WebCore:
Reviewed by Darin Adler.
Fix for <rdar://problem/
5708993> Mutability of the History object
- Don't allow cross-domain get access to any of the history objects properties
except the back(), forward() and go() methods.
- Don't allow cross-domain put access to any of the history objects properties.
- Don't allow cross-domain enumeration of the History or Location objects.
Tests: http/tests/security/cross-frame-access-history-get-override.html
http/tests/security/cross-frame-access-history-get.html
http/tests/security/cross-frame-access-history-put.html
* WebCore.xcodeproj/project.pbxproj:
* bindings/js/JSDOMWindowCustom.cpp: Remove unnessary KJS::'s
(WebCore::JSDOMWindow::customGetOwnPropertySlot):
(WebCore::JSDOMWindow::customPut):
(WebCore::JSDOMWindow::getPropertyNames): Moved implementation from KJS::Window now that the declaration is autogenerated
using the new CustomGetPropertyNames.
(WebCore::JSDOMWindow::postMessage):
* bindings/js/JSHistoryCustom.cpp: Added.
(WebCore::allowsAccessFromFrame):
(WebCore::JSHistory::customGetOwnPropertySlot): Only allow getting the declared functions back(), forward() and go() from cross-domain.
Deny all other gets.
(WebCore::JSHistory::customPut): Don't allow putting cross-domain.
(WebCore::JSHistory::getPropertyNames): Don't allow enumeration cross-domain.
* bindings/js/JSLocation.cpp:
(WebCore::allowsAccessFromFrame):
(WebCore::JSLocation::getPropertyNames): Don't allow enumeration cross-domain.
* bindings/js/JSLocation.h:
* bindings/js/kjs_window.cpp:
* bindings/js/kjs_window.h:
* bindings/scripts/CodeGeneratorJS.pm:
Add support for new CustomGetPropertNames extended attribute and changed the logic of CustomPutFunction
to create an overrided put() function even if no read-write properties exist.
* page/DOMWindow.idl: Added CustomGetPropertNames
* page/History.idl: Added CustomGetPropertNames
LayoutTests:
Reviewed by Darin Adler.
Tests for <rdar://problem/
5708993> Mutability of the History object
* http/tests/security/cross-frame-access-enumeration-expected.txt:
* http/tests/security/cross-frame-access-enumeration.html:
* http/tests/security/cross-frame-access-history-expected.txt: Removed.
* http/tests/security/cross-frame-access-history-get-expected.txt: Renamed from LayoutTests/http/tests/security/cross-frame-access-history-expected.txt.
* http/tests/security/cross-frame-access-history-get-override-expected.txt: Added.
* http/tests/security/cross-frame-access-history-get-override.html: Added.
* http/tests/security/cross-frame-access-history-get.html: Renamed from LayoutTests/http/tests/security/cross-frame-access-history.html.
* http/tests/security/cross-frame-access-history-put-expected.txt: Added.
* http/tests/security/cross-frame-access-history-put.html: Added.
* http/tests/security/cross-frame-access-history.html: Removed.
* http/tests/security/resources/cross-frame-access.js:
* http/tests/security/resources/cross-frame-iframe-for-enumeration-test.html:
* http/tests/security/resources/cross-frame-iframe-for-history-get-override-test.html: Added.
* http/tests/security/resources/cross-frame-iframe-for-history-get-test.html: Added.
* http/tests/security/resources/cross-frame-iframe-for-history-put-test.html: Added.
git-svn-id: https://svn.webkit.org/repository/webkit/trunk@29890
268f45cc-cd09-0410-ab3c-
d52691b4dbfc
git://git.webkit.org / WebKit-https.git / commit