-
weinig@apple.com authored
Reviewed by Darin Adler. Fix for <rdar://problem/5708993> Mutability of the History object - Don't allow cross-domain get access to any of the history objects properties except the back(), forward() and go() methods. - Don't allow cross-domain put access to any of the history objects properties. - Don't allow cross-domain enumeration of the History or Location objects. Tests: http/tests/security/cross-frame-access-history-get-override.html http/tests/security/cross-frame-access-history-get.html http/tests/security/cross-frame-access-history-put.html * WebCore.xcodeproj/project.pbxproj: * bindings/js/JSDOMWindowCustom.cpp: Remove unnessary KJS::'s (WebCore::JSDOMWindow::customGetOwnPropertySlot): (WebCore::JSDOMWindow::customPut): (WebCore::JSDOMWindow::getPropertyNames): Moved implementation from KJS::Window now that the declaration is autogenerated using the new CustomGetPropertyNames. (WebCore::JSDOMWindow::postMessage): * bindings/js/JSHistoryCustom.cpp: Added. (WebCore::allowsAccessFromFrame): (WebCore::JSHistory::customGetOwnPropertySlot): Only allow getting the declared functions back(), forward() and go() from cross-domain. Deny all other gets. (WebCore::JSHistory::customPut): Don't allow putting cross-domain. (WebCore::JSHistory::getPropertyNames): Don't allow enumeration cross-domain. * bindings/js/JSLocation.cpp: (WebCore::allowsAccessFromFrame): (WebCore::JSLocation::getPropertyNames): Don't allow enumeration cross-domain. * bindings/js/JSLocation.h: * bindings/js/kjs_window.cpp: * bindings/js/kjs_window.h: * bindings/scripts/CodeGeneratorJS.pm: Add support for new CustomGetPropertNames extended attribute and changed the logic of CustomPutFunction to create an overrided put() function even if no read-write properties exist. * page/DOMWindow.idl: Added CustomGetPropertNames * page/History.idl: Added CustomGetPropertNames LayoutTests: Reviewed by Darin Adler. Tests for <rdar://problem/5708993> Mutability of the History object * http/tests/security/cross-frame-access-enumeration-expected.txt: * http/tests/security/cross-frame-access-enumeration.html: * http/tests/security/cross-frame-access-history-expected.txt: Removed. * http/tests/security/cross-frame-access-history-get-expected.txt: Renamed from LayoutTests/http/tests/security/cross-frame-access-history-expected.txt. * http/tests/security/cross-frame-access-history-get-override-expected.txt: Added. * http/tests/security/cross-frame-access-history-get-override.html: Added. * http/tests/security/cross-frame-access-history-get.html: Renamed from LayoutTests/http/tests/security/cross-frame-access-history.html. * http/tests/security/cross-frame-access-history-put-expected.txt: Added. * http/tests/security/cross-frame-access-history-put.html: Added. * http/tests/security/cross-frame-access-history.html: Removed. * http/tests/security/resources/cross-frame-access.js: * http/tests/security/resources/cross-frame-iframe-for-enumeration-test.html: * http/tests/security/resources/cross-frame-iframe-for-history-get-override-test.html: Added. * http/tests/security/resources/cross-frame-iframe-for-history-get-test.html: Added. * http/tests/security/resources/cross-frame-iframe-for-history-put-test.html: Added. git-svn-id: http://svn.webkit.org/repository/webkit/trunk@29890 268f45cc-cd09-0410-ab3c-d52691b4dbfc
7da76c9e