Rewire the same-origin checks for the JavaScriptCore bindings through BindingSecurity
authorabarth@webkit.org <abarth@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 9 Aug 2012 00:41:02 +0000 (00:41 +0000)
committerabarth@webkit.org <abarth@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 9 Aug 2012 00:41:02 +0000 (00:41 +0000)
https://bugs.webkit.org/show_bug.cgi?id=93382

Reviewed by Eric Seidel.

This patch rewires the same-origin policy checks in the JavaScriptCore
bindings to use the implementation in BindingSecurity.cpp, which is now
shared by JavaScriptCore and V8. There are still a few places were we
use the JSDOMWindowCustom-based code path, but I plan to change those
in a follow up patch in the interest of keeping this patch as small as
possible.

This patch as two main benefits:

1) We no longer need to maintain duplicate code in the JSC and the V8
   bindings for as delicate an area as the same-origin check.
   Previously, the two implementations accomplished the same task using
   a slightly different mechansim. After this patch, they use the same
   mechanism, which means we only need to convince ourselves that one
   implementation is correct.

2) This patch will make it easier to remove DOMWindow::m_securityOrigin
   because there will be only one piece of code that needs to change.
   Prior to this patch, we would have had to change both
   implementations of the same-origin policy not to rely upon
   DOMWindow::m_securityOrigin.

* bindings/js/BindingState.cpp:
(WebCore::immediatelyReportUnsafeAccessTo):
(WebCore):
* bindings/js/BindingState.h:
(WebCore):
* bindings/js/JSDOMBinding.cpp:
(WebCore::shouldAllowAccessToNode):
(WebCore::shouldAllowAccessToFrame):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@125126 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Source/WebCore/CMakeLists.txt
Source/WebCore/ChangeLog
Source/WebCore/bindings/js/BindingState.cpp
Source/WebCore/bindings/js/BindingState.h
Source/WebCore/bindings/js/JSDOMBinding.cpp

index dd3f610..02364d7 100644 (file)
@@ -973,6 +973,7 @@ SET(WebCore_SOURCES
     bindings/ScriptControllerBase.cpp
 
     bindings/generic/ActiveDOMCallback.cpp
+    bindings/generic/BindingSecurity.cpp
     bindings/generic/RuntimeEnabledFeatures.cpp
 
     css/CSSAspectRatioValue.cpp
index 676c626..e37c1dd 100644 (file)
@@ -1,3 +1,41 @@
+2012-08-08  Adam Barth  <abarth@webkit.org>
+
+        Rewire the same-origin checks for the JavaScriptCore bindings through BindingSecurity
+        https://bugs.webkit.org/show_bug.cgi?id=93382
+
+        Reviewed by Eric Seidel.
+
+        This patch rewires the same-origin policy checks in the JavaScriptCore
+        bindings to use the implementation in BindingSecurity.cpp, which is now
+        shared by JavaScriptCore and V8. There are still a few places were we
+        use the JSDOMWindowCustom-based code path, but I plan to change those
+        in a follow up patch in the interest of keeping this patch as small as
+        possible.
+
+        This patch as two main benefits:
+
+        1) We no longer need to maintain duplicate code in the JSC and the V8
+           bindings for as delicate an area as the same-origin check.
+           Previously, the two implementations accomplished the same task using
+           a slightly different mechansim. After this patch, they use the same
+           mechanism, which means we only need to convince ourselves that one
+           implementation is correct.
+
+        2) This patch will make it easier to remove DOMWindow::m_securityOrigin
+           because there will be only one piece of code that needs to change.
+           Prior to this patch, we would have had to change both
+           implementations of the same-origin policy not to rely upon
+           DOMWindow::m_securityOrigin.
+
+        * bindings/js/BindingState.cpp:
+        (WebCore::immediatelyReportUnsafeAccessTo):
+        (WebCore):
+        * bindings/js/BindingState.h:
+        (WebCore):
+        * bindings/js/JSDOMBinding.cpp:
+        (WebCore::shouldAllowAccessToNode):
+        (WebCore::shouldAllowAccessToFrame):
+
 2012-08-08  Brady Eidson  <beidson@apple.com>
 
         Google search query text reverts to original search query after multiple searches
index 825468b..72a2a8a 100644 (file)
@@ -47,4 +47,9 @@ DOMWindow* firstDOMWindow(ExecState* exec)
     return asJSDOMWindow(exec->dynamicGlobalObject())->impl();
 }
 
+void immediatelyReportUnsafeAccessTo(ExecState* exec, Document* target)
+{
+    printErrorMessageForFrame(target->frame(), target->domWindow()->crossDomainAccessErrorMessage(activeDOMWindow(exec)));
+}
+
 }
index 281b9b3..de130fe 100644 (file)
@@ -48,7 +48,7 @@ DOMWindow* firstDOMWindow(BindingState*);
 inline Frame* activeFrame(BindingState*) { return 0; }
 inline Frame* firstFrame(BindingState*) { return 0; }
 
-inline void immediatelyReportUnsafeAccessTo(BindingState*, Document*) { }
+void immediatelyReportUnsafeAccessTo(BindingState*, Document* target);
 
 }
 
index e07a932..368950d 100644 (file)
@@ -21,6 +21,7 @@
 #include "config.h"
 #include "JSDOMBinding.h"
 
+#include "BindingSecurity.h"
 #include "DOMObjectHashTableMap.h"
 #include "DOMStringList.h"
 #include "ExceptionCode.h"
@@ -223,23 +224,22 @@ void setDOMException(ExecState* exec, ExceptionCode ec)
 
 bool shouldAllowAccessToNode(ExecState* exec, Node* node)
 {
-    return node && shouldAllowAccessToFrame(exec, node->document()->frame());
+    return BindingSecurity::shouldAllowAccessToNode(exec, node);
 }
 
 bool shouldAllowAccessToFrame(ExecState* exec, Frame* frame)
 {
-    if (!frame)
-        return false;
-    JSDOMWindow* window = toJSDOMWindow(frame, currentWorld(exec));
-    return window && window->allowsAccessFrom(exec);
+    return BindingSecurity::shouldAllowAccessToFrame(exec, frame);
 }
 
 bool shouldAllowAccessToFrame(ExecState* exec, Frame* frame, String& message)
 {
     if (!frame)
         return false;
-    JSDOMWindow* window = toJSDOMWindow(frame, currentWorld(exec));
-    return window && window->allowsAccessFrom(exec, message);
+    bool result = BindingSecurity::shouldAllowAccessToFrame(exec, frame, DoNotReportSecurityError);
+    // FIXME: The following line of code should move somewhere that it can be shared with immediatelyReportUnsafeAccessTo.
+    message = frame->domWindow()->crossDomainAccessErrorMessage(activeDOMWindow(exec));
+    return result;
 }
 
 void printErrorMessageForFrame(Frame* frame, const String& message)