WebCore:
authorweinig <weinig@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 19 Oct 2007 20:53:22 +0000 (20:53 +0000)
committerweinig <weinig@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 19 Oct 2007 20:53:22 +0000 (20:53 +0000)
        Reviewed by Darin.

        Encapsulate the same origin check into the new SecurityOrigin class.

        * WebCore.xcodeproj/project.pbxproj:
        * bindings/js/kjs_window.cpp:
        (KJS::Window::isSafeScript):
        * dom/Document.cpp:
        (WebCore::Document::Document):
        (WebCore::Document::defaultEventHandler):
        * dom/Document.h:
        (WebCore::Document::securityOrigin):
        * loader/FrameLoader.cpp:
        (WebCore::FrameLoader::begin):
        (WebCore::FrameLoader::setOpener):
        * loader/FrameLoader.h:
        * platform/SecurityOrigin.cpp: Added.
        (WebCore::SecurityOrigin::SecurityOrigin):
        (WebCore::SecurityOrigin::clear):
        (WebCore::SecurityOrigin::isEmpty):
        (WebCore::SecurityOrigin::setForFrame):
        (WebCore::SecurityOrigin::setDomainFromDOM):
        (WebCore::SecurityOrigin::allowsAccessFrom):
        (WebCore::SecurityOrigin::isSecureTransitionTo):
        * platform/SecurityOrigin.h: Added.

LayoutTests:

        Reviewed by Darin.

        Update results after changing the warning message in isSafeScript to print the frame URL
        rather than the security domain URL.  This now also prints the warning when using data:
        URLs because we no longer return early.

        * http/tests/security/dataURL/xss-DENIED-from-data-url-sub-frame-2-level-expected.txt:
        * http/tests/security/dataURL/xss-DENIED-from-data-url-sub-frame-expected.txt:
        * http/tests/security/dataURL/xss-DENIED-from-data-url-sub-frame-to-data-url-sub-frame-expected.txt:
        * http/tests/security/dataURL/xss-DENIED-from-javascript-url-window-open-expected.txt:
        * http/tests/security/dataURL/xss-DENIED-to-data-url-from-data-url-expected.txt:
        * http/tests/security/dataURL/xss-DENIED-to-data-url-sub-frame-2-level-expected.txt:
        * http/tests/security/dataURL/xss-DENIED-to-data-url-sub-frame-expected.txt:
        * http/tests/security/dataURL/xss-DENIED-to-data-url-sub-frame-uppercase-expected.txt:
        * http/tests/security/dataURL/xss-DENIED-to-data-url-window-open-expected.txt:
        * http/tests/security/javascriptURL/xss-DENIED-from-javascipt-url-in-foreign-domain-subframe-expected.txt:
        * http/tests/security/javascriptURL/xss-DENIED-from-javascipt-url-in-foreign-domain-window-open-expected.txt:
        * http/tests/security/javascriptURL/xss-DENIED-to-javascipt-url-in-foreign-domain-subframe-expected.txt:
        * http/tests/security/javascriptURL/xss-DENIED-to-javascipt-url-in-foreign-domain-window-open-expected.txt:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@26780 268f45cc-cd09-0410-ab3c-d52691b4dbfc

23 files changed:
LayoutTests/ChangeLog
LayoutTests/http/tests/security/dataURL/xss-DENIED-from-data-url-sub-frame-2-level-expected.txt
LayoutTests/http/tests/security/dataURL/xss-DENIED-from-data-url-sub-frame-expected.txt
LayoutTests/http/tests/security/dataURL/xss-DENIED-from-data-url-sub-frame-to-data-url-sub-frame-expected.txt
LayoutTests/http/tests/security/dataURL/xss-DENIED-from-javascript-url-window-open-expected.txt
LayoutTests/http/tests/security/dataURL/xss-DENIED-to-data-url-from-data-url-expected.txt
LayoutTests/http/tests/security/dataURL/xss-DENIED-to-data-url-sub-frame-2-level-expected.txt
LayoutTests/http/tests/security/dataURL/xss-DENIED-to-data-url-sub-frame-expected.txt
LayoutTests/http/tests/security/dataURL/xss-DENIED-to-data-url-sub-frame-uppercase-expected.txt
LayoutTests/http/tests/security/dataURL/xss-DENIED-to-data-url-window-open-expected.txt
LayoutTests/http/tests/security/javascriptURL/xss-DENIED-from-javascipt-url-in-foreign-domain-subframe-expected.txt
LayoutTests/http/tests/security/javascriptURL/xss-DENIED-from-javascipt-url-in-foreign-domain-window-open-expected.txt
LayoutTests/http/tests/security/javascriptURL/xss-DENIED-to-javascipt-url-in-foreign-domain-subframe-expected.txt
LayoutTests/http/tests/security/javascriptURL/xss-DENIED-to-javascipt-url-in-foreign-domain-window-open-expected.txt
WebCore/ChangeLog
WebCore/WebCore.xcodeproj/project.pbxproj
WebCore/bindings/js/kjs_window.cpp
WebCore/dom/Document.cpp
WebCore/dom/Document.h
WebCore/loader/FrameLoader.cpp
WebCore/loader/FrameLoader.h
WebCore/platform/SecurityOrigin.cpp [new file with mode: 0644]
WebCore/platform/SecurityOrigin.h [new file with mode: 0644]

index e8b60b8..2272ed7 100644 (file)
@@ -1,3 +1,25 @@
+2007-10-19  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Darin.
+
+        Update results after changing the warning message in isSafeScript to print the frame URL 
+        rather than the security domain URL.  This now also prints the warning when using data:
+        URLs because we no longer return early.
+
+        * http/tests/security/dataURL/xss-DENIED-from-data-url-sub-frame-2-level-expected.txt:
+        * http/tests/security/dataURL/xss-DENIED-from-data-url-sub-frame-expected.txt:
+        * http/tests/security/dataURL/xss-DENIED-from-data-url-sub-frame-to-data-url-sub-frame-expected.txt:
+        * http/tests/security/dataURL/xss-DENIED-from-javascript-url-window-open-expected.txt:
+        * http/tests/security/dataURL/xss-DENIED-to-data-url-from-data-url-expected.txt:
+        * http/tests/security/dataURL/xss-DENIED-to-data-url-sub-frame-2-level-expected.txt:
+        * http/tests/security/dataURL/xss-DENIED-to-data-url-sub-frame-expected.txt:
+        * http/tests/security/dataURL/xss-DENIED-to-data-url-sub-frame-uppercase-expected.txt:
+        * http/tests/security/dataURL/xss-DENIED-to-data-url-window-open-expected.txt:
+        * http/tests/security/javascriptURL/xss-DENIED-from-javascipt-url-in-foreign-domain-subframe-expected.txt:
+        * http/tests/security/javascriptURL/xss-DENIED-from-javascipt-url-in-foreign-domain-window-open-expected.txt:
+        * http/tests/security/javascriptURL/xss-DENIED-to-javascipt-url-in-foreign-domain-subframe-expected.txt:
+        * http/tests/security/javascriptURL/xss-DENIED-to-javascipt-url-in-foreign-domain-window-open-expected.txt:
+
 2007-10-19  Dan Bernstein  <mitz@apple.com>
 
         Rubber-stamped by Sam Weinig.
index 73b3883..4da5559 100644 (file)
@@ -1,3 +1,5 @@
+CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://127.0.0.1:8000/security/dataURL/xss-DENIED-from-data-url-sub-frame-2-level.html from frame with URL data:text/html,%3Chtml%3E%3Cbody%3E%3Cp%3EInner-inner%20iframe.%3C/p%3E%3Cscript%3Etop.document.getElementById(%22accessMe%22).innerHTML%20=%20%22FAIL:%20Cross%20frame%20access%20from%20a%20data:%20URL%20inside%20another%20data:%20URL%20was%20allowed.%22;%3C/script%3E%3Ciframe%3E%3C/iframe%3E%3C/body%3E%3C/html%3E. Domains, protocols and ports must match.
+
 CONSOLE MESSAGE: line 1: TypeError: Undefined value
 This tests that a data: URL loaded in an iframe inside another data: URL loaded iframe doesn't have access to the main frame.
 
index 55b584c..0826fb2 100644 (file)
@@ -1,3 +1,5 @@
+CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://127.0.0.1:8000/security/dataURL/xss-DENIED-from-data-url-sub-frame.html from frame with URL data:text/html,%3Chtml%3E%3Cbody%3E%3Cp%3EInner%20iframe.%3C/p%3E%3Cscript%3Eparent.document.getElementById('accessMe').innerHTML%20=%20'FAIL:%20Cross%20frame%20access%20from%20a%20data:%20URL%20was%20allowed.';%3C/script%3E%3Ciframe%3E%3C/iframe%3E%3C/body%3E%3C/html%3E. Domains, protocols and ports must match.
+
 CONSOLE MESSAGE: line 1: TypeError: Undefined value
 This tests that a data: URL loaded in an iframe doesn't have access to its parent's frame
 
index da493e7..5885091 100644 (file)
@@ -1,3 +1,5 @@
+CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL data:text/html,%3Chtml%3E%3Cbody%3E%3Cp%3EInner%20iframe.%3C/p%3E%3Cp%20id='accessMe'%3EPass:%20Cross%20frame%20access%20from%20a%20sibling%20data:%20URL%20was%20denied.%3C/p%3E%3Ciframe%3E%3C/iframe%3E%3C/body%3E%3C/html%3E from frame with URL data:text/html,%3Chtml%3E%3Cbody%3E%3Cp%3EInner%20iframe.%3C/p%3E%3Cscript%3Eparent.frames['firstSubFrame'].document.getElementById('accessMe').innerHTML%20=%20'FAIL:%20Cross%20frame%20access%20from%20a%20sibling%20data:%20URL%20was%20allowed.';%3C/script%3E%3Ciframe%3E%3C/iframe%3E%3C/body%3E%3C/html%3E. Domains, protocols and ports must match.
+
 CONSOLE MESSAGE: line 1: TypeError: Undefined value
 This tests that a data: URL subframe can't access a sibling data: URL subframe.
 
index 2c7efa6..e5adb4f 100644 (file)
@@ -1,3 +1,7 @@
+CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL data:text/html,%3Chtml%3E%3Cbody%3E%3Cp%20id='accessMe'%3EPASS:%20Cross%20frame%20access%20from%20a%20data:%20URL%20was%20denied.%3C/p%3E%3Cp%3EInner-inner%20iframe.%3C/p%3E%3Ciframe%3E%3C/iframe%3E%3C/body%3E%3C/html%3E from frame with URL data:text/html,%3Chtml%3E%3Cbody%3E%3Ciframe%20src=%22data:text/html,%3Chtml%3E%3Cbody%3E%3Cp%20id='accessMe'%3EPASS:%20Cross%20frame%20access%20from%20a%20data:%20URL%20was%20denied.%3C/p%3E%3Cp%3EInner-inner%20iframe.%3C/p%3E%3Ciframe%3E%3C/iframe%3E%3C/body%3E%3C/html%3E%22%3E%3C/iframe%3E%3Cp%3EInner%20iframe.%3C/p%3E%3Cscript%3Evar%20innerFrame%20=%20frames[0];var%20testDone%20=%20false;setTimeout(test,%201);setTimeout(function()%20{if%20(!testDone)%20{alert('FAIL:%20Test%20timed%20out');}},%202000);function%20test()%20{var%20flag%20=%20innerFrame[0];if%20(!flag)%20{setTimeout(test,%201);return;}try%20{if%20(innerFrame.document.body%20&&%20innerFrame.document.getElementById('accessMe'))%20{innerFrame.document.getElementById('accessMe').innerHTML%20=%20'FAIL:%20Cross%20frame%20access%20from%20a%20data:%20URL%20was%20allowed.';testDone%20=%20true;return;}}%20catch%20(e)%20{}}%3C/script%3E%3C/body%3E%3C/html%3E. Domains, protocols and ports must match.
+
+CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://127.0.0.1:8000/security/dataURL/xss-DENIED-from-javascript-url-window-open.html from frame with URL data:text/html,%3Chtml%3E%3Cbody%3E%3Cp%3EOpened%20Frame.%3C/p%3E%3Cscript%3Eopener.document.getElementById('accessMe').innerHTML%20=%20'FAIL:%20Access%20from%20a%20window%20opened%20with%20a%20data:%20URL%20was%20allowed!';%3C/script%3E%3Ciframe%3E%3C/iframe%3E%3C/body%3E%3C/html%3E. Domains, protocols and ports must match.
+
 CONSOLE MESSAGE: line 1: TypeError: Undefined value
 Opener Frame
 
index 492edea..4bf20f0 100644 (file)
@@ -1,3 +1,5 @@
+CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL data:text/html,%3Chtml%3E%3Cbody%3E%3Cp%20id='accessMe'%3EPASS:%20Cross%20frame%20access%20from%20a%20data:%20URL%20was%20denied.%3C/p%3E%3Cp%3EInner%20iframe.%3C/p%3E%3Ciframe%20name='innerFrame'%20id='innerFrame'%20src='data:text/html,%3Chtml%3E%3Cbody%3E%3Cp%3EInner-inner%20iframe.%3C/p%3E%3Cscript%3Eparent.document.getElementById(%22accessMe%22).innerHTML%20=%20%22FAIL:%20Cross%20frame%20access%20from%20a%20data:%20URL%20was%20allowed.%22;%3C/script%3E%3Ciframe%3E%3C/iframe%3E%3C/body%3E%3C/html%3E'%3E%3C/iframe%3E%3C/body%3E%3C/html%3E from frame with URL data:text/html,%3Chtml%3E%3Cbody%3E%3Cp%3EInner-inner%20iframe.%3C/p%3E%3Cscript%3Eparent.document.getElementById(%22accessMe%22).innerHTML%20=%20%22FAIL:%20Cross%20frame%20access%20from%20a%20data:%20URL%20was%20allowed.%22;%3C/script%3E%3Ciframe%3E%3C/iframe%3E%3C/body%3E%3C/html%3E. Domains, protocols and ports must match.
+
 CONSOLE MESSAGE: line 1: TypeError: Undefined value
 This tests that a data: URL loaded in an iframe inside another data: URL loaded iframe doesn't have access to its parent, the first data: URL loaded iframe.
 
index 9b56a53..636334e 100644 (file)
@@ -1,3 +1,5 @@
+CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL data:text/html,%3Chtml%3E%3Cbody%3E%3Cp%20id=%22accessMe%22%3EPASS:%20Cross%20frame%20access%20to%20a%20data:%20URL%202%20levels%20deep%20was%20denied.%3C/p%3E%3Cp%3EInner-inner%20iframe.%3C/p%3E%3Ciframe%3E%3C/iframe%3E%3C/body%3E%3C/html%3E from frame with URL http://127.0.0.1:8000/security/dataURL/xss-DENIED-to-data-url-sub-frame-2-level.html. Domains, protocols and ports must match.
+
 This tests that the main frame doesn't have access to a data: URL loaded in an iframe inside another data: URL loaded iframe.
 
 
index b941cfc..4fe448b 100644 (file)
@@ -1,3 +1,5 @@
+CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL data:text/html,%3Chtml%3E%3Cbody%3E%3Cp%20id='accessMe'%3E%3C/p%3E%3Cp%3EInner%20iframe.%3C/p%3E%3C/body%3E%3C/html%3E from frame with URL http://127.0.0.1:8000/security/dataURL/xss-DENIED-to-data-url-sub-frame.html. Domains, protocols and ports must match.
+
 This tests that the main frame can't access the contents of an iframe that contains a data: URL loaded page
 
 
index fd78c63..4bea775 100644 (file)
@@ -1,3 +1,5 @@
+CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL DATA:text/html,%3Chtml%3E%3Cbody%3E%3Cp%20id='accessMe'%3E%3C/p%3E%3Cp%3EInner%20iframe.%3C/p%3E%3C/body%3E%3C/html%3E from frame with URL http://127.0.0.1:8000/security/dataURL/xss-DENIED-to-data-url-sub-frame-uppercase.html. Domains, protocols and ports must match.
+
 This tests that the main frame can't access the contents of an iframe that contains a data: URL loaded page using the uppercased variant DATA:
 
 
index 5bda90e..507d75c 100644 (file)
@@ -1,3 +1,5 @@
+CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL data:text/html,%3Chtml%3E%3Cbody%3E%3Cp%3EOpened%20Frame%3C/p%3E%3Cp%20id='accessMe'%3E%3C/p%3E%3Ciframe%3E%3C/iframe%3E%3C/body%3E%3C/html%3E from frame with URL http://127.0.0.1:8000/security/dataURL/xss-DENIED-to-data-url-window-open.html. Domains, protocols and ports must match.
+
 Opener Frame
 
 PASS: Access to a window opened with a data: URL was denied.
index d7e919c..a7b098a 100644 (file)
@@ -1,4 +1,4 @@
-CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://127.0.0.1:8000/security/javascriptURL/xss-DENIED-from-javascipt-url-in-foreign-domain-subframe.html from frame with URL http://localhost:8000/security/javascriptURL/resources/foreign-domain-javascipt-url-accessor-iframe.html. Domains, protocols and ports must match.
+CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://127.0.0.1:8000/security/javascriptURL/xss-DENIED-from-javascipt-url-in-foreign-domain-subframe.html from frame with URL about:blank. Domains, protocols and ports must match.
 
 CONSOLE MESSAGE: line 1: TypeError: Undefined value
 The scenario for this test is that you have an iframe with content from a foreign domain. In that foreign content is an iframe which loads a javascript: URL. This tests that the javascript: URL loaded iframe does not have access to the main frame using top.document.
index 571c6af..bc6a846 100644 (file)
@@ -1,4 +1,4 @@
-CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://127.0.0.1:8000/security/javascriptURL/xss-DENIED-from-javascipt-url-in-foreign-domain-window-open.html from frame with URL http://localhost:8000/security/javascriptURL/resources/foreign-domain-javascipt-url-accessor-opened-frame.html. Domains, protocols and ports must match.
+CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://127.0.0.1:8000/security/javascriptURL/xss-DENIED-from-javascipt-url-in-foreign-domain-window-open.html from frame with URL about:blank. Domains, protocols and ports must match.
 
 CONSOLE MESSAGE: line 1: TypeError: Undefined value
 Opener Frame
index 72e0513..c547533 100644 (file)
@@ -1,4 +1,4 @@
-CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/javascriptURL/resources/foreign-domain-javascipt-url-accessee-iframe.html from frame with URL http://127.0.0.1:8000/security/javascriptURL/xss-DENIED-to-javascipt-url-in-foreign-domain-subframe.html. Domains, protocols and ports must match.
+CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL about:blank from frame with URL http://127.0.0.1:8000/security/javascriptURL/xss-DENIED-to-javascipt-url-in-foreign-domain-subframe.html. Domains, protocols and ports must match.
 
 The scenario for this test is that you have an iframe with content from a foreign domain. In that foreign content is an iframe which loads a javascript: URL. This tests that this main document does not have access to that javascript: URL loaded iframe.
 
index 8e01353..118d9db 100644 (file)
@@ -1,4 +1,4 @@
-CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/javascriptURL/resources/foreign-domain-javascipt-url-accessee-opened-frame.html from frame with URL http://127.0.0.1:8000/security/javascriptURL/xss-DENIED-to-javascipt-url-in-foreign-domain-window-open.html. Domains, protocols and ports must match.
+CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL about:blank from frame with URL http://127.0.0.1:8000/security/javascriptURL/xss-DENIED-to-javascipt-url-in-foreign-domain-window-open.html. Domains, protocols and ports must match.
 
 PASS: Cross frame access to a javascript: URL embed in a frame window.open'ed on foreign domain denied!
 
index 96b00d5..360b0fe 100644 (file)
@@ -1,3 +1,31 @@
+2007-10-19  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Darin.
+
+        Encapsulate the same origin check into the new SecurityOrigin class.
+
+        * WebCore.xcodeproj/project.pbxproj:
+        * bindings/js/kjs_window.cpp:
+        (KJS::Window::isSafeScript):
+        * dom/Document.cpp:
+        (WebCore::Document::Document):
+        (WebCore::Document::defaultEventHandler):
+        * dom/Document.h:
+        (WebCore::Document::securityOrigin):
+        * loader/FrameLoader.cpp:
+        (WebCore::FrameLoader::begin):
+        (WebCore::FrameLoader::setOpener):
+        * loader/FrameLoader.h:
+        * platform/SecurityOrigin.cpp: Added.
+        (WebCore::SecurityOrigin::SecurityOrigin):
+        (WebCore::SecurityOrigin::clear):
+        (WebCore::SecurityOrigin::isEmpty):
+        (WebCore::SecurityOrigin::setForFrame):
+        (WebCore::SecurityOrigin::setDomainFromDOM):
+        (WebCore::SecurityOrigin::allowsAccessFrom):
+        (WebCore::SecurityOrigin::isSecureTransitionTo):
+        * platform/SecurityOrigin.h: Added.
+
 2007-10-19  Simon Hausmann  <hausmann@kde.org>
 
         Fix the Qt/Windows build: Added missing FontSelector.h include.
index e359c72..6501196 100644 (file)
                B2FA3E180AB75A6F000E5AC4 /* JSSVGZoomEvent.cpp in Sources */ = {isa = PBXBuildFile; fileRef = B2FA3D300AB75A6F000E5AC4 /* JSSVGZoomEvent.cpp */; };
                B2FA3E190AB75A6F000E5AC4 /* JSSVGZoomEvent.h in Headers */ = {isa = PBXBuildFile; fileRef = B2FA3D310AB75A6F000E5AC4 /* JSSVGZoomEvent.h */; };
                B402FD0B0C4C9C3900210AA6 /* BidiResolver.h in Headers */ = {isa = PBXBuildFile; fileRef = B402FD090C4C9C3900210AA6 /* BidiResolver.h */; settings = {ATTRIBUTES = (Private, ); }; };
+               BC014C740CC5579D009C4B20 /* SecurityOrigin.cpp in Sources */ = {isa = PBXBuildFile; fileRef = BC014C720CC5579D009C4B20 /* SecurityOrigin.cpp */; };
+               BC014C750CC5579D009C4B20 /* SecurityOrigin.h in Headers */ = {isa = PBXBuildFile; fileRef = BC014C730CC5579D009C4B20 /* SecurityOrigin.h */; settings = {ATTRIBUTES = (Private, ); }; };
                BC066F6F09FEB2FA00C589A7 /* WebCoreTextRenderer.h in Headers */ = {isa = PBXBuildFile; fileRef = BC066F6C09FEB2FA00C589A7 /* WebCoreTextRenderer.h */; settings = {ATTRIBUTES = (Private, ); }; };
                BC06ED060BFD5BAE00856E9D /* JSHTMLTableSectionElement.cpp in Sources */ = {isa = PBXBuildFile; fileRef = BC06ED040BFD5BAE00856E9D /* JSHTMLTableSectionElement.cpp */; };
                BC06ED070BFD5BAE00856E9D /* JSHTMLTableSectionElement.h in Headers */ = {isa = PBXBuildFile; fileRef = BC06ED050BFD5BAE00856E9D /* JSHTMLTableSectionElement.h */; };
                B2FA3D300AB75A6F000E5AC4 /* JSSVGZoomEvent.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = JSSVGZoomEvent.cpp; sourceTree = "<group>"; };
                B2FA3D310AB75A6F000E5AC4 /* JSSVGZoomEvent.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = JSSVGZoomEvent.h; sourceTree = "<group>"; };
                B402FD090C4C9C3900210AA6 /* BidiResolver.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = BidiResolver.h; sourceTree = "<group>"; };
+               BC014C720CC5579D009C4B20 /* SecurityOrigin.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = SecurityOrigin.cpp; sourceTree = "<group>"; };
+               BC014C730CC5579D009C4B20 /* SecurityOrigin.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = SecurityOrigin.h; sourceTree = "<group>"; };
                BC0564990C6ABC1000ACE412 /* character-sets.txt */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = text; path = "character-sets.txt"; sourceTree = "<group>"; };
                BC05649A0C6ABC1000ACE412 /* make-charset-table.pl */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = text.script.perl; path = "make-charset-table.pl"; sourceTree = "<group>"; };
                BC066F6C09FEB2FA00C589A7 /* WebCoreTextRenderer.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = WebCoreTextRenderer.h; sourceTree = "<group>"; };
                                93C09C850B0657AA005ABD4D /* ScrollTypes.h */,
                                BC6D6E2509AF943500F59759 /* ScrollView.h */,
                                AB7170880B3118080017123E /* SearchPopupMenu.h */,
+                               BC014C720CC5579D009C4B20 /* SecurityOrigin.cpp */,
+                               BC014C730CC5579D009C4B20 /* SecurityOrigin.h */,
                                BCFB2F3F097A24B500BA703D /* SegmentedString.cpp */,
                                BCFB2F40097A24B500BA703D /* SegmentedString.h */,
                                BCFB2E830979FD4F00BA703D /* Shared.h */,
                                A8A909AC0CBCD6B50029B807 /* RenderSVGTransformableContainer.h in Headers */,
                                BC9ADD230CC4032600098C4C /* CSSTransformValue.h in Headers */,
                                E1ED8AC30CC49BE000BFC557 /* CSSPrimitiveValueMappings.h in Headers */,
+                               BC014C750CC5579D009C4B20 /* SecurityOrigin.h in Headers */,
                        );
                        runOnlyForDeploymentPostprocessing = 0;
                };
                                A8A909AD0CBCD6B50029B807 /* RenderSVGTransformableContainer.cpp in Sources */,
                                BC9ADD800CC4092200098C4C /* CSSTransformValue.cpp in Sources */,
                                1A2E6FA40CC5795D004A2062 /* ThreadingPthreads.cpp in Sources */,
+                               BC014C740CC5579D009C4B20 /* SecurityOrigin.cpp in Sources */,
                        );
                        runOnlyForDeploymentPostprocessing = 0;
                };
index f9403bd..e76d5be 100644 (file)
@@ -56,6 +56,7 @@
 #include "PlatformScreen.h"
 #include "PlugInInfoStore.h"
 #include "RenderView.h"
+#include "SecurityOrigin.h"
 #include "Settings.h"
 #include "WindowFeatures.h"
 #include "htmlediting.h"
@@ -916,34 +917,23 @@ bool Window::isSafeScript(ExecState *exec) const
       return true;
 
   WebCore::Document* actDocument = activeFrame->document();
-  const KURL& actURL = actDocument->securityPolicyURL();
 
-  if (actURL.isLocalFile())
-    return true;
-
-  const KURL& thisURL = thisDocument->securityPolicyURL();
+  const SecurityOrigin& actSecurityOrigin = actDocument->securityOrigin();
+  const SecurityOrigin& thisSecurityOrigin = thisDocument->securityOrigin();
 
-  // data: URL's are not allowed access to anything other than themselves.
-  if (equalIgnoringCase(thisURL.protocol(), "data") || equalIgnoringCase(actURL.protocol(), "data"))
-    return false;
+  if (actSecurityOrigin.allowsAccessFrom(thisSecurityOrigin))
+    return true;
 
-  if (thisDocument->domainWasSetInDOM() && actDocument->domainWasSetInDOM()) {
-    if (thisDocument->domain() == actDocument->domain())
-      return true;
-  }
+  // FIXME: this error message should contain more specifics of why the same origin check has failed.
+  String message = String::format("Unsafe JavaScript attempt to access frame with URL %s from frame with URL %s. Domains, protocols and ports must match.\n",
+                                  thisDocument->URL().utf8().data(), actDocument->URL().utf8().data());
 
-  if (equalIgnoringCase(actURL.host(), thisURL.host()) && equalIgnoringCase(actURL.protocol(), thisURL.protocol()) && actURL.port() == thisURL.port())
-    return true;
+  if (Interpreter::shouldPrintExceptions())
+    printf("%s", message.utf8().data());
 
-  if (Interpreter::shouldPrintExceptions()) {
-      printf("Unsafe JavaScript attempt to access frame with URL %s from frame with URL %s. Domains, protocols and ports must match.\n", 
-             thisURL.url().latin1(), actURL.url().latin1());
-  }
-  String message = String::format("Unsafe JavaScript attempt to access frame with URL %s from frame with URL %s. Domains, protocols and ports must match.\n", 
-                                  thisURL.url().latin1(), actURL.url().latin1());
   if (Page* page = frame->page())
-      page->chrome()->addMessageToConsole(JSMessageSource, ErrorMessageLevel, message, 1, String());
-  
+    page->chrome()->addMessageToConsole(JSMessageSource, ErrorMessageLevel, message, 1, String());
+
   return false;
 }
 
index 6e43b64..f3e3617 100644 (file)
@@ -85,6 +85,7 @@
 #include "RenderArena.h"
 #include "RenderView.h"
 #include "RenderWidget.h"
+#include "SecurityOrigin.h"
 #include "SegmentedString.h"
 #include "SelectionController.h"
 #include "Settings.h"
@@ -263,7 +264,6 @@ Document::Document(DOMImplementation* impl, Frame* frame, bool isXHTML)
 #if ENABLE(XBL)
     , m_bindingManager(new XBLBindingManager(this))
 #endif
-    , m_domainWasSetInDOM(false)
     , m_savedRenderer(0)
     , m_secureForms(0)
     , m_designMode(inherit)
@@ -334,7 +334,7 @@ Document::Document(DOMImplementation* impl, Frame* frame, bool isXHTML)
     
     m_jsEditor = 0;
 
-    initSecurityPolicyURL();
+    initSecurityOrigin();
 
     static int docID = 0;
     m_docID = docID++;
@@ -2598,8 +2598,6 @@ String Document::domain() const
 
 void Document::setDomain(const String& newDomain)
 {
-    m_domainWasSetInDOM = true;
-
     // Not set yet (we set it on demand to save time and space)
     // Initially set to the host
     if (m_domain.isEmpty())
@@ -2624,11 +2622,12 @@ void Document::setDomain(const String& newDomain)
                 m_domain = newDomain;
         }
     }
+
+    m_securityOrigin.setDomainFromDOM(newDomain);
 }
 
 void Document::setDomainInternal(const String& newDomain)
 {
-    m_domainWasSetInDOM = false;
     m_domain = newDomain;
 }
 
@@ -3696,32 +3695,11 @@ bool Document::useSecureKeyboardEntryWhenActive() const
     return m_useSecureKeyboardEntryWhenActive;
 }
 
-void Document::initSecurityPolicyURL()
+void Document::initSecurityOrigin()
 {
     if (!m_frame)
         return;
-
-    FrameLoader* loader = m_frame->loader();
-    m_securityPolicyURL = loader->url();
-
-    // javascript: URLs create document using the "about" protocol
-    if (!m_securityPolicyURL.isEmpty() && !equalIgnoringCase(m_securityPolicyURL.protocol(), "about"))
-        return;
-
-    Frame* openerFrame = 0;
-    if (m_frame->tree()->parent())
-        openerFrame = m_frame->tree()->parent();
-    else if (loader->opener())
-        openerFrame = loader->opener();
-
-    if (!openerFrame)
-        return;
-
-    Document* openerDocument = openerFrame->document();
-    if (!openerDocument)
-        return;
-
-    m_securityPolicyURL = openerDocument->securityPolicyURL();
+    m_securityOrigin.setForFrame(m_frame);
 }
 
 void Document::updateFocusAppearanceSoon()
index b9c476a..ffb8cb8 100644 (file)
@@ -33,6 +33,7 @@
 #include "HTMLCollection.h"
 #include "HTMLFormElement.h"
 #include "KURL.h"
+#include "SecurityOrigin.h"
 #include "StringHash.h"
 #include "Timer.h"
 #include <wtf/HashCountedSet.h>
@@ -849,11 +850,9 @@ public:
     SVGDocumentExtensions* accessSVGExtensions();
 #endif
 
-    bool domainWasSetInDOM() const { return m_domainWasSetInDOM; }
+    void initSecurityOrigin();
+    const SecurityOrigin& securityOrigin() const { return m_securityOrigin; }
 
-    void initSecurityPolicyURL();
-    const KURL& securityPolicyURL() const { return m_securityPolicyURL; }
-    
     bool processingLoadEvent() const { return m_processingLoadEvent; }
 
 protected:
@@ -871,9 +870,8 @@ private:
     JSEditor* m_jsEditor;
 
     mutable String m_domain;
-    bool m_domainWasSetInDOM;
 
-    KURL m_securityPolicyURL;
+    SecurityOrigin m_securityOrigin;
 
     RenderObject* m_savedRenderer;
     int m_secureForms;
index 150af32..9d61154 100644 (file)
@@ -62,8 +62,8 @@
 #include "IconLoader.h"
 #include "InspectorController.h"
 #include "Logging.h"
-#include "MainResourceLoader.h"
 #include "MIMETypeRegistry.h"
+#include "MainResourceLoader.h"
 #include "Page.h"
 #include "PageCache.h"
 #include "ProgressTracker.h"
@@ -71,6 +71,7 @@
 #include "RenderWidget.h"
 #include "ResourceHandle.h"
 #include "ResourceRequest.h"
+#include "SecurityOrigin.h"
 #include "SegmentedString.h"
 #include "Settings.h"
 #include "SystemTime.h"
@@ -872,21 +873,6 @@ void FrameLoader::setResponseMIMEType(const String& type)
     m_responseMIMEType = type;
 }
     
-bool FrameLoader::isSecureTransition(const KURL& fromURL, const KURL& toURL)
-{ 
-    // new window created by the application
-    if (fromURL.isEmpty())
-        return true;
-    
-    if (fromURL.isLocalFile())
-        return true;
-    
-    if (equalIgnoringCase(fromURL.host(), toURL.host()) && equalIgnoringCase(fromURL.protocol(), toURL.protocol()) && fromURL.port() == toURL.port())
-        return true;
-    
-    return false;
-}
-
 void FrameLoader::begin()
 {
     begin(KURL());
@@ -894,8 +880,7 @@ void FrameLoader::begin()
 
 void FrameLoader::begin(const KURL& url, bool dispatch)
 {
-    bool resetScripting = !(m_isDisplayingInitialEmptyDocument && m_frame->document() 
-                            && isSecureTransition(m_frame->document()->securityPolicyURL(), url));
+    bool resetScripting = !(m_isDisplayingInitialEmptyDocument && m_frame->document() && m_frame->document()->securityOrigin().isSecureTransitionTo(url));
     clear(resetScripting, resetScripting);
     if (dispatch)
         dispatchWindowObjectAvailable();
@@ -1674,7 +1659,7 @@ void FrameLoader::setOpener(Frame* opener)
     m_opener = opener;
 
     if (m_frame->document())
-        m_frame->document()->initSecurityPolicyURL();
+        m_frame->document()->initSecurityOrigin();
 }
 
 bool FrameLoader::openedByDOM() const
index 0e602ff..63572ad 100644 (file)
@@ -545,8 +545,6 @@ namespace WebCore {
         void stopRedirectionTimer();
 
         void startIconLoader();
-        
-        bool isSecureTransition(const KURL& fromURL, const KURL& toURL);
 
 #if USE(LOW_BANDWIDTH_DISPLAY)
         // implementation of CachedResourceClient        
diff --git a/WebCore/platform/SecurityOrigin.cpp b/WebCore/platform/SecurityOrigin.cpp
new file mode 100644 (file)
index 0000000..391e4ee
--- /dev/null
@@ -0,0 +1,136 @@
+/*
+ * Copyright (C) 2007 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1.  Redistributions of source code must retain the above copyright
+ *     notice, this list of conditions and the following disclaimer.
+ * 2.  Redistributions in binary form must reproduce the above copyright
+ *     notice, this list of conditions and the following disclaimer in the
+ *     documentation and/or other materials provided with the distribution.
+ * 3.  Neither the name of Apple Computer, Inc. ("Apple") nor the names of
+ *     its contributors may be used to endorse or promote products derived
+ *     from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "config.h"
+#include "SecurityOrigin.h"
+
+#include "Document.h"
+#include "Frame.h"
+#include "FrameLoader.h"
+#include "FrameTree.h"
+#include "KURL.h"
+#include "PlatformString.h"
+
+namespace WebCore {
+
+SecurityOrigin::SecurityOrigin()
+    : m_port(0)
+    , m_portSet(false)
+    , m_noAccess(false)
+    , m_domainWasSetInDOM(false)
+{
+}
+
+void SecurityOrigin::clear()
+{
+    m_protocol = String();
+    m_host = String();
+    m_port = 0;
+    m_portSet = false;
+    m_noAccess = false;
+    m_domainWasSetInDOM = false;
+}
+
+bool SecurityOrigin::isEmpty() const
+{
+    return m_protocol.isEmpty();
+}
+
+void SecurityOrigin::setForFrame(Frame* frame)
+{
+    clear();
+
+    FrameLoader* loader = frame->loader();
+    const KURL& securityPolicyURL = loader->url();
+
+    if (!securityPolicyURL.isEmpty()) {
+        m_protocol = securityPolicyURL.protocol().lower();
+        m_host = securityPolicyURL.host().lower();
+        m_port = securityPolicyURL.port();
+        if (m_port)
+            m_portSet = true;
+
+        // data: URLs are not allowed access to anything other than themselves.
+        if (m_protocol == "data") {
+            m_noAccess = true;
+            return;
+        }
+
+        // Only in the case of about:blank or javascript: URLs (which create documents using the "about" 
+        // protocol) do we want to use the parent or openers URL as the origin.
+        if (m_protocol != "about")
+            return;
+    }
+
+    Frame* openerFrame = frame->tree()->parent();
+    if (!openerFrame) {
+        openerFrame = loader->opener();
+        if (!openerFrame)
+            return;
+    }
+
+    Document* openerDocument = openerFrame->document();
+    if (!openerDocument)
+        return;
+
+    *this = openerDocument->securityOrigin();
+}
+
+void SecurityOrigin::setDomainFromDOM(const String& newDomain)
+{
+    m_domainWasSetInDOM = true;
+    m_host = newDomain.lower();
+}
+
+bool SecurityOrigin::allowsAccessFrom(const SecurityOrigin& other) const
+{
+    if (m_protocol == "file")
+        return true;
+
+    if (m_noAccess || other.m_noAccess)
+        return false;
+
+    if (m_domainWasSetInDOM && other.m_domainWasSetInDOM && m_host == other.m_host)
+        return true;
+    return m_host == other.m_host && m_protocol == other.m_protocol && m_port == other.m_port;
+}
+
+bool SecurityOrigin::isSecureTransitionTo(const KURL& url) const
+{ 
+    // New window created by the application
+    if (isEmpty())
+        return true;
+
+    if (m_protocol == "file")
+        return true;
+
+    return equalIgnoringCase(m_host, String(url.host())) && equalIgnoringCase(m_protocol, String(url.protocol())) && m_port == url.port();
+}
+
+} // namespace WebCore
diff --git a/WebCore/platform/SecurityOrigin.h b/WebCore/platform/SecurityOrigin.h
new file mode 100644 (file)
index 0000000..21192ea
--- /dev/null
@@ -0,0 +1,63 @@
+/*
+ * Copyright (C) 2007 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1.  Redistributions of source code must retain the above copyright
+ *     notice, this list of conditions and the following disclaimer.
+ * 2.  Redistributions in binary form must reproduce the above copyright
+ *     notice, this list of conditions and the following disclaimer in the
+ *     documentation and/or other materials provided with the distribution.
+ * 3.  Neither the name of Apple Computer, Inc. ("Apple") nor the names of
+ *     its contributors may be used to endorse or promote products derived
+ *     from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef SecurityOrigin_h
+#define SecurityOrigin_h
+
+#include "PlatformString.h"
+
+namespace WebCore {
+
+    class Frame;
+    class KURL;
+
+    class SecurityOrigin {
+    public:
+        SecurityOrigin();
+
+        void setForFrame(Frame*);
+        void setDomainFromDOM(const String& newDomain);
+
+        bool allowsAccessFrom(const SecurityOrigin&) const;
+        bool isSecureTransitionTo(const KURL&) const;
+
+    private:
+        void clear();
+        bool isEmpty() const;
+
+        String m_protocol;
+        String m_host;
+        short m_port;
+        bool m_portSet;
+        bool m_noAccess;
+        bool m_domainWasSetInDOM;
+    };
+
+} // namespace WebCore
+
+#endif // SecurityOrigin_h