WebCore:
authorweinig@apple.com <weinig@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 27 Nov 2007 00:15:21 +0000 (00:15 +0000)
committerweinig@apple.com <weinig@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 27 Nov 2007 00:15:21 +0000 (00:15 +0000)
commitdbbc20a6717361f4501989b07bf28c5acdff567d
tree3c76577b51948a11a677bd4dab40b548fb19cbce
parentc08216b571aa3ff3843a4eced6f48305d26c11f5
WebCore:

        Reviewed by Darin.

        Fix for <rdar://problem/5592988>
        - Enforce tighter restrictions on what frames in other domains
          can be navigated.

        Tests: http/tests/security/frameNavigation/xss-ALLOWED-parent-navigation-change.html
               http/tests/security/frameNavigation/xss-ALLOWED-targeted-subframe-navigation-change.html

        * bindings/js/kjs_window.cpp:
        (KJS::Window::put):
        (KJS::Location::put):
        (KJS::LocationProtoFuncReplace::callAsFunction):
        (KJS::LocationProtoFuncAssign::callAsFunction):
        * loader/FrameLoader.cpp:
        (WebCore::FrameLoader::createWindow):
        (WebCore::FrameLoader::load):
        (WebCore::FrameLoader::shouldAllowNavigation): Move and update logic from canTarget().
        * loader/FrameLoader.h:
        * page/FrameTree.cpp:
        (WebCore::FrameTree::isDescendantOf): Make this O(1) in the case when both frames are not
        in the same page.

LayoutTests:

        Reviewed by Darin.

        Tests for <rdar://problem/5592988>

        - Update and add tests for new tighter restrictions on what frames in other domains
          can be navigated.

        * http/tests/security/cross-frame-access-location-expected.txt:
        * http/tests/security/frameNavigation: Added.
        * http/tests/security/frameNavigation/resources: Added.
        * http/tests/security/frameNavigation/resources/iframe-that-performs-parent-navigation.html: Added.
        * http/tests/security/frameNavigation/resources/iframe-with-inner-frame-on-foreign-domain.html: Added.
        * http/tests/security/frameNavigation/resources/navigation-changed-iframe.html: Added.
        * http/tests/security/frameNavigation/xss-ALLOWED-parent-navigation-change-expected.txt: Added.
        * http/tests/security/frameNavigation/xss-ALLOWED-parent-navigation-change.html: Added.
        * http/tests/security/frameNavigation/xss-ALLOWED-targeted-subframe-navigation-change-expected.txt: Added.
        * http/tests/security/frameNavigation/xss-ALLOWED-targeted-subframe-navigation-change.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@28056 268f45cc-cd09-0410-ab3c-d52691b4dbfc
14 files changed:
LayoutTests/ChangeLog
LayoutTests/http/tests/security/cross-frame-access-location-expected.txt
LayoutTests/http/tests/security/frameNavigation/resources/iframe-that-performs-parent-navigation.html [new file with mode: 0644]
LayoutTests/http/tests/security/frameNavigation/resources/iframe-with-inner-frame-on-foreign-domain.html [new file with mode: 0644]
LayoutTests/http/tests/security/frameNavigation/resources/navigation-changed-iframe.html [new file with mode: 0644]
LayoutTests/http/tests/security/frameNavigation/xss-ALLOWED-parent-navigation-change-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/frameNavigation/xss-ALLOWED-parent-navigation-change.html [new file with mode: 0644]
LayoutTests/http/tests/security/frameNavigation/xss-ALLOWED-targeted-subframe-navigation-change-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/frameNavigation/xss-ALLOWED-targeted-subframe-navigation-change.html [new file with mode: 0644]
WebCore/ChangeLog
WebCore/bindings/js/kjs_window.cpp
WebCore/loader/FrameLoader.cpp
WebCore/loader/FrameLoader.h
WebCore/page/FrameTree.cpp