2010-12-07 Darin Adler <darin@apple.com>
authordarin@apple.com <darin@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 8 Dec 2010 16:22:13 +0000 (16:22 +0000)
committerdarin@apple.com <darin@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 8 Dec 2010 16:22:13 +0000 (16:22 +0000)
        Reviewed by Geoffrey Garen.

        Move DOMWindow::setLocation logic into DOMWindow class and out of JavaScript binding
        https://bugs.webkit.org/show_bug.cgi?id=50640

        * bindings/js/JSDOMBinding.cpp:
        (WebCore::printErrorMessageForFrame): Removed body; just call through to
        DOMWindow::printErrorMessage.

        * bindings/js/JSDOMWindowBase.cpp:
        (WebCore::JSDOMWindowBase::crossDomainAccessErrorMessage): Removed body;
        just call through to DOMWindow::crossDomainAccessErrorMessage.

        * bindings/js/JSDOMWindowCustom.cpp:
        (WebCore::JSDOMWindow::setLocation): Changed terminology to use activeFrame and
        firstFrame, rather than the older lexicalFrame and dynamicFrame. Removed most
        of the body and moved it into DOMWindow::setLocation.

        * page/DOMWindow.cpp:
        (WebCore::DOMWindow::setLocation): Added. Does all the same work that
        JSDOMWindow::setLocation used to do, but in a way that's not specific
        to JavaScript.
        (WebCore::DOMWindow::printErrorMessage): Added.
        (WebCore::DOMWindow::crossDomainAccessErrorMessage): Added.

        * page/DOMWindow.h: Added setLocation, printErrorMessage, and
        crossDomainAccessErrorMessage.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@73521 268f45cc-cd09-0410-ab3c-d52691b4dbfc

WebCore/ChangeLog
WebCore/bindings/js/JSDOMBinding.cpp
WebCore/bindings/js/JSDOMWindowBase.cpp
WebCore/bindings/js/JSDOMWindowCustom.cpp
WebCore/page/DOMWindow.cpp
WebCore/page/DOMWindow.h

index 8c7f042..91ec866 100644 (file)
@@ -1,3 +1,33 @@
+2010-12-07  Darin Adler  <darin@apple.com>
+
+        Reviewed by Geoffrey Garen.
+
+        Move DOMWindow::setLocation logic into DOMWindow class and out of JavaScript binding
+        https://bugs.webkit.org/show_bug.cgi?id=50640
+
+        * bindings/js/JSDOMBinding.cpp:
+        (WebCore::printErrorMessageForFrame): Removed body; just call through to
+        DOMWindow::printErrorMessage.
+
+        * bindings/js/JSDOMWindowBase.cpp:
+        (WebCore::JSDOMWindowBase::crossDomainAccessErrorMessage): Removed body;
+        just call through to DOMWindow::crossDomainAccessErrorMessage.
+
+        * bindings/js/JSDOMWindowCustom.cpp:
+        (WebCore::JSDOMWindow::setLocation): Changed terminology to use activeFrame and
+        firstFrame, rather than the older lexicalFrame and dynamicFrame. Removed most
+        of the body and moved it into DOMWindow::setLocation.
+
+        * page/DOMWindow.cpp:
+        (WebCore::DOMWindow::setLocation): Added. Does all the same work that
+        JSDOMWindow::setLocation used to do, but in a way that's not specific
+        to JavaScript.
+        (WebCore::DOMWindow::printErrorMessage): Added.
+        (WebCore::DOMWindow::crossDomainAccessErrorMessage): Added.
+
+        * page/DOMWindow.h: Added setLocation, printErrorMessage, and
+        crossDomainAccessErrorMessage.
+
 2010-12-08  Alejandro G. Castro  <alex@igalia.com>
 
         Unreviewed, rolling out r73494.
index 0d94b44..4aca314 100644 (file)
@@ -697,16 +697,7 @@ void printErrorMessageForFrame(Frame* frame, const String& message)
 {
     if (!frame)
         return;
-    if (message.isEmpty())
-        return;
-
-    Settings* settings = frame->settings();
-    if (!settings)
-        return;
-    if (settings->privateBrowsingEnabled())
-        return;
-
-    frame->domWindow()->console()->addMessage(JSMessageSource, LogMessageType, ErrorMessageLevel, message, 1, String()); // FIXME: provide a real line number and source URL.
+    frame->domWindow()->printErrorMessage(message);
 }
 
 Frame* toLexicalFrame(ExecState* exec)
index ad4e2f7..0bd9c0b 100644 (file)
@@ -77,14 +77,7 @@ ScriptExecutionContext* JSDOMWindowBase::scriptExecutionContext() const
 
 String JSDOMWindowBase::crossDomainAccessErrorMessage(const JSGlobalObject* other) const
 {
-    KURL originURL = asJSDOMWindow(other)->impl()->url();
-    KURL targetURL = d()->shell->window()->impl()->url();
-    if (originURL.isNull() || targetURL.isNull())
-        return String();
-
-    // FIXME: this error message should contain more specifics of why the same origin check has failed.
-    return makeString("Unsafe JavaScript attempt to access frame with URL ", targetURL.string(),
-                      " from frame with URL ", originURL.string(), ". Domains, protocols and ports must match.\n");
+    return impl()->crossDomainAccessErrorMessage(asJSDOMWindow(other)->impl()->frame());
 }
 
 void JSDOMWindowBase::printErrorMessage(const String& message) const
index 9048120..aeb6bab 100644 (file)
 #include "HTMLDocument.h"
 #include "History.h"
 #include "JSAudioConstructor.h"
-
-#if ENABLE(WEB_AUDIO)
-#include "JSAudioContext.h"
-#endif
-
 #include "JSDOMWindowShell.h"
 #include "JSEvent.h"
 #include "JSEventListener.h"
 #include "JSMessagePort.h"
 #include "JSMessagePortCustom.h"
 #include "JSOptionConstructor.h"
-
-#if ENABLE(SHARED_WORKERS)
-#include "JSSharedWorker.h"
-#endif
-
-#if ENABLE(3D_CANVAS) || ENABLE(BLOB)
-#include "JSArrayBuffer.h"
-#include "JSDataView.h"
-#include "JSInt8Array.h"
-#include "JSUint8Array.h"
-#include "JSInt32Array.h"
-#include "JSUint32Array.h"
-#include "JSInt16Array.h"
-#include "JSUint16Array.h"
-#include "JSFloat32Array.h"
-#endif
 #include "JSWebKitCSSMatrix.h"
 #include "JSWebKitPoint.h"
-#if ENABLE(WEB_SOCKETS)
-#include "JSWebSocket.h"
-#endif
 #include "JSWorker.h"
 #include "JSXMLHttpRequest.h"
 #include "JSXSLTProcessor.h"
 #include <runtime/PrototypeFunction.h>
 #include <wtf/text/AtomicString.h>
 
+#if ENABLE(3D_CANVAS) || ENABLE(BLOB)
+#include "JSArrayBuffer.h"
+#include "JSDataView.h"
+#include "JSFloat32Array.h"
+#include "JSInt16Array.h"
+#include "JSInt32Array.h"
+#include "JSInt8Array.h"
+#include "JSUint16Array.h"
+#include "JSUint32Array.h"
+#include "JSUint8Array.h"
+#endif
+
+#if ENABLE(SHARED_WORKERS)
+#include "JSSharedWorker.h"
+#endif
+
+#if ENABLE(WEB_AUDIO)
+#include "JSAudioContext.h"
+#endif
+
+#if ENABLE(WEB_SOCKETS)
+#include "JSWebSocket.h"
+#endif
+
 using namespace JSC;
 
 namespace WebCore {
@@ -490,15 +490,18 @@ JSValue JSDOMWindow::location(ExecState* exec) const
 
 void JSDOMWindow::setLocation(ExecState* exec, JSValue value)
 {
-    Frame* lexicalFrame = toLexicalFrame(exec);
-    if (!lexicalFrame)
+    Frame* activeFrame = toLexicalFrame(exec);
+    if (!activeFrame)
+        return;
+    Frame* firstFrame = toDynamicFrame(exec);
+    if (!firstFrame)
         return;
 
 #if ENABLE(DASHBOARD_SUPPORT)
     // To avoid breaking old widgets, make "var location =" in a top-level frame create
     // a property named "location" instead of performing a navigation (<rdar://problem/5688039>).
-    if (Settings* settings = lexicalFrame->settings()) {
-        if (settings->usesDashboardBackwardCompatibilityMode() && !lexicalFrame->tree()->parent()) {
+    if (Settings* settings = activeFrame->settings()) {
+        if (settings->usesDashboardBackwardCompatibilityMode() && !activeFrame->tree()->parent()) {
             if (allowsAccessFrom(exec))
                 putDirect(Identifier(exec, "location"), value);
             return;
@@ -506,21 +509,11 @@ void JSDOMWindow::setLocation(ExecState* exec, JSValue value)
     }
 #endif
 
-    Frame* frame = impl()->frame();
-    ASSERT(frame);
-
-    KURL url = completeURL(exec, ustringToString(value.toString(exec)));
-    if (url.isNull())
-        return;
-
-    if (!shouldAllowNavigation(exec, frame))
+    UString locationString = value.toString(exec);
+    if (exec->hadException())
         return;
 
-    if (!protocolIsJavaScript(url) || allowsAccessFrom(exec)) {
-        // We want a new history item if this JS was called via a user gesture.
-        frame->navigationScheduler()->scheduleLocationChange(lexicalFrame->document()->securityOrigin(),
-            url, lexicalFrame->loader()->outgoingReferrer(), !lexicalFrame->script()->anyPageIsProcessingUserGesture(), false);
-    }
+    impl()->setLocation(ustringToString(locationString), activeFrame, firstFrame);
 }
 
 JSValue JSDOMWindow::crypto(ExecState*) const
index ebb3db5..8453674 100644 (file)
@@ -1618,4 +1618,61 @@ void DOMWindow::revokeObjectURL(const String& blobURLString)
 }
 #endif
 
+void DOMWindow::setLocation(const String& location, Frame* activeFrame, Frame* firstFrame)
+{
+    if (!activeFrame)
+        return;
+    if (!firstFrame)
+        return;
+
+    KURL locationURL = firstFrame->loader()->completeURL(location);
+    if (locationURL.isNull())
+        return;
+
+    if (!activeFrame->loader()->shouldAllowNavigation(m_frame))
+        return;
+
+    if (protocolIsJavaScript(locationURL)) {
+        // FIXME: Is there some way to eliminate the need for a separate "activeFrame != m_frame" check?
+        // FIXME: The name canAccess seems to be a roundabout way to ask "can execute script".
+        // Can we name the SecurityOrigin function better to make this more clear?
+        if (activeFrame != m_frame && !activeFrame->domWindow()->securityOrigin()->canAccess(securityOrigin())) {
+            printErrorMessage(crossDomainAccessErrorMessage(activeFrame));
+            return;
+        }
+    }
+
+    // We want a new history item if we are processing a user gesture.
+    m_frame->navigationScheduler()->scheduleLocationChange(activeFrame->document()->securityOrigin(),
+        locationURL, activeFrame->loader()->outgoingReferrer(),
+        !activeFrame->script()->anyPageIsProcessingUserGesture(), false);
+}
+
+void DOMWindow::printErrorMessage(const String& message)
+{
+    if (message.isEmpty())
+        return;
+
+    Settings* settings = m_frame->settings();
+    if (!settings)
+        return;
+    if (settings->privateBrowsingEnabled())
+        return;
+
+    // FIXME: Add arguments so that we can provide a correct source URL and line number.
+    console()->addMessage(JSMessageSource, LogMessageType, ErrorMessageLevel, message, 1, String());
+}
+
+String DOMWindow::crossDomainAccessErrorMessage(Frame* activeFrame)
+{
+    const KURL& activeFrameURL = activeFrame->domWindow()->url();
+    if (activeFrameURL.isNull())
+        return String();
+
+    // FIXME: This error message should contain more specifics of why the same origin check has failed.
+    // Perhaps we should involve the security origin object in composing it.
+    return makeString("Unsafe JavaScript attempt to access frame with URL ", m_url.string(),
+        " from frame with URL ", activeFrameURL.string(), ". Domains, protocols and ports must match.");
+}
+
 } // namespace WebCore
index 68b21ff..332109c 100644 (file)
@@ -141,6 +141,8 @@ namespace WebCore {
 #endif
         Location* location() const;
 
+        void setLocation(const String& location, Frame* activeFrame, Frame* firstFrame);
+
         DOMSelection* getSelection();
 
         Element* frameElement() const;
@@ -226,6 +228,9 @@ namespace WebCore {
 
         Console* console() const;
 
+        void printErrorMessage(const String&);
+        String crossDomainAccessErrorMessage(Frame* activeFrame);
+
 #if ENABLE(OFFLINE_WEB_APPLICATIONS)
         DOMApplicationCache* applicationCache() const;
 #endif