Use ASSERT_WITH_SECURITY_IMPLICATION() for NoEventDispatchAssertion
authorcdumez@apple.com <cdumez@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 21 Apr 2015 16:16:21 +0000 (16:16 +0000)
committercdumez@apple.com <cdumez@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 21 Apr 2015 16:16:21 +0000 (16:16 +0000)
commitdc5b40b96d7618c1cb94e7c04865fdc04aa70ea0
tree2bedf1a255615dd20a1d917c24a7e8bc3b8e57a7
parentb11f62b4fc79958f761d785ca8316acd2b86c5dc
Use ASSERT_WITH_SECURITY_IMPLICATION() for NoEventDispatchAssertion
https://bugs.webkit.org/show_bug.cgi?id=143971

Reviewed by Darin Adler.

Use ASSERT_WITH_SECURITY_IMPLICATION() for NoEventDispatchAssertion as
firing JS events can cause arbitrary JS execution which often leads to
security bugs when event firing is forbidden. For e.g. firing events
from ActiveDOMObject::suspend() means JS can construct or destroy
ActiveDOMObjects while we are iterating over them.

* dom/ContainerNode.cpp:
(WebCore::dispatchChildInsertionEvents):
(WebCore::dispatchChildRemovalEvents):
* dom/ContainerNodeAlgorithms.h:
(WebCore::ChildNodeInsertionNotifier::notify):
* dom/Document.cpp:
(WebCore::Document::dispatchWindowEvent):
(WebCore::Document::dispatchWindowLoadEvent):
* dom/Element.cpp:
(WebCore::Element::dispatchFocusInEvent):
(WebCore::Element::dispatchFocusOutEvent):
* dom/EventDispatcher.cpp:
(WebCore::EventDispatcher::dispatchEvent):
* dom/EventTarget.cpp:
(WebCore::EventTarget::fireEventListeners):
* dom/Node.cpp:
(WebCore::Node::dispatchSubtreeModifiedEvent):
(WebCore::Node::dispatchDOMActivateEvent):
* dom/ScriptExecutionContext.cpp:
(WebCore::ScriptExecutionContext::canSuspendActiveDOMObjectsForPageCache):
(WebCore::ScriptExecutionContext::suspendActiveDOMObjects):
(WebCore::ScriptExecutionContext::resumeActiveDOMObjects):
(WebCore::ScriptExecutionContext::stopActiveDOMObjects):
(WebCore::ScriptExecutionContext::willDestroyActiveDOMObject):
* dom/WebKitNamedFlow.cpp:
(WebCore::WebKitNamedFlow::dispatchRegionOversetChangeEvent):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@183064 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Source/WebCore/ChangeLog
Source/WebCore/dom/ContainerNode.cpp
Source/WebCore/dom/ContainerNodeAlgorithms.h
Source/WebCore/dom/Document.cpp
Source/WebCore/dom/Element.cpp
Source/WebCore/dom/EventDispatcher.cpp
Source/WebCore/dom/EventTarget.cpp
Source/WebCore/dom/Node.cpp
Source/WebCore/dom/ScriptExecutionContext.cpp
Source/WebCore/dom/WebKitNamedFlow.cpp