2009-09-21 Adam Barth <abarth@webkit.org>
authorabarth@webkit.org <abarth@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 22 Sep 2009 05:08:37 +0000 (05:08 +0000)
committerabarth@webkit.org <abarth@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 22 Sep 2009 05:08:37 +0000 (05:08 +0000)
commit0cd043dfcc399a7af2744da69fe58faa46afc2e5
treeff6b0bc4dc01ad87980ddd0074c5adc267cc797d
parent2c725c571b58c0bf75a47a6e70150eead2530ebd
2009-09-21  Adam Barth  <abarth@webkit.org>

        Reviewed by Sam Weinig.

        Don't re-enter JavaScript after performing access checks
        https://bugs.webkit.org/show_bug.cgi?id=29531

        Moved the access check slightly later in this functions to avoid
        re-entering the JavaScript interpreter (typically via toString)
        after performing the access check.

        I can't really think of a meaningful test for this change.  It's more
        security hygiene.

        * bindings/js/JSDOMWindowCustom.cpp:
        (WebCore::JSDOMWindow::setLocation):
        (WebCore::JSDOMWindow::open):
        (WebCore::JSDOMWindow::showModalDialog):
        * bindings/js/JSLocationCustom.cpp:
        (WebCore::JSLocation::setHref):
        (WebCore::JSLocation::replace):
        (WebCore::JSLocation::assign):
        * bindings/v8/custom/V8DOMWindowCustom.cpp:
        (WebCore::V8Custom::WindowSetTimeoutImpl):
        (WebCore::if):
        (CALLBACK_FUNC_DECL):
        (V8Custom::WindowSetLocation):
        (V8Custom::ClearTimeoutImpl):
        * bindings/v8/custom/V8LocationCustom.cpp:
        (WebCore::ACCESSOR_SETTER):
        (WebCore::CALLBACK_FUNC_DECL):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@48619 268f45cc-cd09-0410-ab3c-d52691b4dbfc
WebCore/ChangeLog
WebCore/bindings/js/JSDOMWindowCustom.cpp
WebCore/bindings/js/JSLocationCustom.cpp
WebCore/bindings/v8/custom/V8DOMWindowCustom.cpp
WebCore/bindings/v8/custom/V8LocationCustom.cpp