WebCore:
authorweinig@apple.com <weinig@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 31 Jan 2008 19:52:42 +0000 (19:52 +0000)
committerweinig@apple.com <weinig@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 31 Jan 2008 19:52:42 +0000 (19:52 +0000)
commit454dca9d2ddc593c47e7f25f9ca6f6eebfd74216
tree992a3b7661712aec6bd0261c60ad03c626d88e6e
parentdd7c571308efd02abe8caa6ae593b3aebb4d669f
WebCore:

        Reviewed by Darin Adler.

        Fix for <rdar://problem/5708993> Mutability of the History object

        - Don't allow cross-domain get access to any of the history objects properties
          except the back(), forward() and go() methods.
        - Don't allow cross-domain put access to any of the history objects properties.
        - Don't allow cross-domain enumeration of the History or Location objects.

        Tests: http/tests/security/cross-frame-access-history-get-override.html
               http/tests/security/cross-frame-access-history-get.html
               http/tests/security/cross-frame-access-history-put.html

        * WebCore.xcodeproj/project.pbxproj:
        * bindings/js/JSDOMWindowCustom.cpp: Remove unnessary KJS::'s
        (WebCore::JSDOMWindow::customGetOwnPropertySlot):
        (WebCore::JSDOMWindow::customPut):
        (WebCore::JSDOMWindow::getPropertyNames): Moved implementation from KJS::Window now that the declaration is autogenerated
        using the new CustomGetPropertyNames.
        (WebCore::JSDOMWindow::postMessage):

        * bindings/js/JSHistoryCustom.cpp: Added.
        (WebCore::allowsAccessFromFrame):
        (WebCore::JSHistory::customGetOwnPropertySlot): Only allow getting the declared functions back(), forward() and go() from cross-domain.
        Deny all other gets.
        (WebCore::JSHistory::customPut): Don't allow putting cross-domain.
        (WebCore::JSHistory::getPropertyNames): Don't allow enumeration cross-domain.

        * bindings/js/JSLocation.cpp:
        (WebCore::allowsAccessFromFrame):
        (WebCore::JSLocation::getPropertyNames): Don't allow enumeration cross-domain.
        * bindings/js/JSLocation.h:

        * bindings/js/kjs_window.cpp:
        * bindings/js/kjs_window.h:

        * bindings/scripts/CodeGeneratorJS.pm:
        Add support for new CustomGetPropertNames extended attribute and changed the logic of CustomPutFunction
        to create an overrided put() function even if no read-write properties exist.

        * page/DOMWindow.idl: Added CustomGetPropertNames
        * page/History.idl: Added CustomGetPropertNames

LayoutTests:

        Reviewed by Darin Adler.

        Tests for <rdar://problem/5708993> Mutability of the History object

        * http/tests/security/cross-frame-access-enumeration-expected.txt:
        * http/tests/security/cross-frame-access-enumeration.html:
        * http/tests/security/cross-frame-access-history-expected.txt: Removed.
        * http/tests/security/cross-frame-access-history-get-expected.txt: Renamed from LayoutTests/http/tests/security/cross-frame-access-history-expected.txt.
        * http/tests/security/cross-frame-access-history-get-override-expected.txt: Added.
        * http/tests/security/cross-frame-access-history-get-override.html: Added.
        * http/tests/security/cross-frame-access-history-get.html: Renamed from LayoutTests/http/tests/security/cross-frame-access-history.html.
        * http/tests/security/cross-frame-access-history-put-expected.txt: Added.
        * http/tests/security/cross-frame-access-history-put.html: Added.
        * http/tests/security/cross-frame-access-history.html: Removed.
        * http/tests/security/resources/cross-frame-access.js:
        * http/tests/security/resources/cross-frame-iframe-for-enumeration-test.html:
        * http/tests/security/resources/cross-frame-iframe-for-history-get-override-test.html: Added.
        * http/tests/security/resources/cross-frame-iframe-for-history-get-test.html: Added.
        * http/tests/security/resources/cross-frame-iframe-for-history-put-test.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@29890 268f45cc-cd09-0410-ab3c-d52691b4dbfc
27 files changed:
LayoutTests/ChangeLog
LayoutTests/http/tests/security/cross-frame-access-enumeration-expected.txt
LayoutTests/http/tests/security/cross-frame-access-enumeration.html
LayoutTests/http/tests/security/cross-frame-access-history-expected.txt [deleted file]
LayoutTests/http/tests/security/cross-frame-access-history-get-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/cross-frame-access-history-get-override-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/cross-frame-access-history-get-override.html [new file with mode: 0644]
LayoutTests/http/tests/security/cross-frame-access-history-get.html [new file with mode: 0644]
LayoutTests/http/tests/security/cross-frame-access-history-put-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/cross-frame-access-history-put.html [new file with mode: 0644]
LayoutTests/http/tests/security/cross-frame-access-history.html [deleted file]
LayoutTests/http/tests/security/resources/cross-frame-access.js
LayoutTests/http/tests/security/resources/cross-frame-iframe-for-enumeration-test.html
LayoutTests/http/tests/security/resources/cross-frame-iframe-for-history-get-override-test.html [new file with mode: 0644]
LayoutTests/http/tests/security/resources/cross-frame-iframe-for-history-get-test.html [new file with mode: 0644]
LayoutTests/http/tests/security/resources/cross-frame-iframe-for-history-put-test.html [new file with mode: 0644]
WebCore/ChangeLog
WebCore/WebCore.xcodeproj/project.pbxproj
WebCore/bindings/js/JSDOMWindowCustom.cpp
WebCore/bindings/js/JSHistoryCustom.cpp [new file with mode: 0644]
WebCore/bindings/js/JSLocation.cpp
WebCore/bindings/js/JSLocation.h
WebCore/bindings/js/kjs_window.cpp
WebCore/bindings/js/kjs_window.h
WebCore/bindings/scripts/CodeGeneratorJS.pm
WebCore/page/DOMWindow.idl
WebCore/page/History.idl