayoutTests/http/tests/security/cross-frame-access-frameelement-expected.txt
LayoutTests/http/tests/security/local-iFrame-from-remote.html
LayoutTests/platform/chromium/http/tests/security/cross-frame-access-put-expected.txt
LayoutTests/platform/gtk/http/tests/security/cross-frame-access-put-expected.txt
Source/WebCore/ChangeLog
Source/WebCore/bindings/scripts/CodeGeneratorJS.pm
Source/WebCore/bindings/scripts/CodeGeneratorV8.pm
Source/WebCore/bindings/scripts/test/JS/JSTestObj.cpp
Source/WebCore/bindings/scripts/test/V8/V8TestObj.cpp