Commit 796309ca authored by weinig@apple.com's avatar weinig@apple.com

WebCore:

2008-05-01  Sam Weinig  <sam@webkit.org>

        Reviewed by Geoffrey Garen.

        Fixes:
          - https://bugs.webkit.org/show_bug.cgi?id=17249
            Incorrect lexical scope after navigation leads to UXSS
            <rdar://problem/5738497>

          - https://bugs.webkit.org/show_bug.cgi?id=16824
            Script authorization should follow lexical (not dynamic) scope
            <rdar://problem/5683032>

        This patch changes us to perform same-origin checks based on the lexical global object) 
        rather than dynamic global object, which is now possible we don't re-use the window on 
        navigations, but rather switch in a new one and re-use the outer shell.  This is both
        more secure and conforms with the HTML5 specification.  Now that all the checks are
        done based on the lexical global object, we can remove the SecurityOrigin::Reason
        concept, as it was only around to work around an ebay.com bug that required the check to
        be done that way.

        An important thing to note is that we currently implement a stricter than necessary policy
        and perform the same-origin check based on the currently active global object to avoid leaking
        the document in cases when the target frame is navigated before access.  This will be fixed in
        an upcoming patch.

        * bindings/js/JSDOMWindowBase.cpp:
        (WebCore::JSDOMWindowBase::allowsAccessFrom):
        (WebCore::JSDOMWindowBase::allowsAccessFromNoErrorMessage):
        (WebCore::JSDOMWindowBase::allowsAccessFromPrivate):
        (WebCore::JSDOMWindowBase::crossDomainAccessErrorMessage):
        (WebCore::JSDOMWindowBase::printErrorMessage):
        (WebCore::asJSDOMWindow):
        * bindings/js/JSDOMWindowBase.h:
        * html/CanvasRenderingContext2D.cpp:
        (WebCore::CanvasRenderingContext2D::checkOrigin):
        (WebCore::CanvasRenderingContext2D::createPattern):
        * loader/FrameLoader.cpp:
        (WebCore::FrameLoader::begin):
        (WebCore::FrameLoader::write):
        (WebCore::FrameLoader::setOpener):
        (WebCore::FrameLoader::shouldAllowNavigation):
        * page/DOMWindow.h:
        (WebCore::DOMWindow::setSecurityOrigin):
        (WebCore::DOMWindow::securityOrigin):
        (WebCore::DOMWindow::setURL):
        (WebCore::DOMWindow::url):
        * platform/SecurityOrigin.cpp:
        (WebCore::SecurityOrigin::canAccess):
        (WebCore::SecurityOrigin::isSecureTransitionTo):
        * platform/SecurityOrigin.h:

LayoutTests:

2008-05-01  Sam Weinig  <sam@webkit.org>

        Reviewed by Geoffrey Garen.

        * http/tests/security/listener/xss-JSTargetNode-onclick-addEventListener-expected.txt:
        * http/tests/security/listener/xss-JSTargetNode-onclick-shortcut-expected.txt:
        * http/tests/security/listener/xss-XMLHttpRequest-addEventListener-expected.txt:
        * http/tests/security/listener/xss-XMLHttpRequest-shortcut-expected.txt:
        * http/tests/security/listener/xss-window-onclick-addEventListener-expected.txt:
        * http/tests/security/listener/xss-window-onclick-shortcut-expected.txt:
        * http/tests/security/xss-eval-expected.txt:



git-svn-id: http://svn.webkit.org/repository/webkit/trunk@32791 268f45cc-cd09-0410-ab3c-d52691b4dbfc
parent 3bee2462
2008-05-01 Sam Weinig <sam@webkit.org>
Reviewed by Geoffrey Garen.
* http/tests/security/listener/xss-JSTargetNode-onclick-addEventListener-expected.txt:
* http/tests/security/listener/xss-JSTargetNode-onclick-shortcut-expected.txt:
* http/tests/security/listener/xss-XMLHttpRequest-addEventListener-expected.txt:
* http/tests/security/listener/xss-XMLHttpRequest-shortcut-expected.txt:
* http/tests/security/listener/xss-window-onclick-addEventListener-expected.txt:
* http/tests/security/listener/xss-window-onclick-shortcut-expected.txt:
* http/tests/security/xss-eval-expected.txt:
2008-05-01 Anders Carlsson <andersca@apple.com>
Reviewed by Mitz.
CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe.html from frame with URL http://127.0.0.1:8000/security/listener/resources/childWithButton.html. Domains, protocols and ports must match.
CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe.html from frame with URL http://127.0.0.1:8000/security/listener/resources/targetChild-JSTargetNode-onclick-addEventListener.html. Domains, protocols and ports must match.
CONSOLE MESSAGE: line 6: Value undefined (result of expression alert) is not object.
This tests that frame used when setting eventListeners on an EventTarget using addEventListener is the target nodes frame. (rdar://problem/5426142). This test passes if you don't see an alert dialog with the domain of "localhost" in it and an "Unsafe JavaScript" warning is logged to the console.
......
CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe.html from frame with URL http://127.0.0.1:8000/security/listener/resources/childWithButton.html. Domains, protocols and ports must match.
CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe.html from frame with URL http://127.0.0.1:8000/security/listener/resources/targetChild-JSTargetNode-onclick-shortcut.html. Domains, protocols and ports must match.
CONSOLE MESSAGE: line 6: Value undefined (result of expression alert) is not object.
This tests that frame used when setting eventListeners on an EventTarget with the shortcut (onclick, etc), is the target nodes frame. (rdar://problem/5426142). This test passes if you don't see an alert dialog with the domain of "localhost" in it and an "Unsafe JavaScript" warning is logged to the console.
......
CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe.html from frame with URL http://127.0.0.1:8000/security/listener/resources/childWithXMLHttpRequest.html. Domains, protocols and ports must match.
CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe.html from frame with URL http://127.0.0.1:8000/security/listener/resources/targetChild-XMLHttpRequest-addEventListener.html. Domains, protocols and ports must match.
CONSOLE MESSAGE: line 6: Value undefined (result of expression alert) is not object.
This tests that frame used when setting eventListeners on an XMLHttpRequest using addEventListener, is the requests frame. (rdar://problem/5426142). This test passes if you don't see an alert dialog with the domain of "localhost" in it and an "Unsafe JavaScript" warning is logged to the console.
......
CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe.html from frame with URL http://127.0.0.1:8000/security/listener/resources/childWithXMLHttpRequest.html. Domains, protocols and ports must match.
CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe.html from frame with URL http://127.0.0.1:8000/security/listener/resources/targetChild-XMLHttpRequest-shortcut.html. Domains, protocols and ports must match.
CONSOLE MESSAGE: line 6: Value undefined (result of expression alert) is not object.
This tests that frame used when setting eventListeners on an XMLHttpRequest with the shortcut (onreadystatechange), is the requests frame. (rdar://problem/5426142). This test passes if you don't see an alert dialog with the domain of "localhost" in it and an "Unsafe JavaScript" warning is logged to the console.
......
CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe.html from frame with URL http://127.0.0.1:8000/security/listener/resources/childWindow.html. Domains, protocols and ports must match.
CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe.html from frame with URL http://127.0.0.1:8000/security/listener/resources/targetChild-window-onclick-addEventListener.html. Domains, protocols and ports must match.
CONSOLE MESSAGE: line 6: Value undefined (result of expression alert) is not object.
This tests that frame used when setting eventListeners on the window using addEventListener is the window's frame. (rdar://problem/5426142). This test passes if you don't see an alert dialog with the domain of "localhost" in it and an "Unsafe JavaScript" warning is logged to the console.
......
CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe.html from frame with URL http://127.0.0.1:8000/security/listener/resources/childWindow.html. Domains, protocols and ports must match.
CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe.html from frame with URL http://127.0.0.1:8000/security/listener/resources/targetChild-window-onclick-shortcut.html. Domains, protocols and ports must match.
CONSOLE MESSAGE: line 6: Value undefined (result of expression alert) is not object.
This tests that frame used when setting eventListeners on the window with the shortcut (onclick, etc), is the window's frame. (rdar://problem/5426142). This test passes if you don't see an alert dialog with the domain of "localhost" in it and an "Unsafe JavaScript" warning is logged to the console.
......
CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/xss-eval3.html from frame with URL http://127.0.0.1:8000/security/xss-eval.html. Domains, protocols and ports must match.
CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/xss-eval3.html from frame with URL http://127.0.0.1:8000/security/resources/xss-eval2.html. Domains, protocols and ports must match.
This page verifies that you can't use eval to subvert cross-domain checks.
......
2008-05-01 Sam Weinig <sam@webkit.org>
Reviewed by Geoffrey Garen.
Fixes:
- https://bugs.webkit.org/show_bug.cgi?id=17249
Incorrect lexical scope after navigation leads to UXSS
<rdar://problem/5738497>
- https://bugs.webkit.org/show_bug.cgi?id=16824
Script authorization should follow lexical (not dynamic) scope
<rdar://problem/5683032>
This patch changes us to perform same-origin checks based on the lexical global object)
rather than dynamic global object, which is now possible we don't re-use the window on
navigations, but rather switch in a new one and re-use the outer shell. This is both
more secure and conforms with the HTML5 specification. Now that all the checks are
done based on the lexical global object, we can remove the SecurityOrigin::Reason
concept, as it was only around to work around an ebay.com bug that required the check to
be done that way.
An important thing to note is that we currently implement a stricter than necessary policy
and perform the same-origin check based on the currently active global object to avoid leaking
the document in cases when the target frame is navigated before access. This will be fixed in
an upcoming patch.
* bindings/js/JSDOMWindowBase.cpp:
(WebCore::JSDOMWindowBase::allowsAccessFrom):
(WebCore::JSDOMWindowBase::allowsAccessFromNoErrorMessage):
(WebCore::JSDOMWindowBase::allowsAccessFromPrivate):
(WebCore::JSDOMWindowBase::crossDomainAccessErrorMessage):
(WebCore::JSDOMWindowBase::printErrorMessage):
(WebCore::asJSDOMWindow):
* bindings/js/JSDOMWindowBase.h:
* html/CanvasRenderingContext2D.cpp:
(WebCore::CanvasRenderingContext2D::checkOrigin):
(WebCore::CanvasRenderingContext2D::createPattern):
* loader/FrameLoader.cpp:
(WebCore::FrameLoader::begin):
(WebCore::FrameLoader::write):
(WebCore::FrameLoader::setOpener):
(WebCore::FrameLoader::shouldAllowNavigation):
* page/DOMWindow.h:
(WebCore::DOMWindow::setSecurityOrigin):
(WebCore::DOMWindow::securityOrigin):
(WebCore::DOMWindow::setURL):
(WebCore::DOMWindow::url):
* platform/SecurityOrigin.cpp:
(WebCore::SecurityOrigin::canAccess):
(WebCore::SecurityOrigin::isSecureTransitionTo):
* platform/SecurityOrigin.h:
2008-05-01 Anders Carlsson <andersca@apple.com>
Reviewed by Mark.
......@@ -733,100 +733,63 @@ void JSDOMWindowBase::put(ExecState* exec, const Identifier& propertyName, JSVal
bool JSDOMWindowBase::allowsAccessFrom(const JSGlobalObject* other) const
{
SecurityOrigin::Reason reason;
if (allowsAccessFromPrivate(other, reason))
if (allowsAccessFromPrivate(other))
return true;
printErrorMessage(crossDomainAccessErrorMessage(other, reason));
printErrorMessage(crossDomainAccessErrorMessage(other));
return false;
}
bool JSDOMWindowBase::allowsAccessFrom(ExecState* exec) const
{
SecurityOrigin::Reason reason;
if (allowsAccessFromPrivate(exec, reason))
if (allowsAccessFromPrivate(exec->lexicalGlobalObject()))
return true;
printErrorMessage(crossDomainAccessErrorMessage(exec->dynamicGlobalObject(), reason));
printErrorMessage(crossDomainAccessErrorMessage(exec->lexicalGlobalObject()));
return false;
}
bool JSDOMWindowBase::allowsAccessFromNoErrorMessage(ExecState* exec) const
{
SecurityOrigin::Reason reason;
return allowsAccessFromPrivate(exec, reason);
return allowsAccessFromPrivate(exec->lexicalGlobalObject());
}
bool JSDOMWindowBase::allowsAccessFrom(ExecState* exec, String& message) const
{
SecurityOrigin::Reason reason;
if (allowsAccessFromPrivate(exec, reason))
if (allowsAccessFromPrivate(exec->lexicalGlobalObject()))
return true;
message = crossDomainAccessErrorMessage(exec->dynamicGlobalObject(), reason);
message = crossDomainAccessErrorMessage(exec->lexicalGlobalObject());
return false;
}
ALWAYS_INLINE bool JSDOMWindowBase::allowsAccessFromPrivate(const ExecState* exec, SecurityOrigin::Reason& reason) const
ALWAYS_INLINE bool JSDOMWindowBase::allowsAccessFromPrivate(const JSGlobalObject* other) const
{
if (allowsAccessFromPrivate(exec->dynamicGlobalObject(), reason))
return true;
if (reason == SecurityOrigin::DomainSetInDOMMismatch) {
// If the only reason the access failed was a domainSetInDOM bit mismatch, try again against
// lexical global object <rdar://problem/5698200>
if (allowsAccessFromPrivate(exec->lexicalGlobalObject(), reason))
return true;
}
return false;
}
ALWAYS_INLINE bool JSDOMWindowBase::allowsAccessFromPrivate(const JSGlobalObject* other, SecurityOrigin::Reason& reason) const
{
const Frame* originFrame = static_cast<const JSDOMWindowBase*>(other)->impl()->frame();
if (!originFrame) {
reason = SecurityOrigin::GenericMismatch;
return false;
}
const JSDOMWindow* originWindow = asJSDOMWindow(other);
const JSDOMWindow* targetWindow = toJSDOMWindow(impl()->frame());
const Frame* targetFrame = impl()->frame();
if (originFrame == targetFrame)
if (originWindow == targetWindow)
return true;
if (!targetFrame) {
reason = SecurityOrigin::GenericMismatch;
return false;
}
Document* targetDocument = targetFrame->document();
// JS may be attempting to access the "window" object, which should be valid,
// even if the document hasn't been constructed yet. If the document doesn't
// exist yet allow JS to access the window object.
if (!targetDocument)
if (!originWindow->impl()->document())
return true;
Document* originDocument = originFrame->document();
const SecurityOrigin* originSecurityOrigin = originDocument->securityOrigin();
const SecurityOrigin* targetSecurityOrigin = targetDocument->securityOrigin();
const SecurityOrigin* originSecurityOrigin = originWindow->impl()->securityOrigin();
const SecurityOrigin* targetSecurityOrigin = targetWindow->impl()->securityOrigin();
if (originSecurityOrigin->canAccess(targetSecurityOrigin, reason))
return true;
return false;
return originSecurityOrigin->canAccess(targetSecurityOrigin);
}
String JSDOMWindowBase::crossDomainAccessErrorMessage(const JSGlobalObject* other, SecurityOrigin::Reason) const
String JSDOMWindowBase::crossDomainAccessErrorMessage(const JSGlobalObject* other) const
{
const Frame* originFrame = static_cast<const JSDOMWindowBase*>(other)->impl()->frame();
const Frame* targetFrame = impl()->frame();
if (!originFrame || !targetFrame)
return String();
Document* targetDocument = targetFrame->document();
Document* originDocument = originFrame->document();
if (!originDocument || !targetDocument)
KURL originURL = asJSDOMWindow(other)->impl()->url();
KURL targetURL = impl()->frame()->document()->url();
if (originURL.isNull() || targetURL.isNull())
return String();
// FIXME: this error message should contain more specifics of why the same origin check has failed.
return String::format("Unsafe JavaScript attempt to access frame with URL %s from frame with URL %s. Domains, protocols and ports must match.\n",
targetDocument->url().string().utf8().data(), originDocument->url().string().utf8().data());
targetURL.string().utf8().data(), originURL.string().utf8().data());
}
void JSDOMWindowBase::printErrorMessage(const String& message) const
......@@ -844,7 +807,7 @@ void JSDOMWindowBase::printErrorMessage(const String& message) const
if (Interpreter::shouldPrintExceptions())
printf("%s", message.utf8().data());
frame->domWindow()->console()->addMessage(JSMessageSource, ErrorMessageLevel, message, 1, String()); // FIXME: provide a real line number and source URL.
impl()->console()->addMessage(JSMessageSource, ErrorMessageLevel, message, 1, String()); // FIXME: provide a real line number and source URL.
}
ExecState* JSDOMWindowBase::globalExec()
......@@ -1426,4 +1389,9 @@ JSDOMWindow* asJSDOMWindow(JSGlobalObject* globalObject)
return static_cast<JSDOMWindow*>(globalObject);
}
const JSDOMWindow* asJSDOMWindow(const JSGlobalObject* globalObject)
{
return static_cast<const JSDOMWindow*>(globalObject);
}
} // namespace WebCore
......@@ -21,7 +21,6 @@
#define JSDOMWindowBase_h
#include "PlatformString.h"
#include "SecurityOrigin.h"
#include "kjs_binding.h"
#include <kjs/protect.h>
#include <wtf/HashMap.h>
......@@ -40,6 +39,7 @@ namespace WebCore {
class JSUnprotectedEventListener;
class PausedTimeouts;
class ScheduledAction;
class SecurityOrigin;
class JSDOMWindowBasePrivate;
......@@ -148,9 +148,8 @@ namespace WebCore {
void clearAllTimeouts();
int installTimeout(ScheduledAction*, int interval, bool singleShot);
bool allowsAccessFromPrivate(const KJS::JSGlobalObject*, SecurityOrigin::Reason&) const;
bool allowsAccessFromPrivate(const KJS::ExecState*, SecurityOrigin::Reason&) const;
String crossDomainAccessErrorMessage(const KJS::JSGlobalObject*, SecurityOrigin::Reason) const;
bool allowsAccessFromPrivate(const KJS::JSGlobalObject*) const;
String crossDomainAccessErrorMessage(const KJS::JSGlobalObject*) const;
RefPtr<DOMWindow> m_impl;
OwnPtr<JSDOMWindowBasePrivate> d;
......@@ -175,6 +174,7 @@ namespace WebCore {
JSDOMWindow* toJSDOMWindow(Frame*);
JSDOMWindow* asJSDOMWindow(KJS::JSGlobalObject*);
const JSDOMWindow* asJSDOMWindow(const KJS::JSGlobalObject*);
} // namespace WebCore
......
......@@ -945,8 +945,7 @@ void CanvasRenderingContext2D::drawImage(HTMLImageElement* image,
void CanvasRenderingContext2D::checkOrigin(const KURL& url)
{
RefPtr<SecurityOrigin> origin = SecurityOrigin::create(url);
SecurityOrigin::Reason reason;
if (!m_canvas->document()->securityOrigin()->canAccess(origin.get(), reason))
if (!m_canvas->document()->securityOrigin()->canAccess(origin.get()))
m_canvas->setOriginTainted();
}
......@@ -1097,8 +1096,7 @@ PassRefPtr<CanvasPattern> CanvasRenderingContext2D::createPattern(HTMLImageEleme
if (CachedImage* cachedImage = image->cachedImage()) {
KURL url(cachedImage->url());
RefPtr<SecurityOrigin> origin = SecurityOrigin::create(url);
SecurityOrigin::Reason reason;
originClean = m_canvas->document()->securityOrigin()->canAccess(origin.get(), reason);
originClean = m_canvas->document()->securityOrigin()->canAccess(origin.get());
}
return new CanvasPattern(image->cachedImage(), repeatX, repeatY, originClean);
}
......
......@@ -937,6 +937,9 @@ void FrameLoader::begin(const KURL& url, bool dispatch, SecurityOrigin* origin)
if (forcedSecurityOrigin)
document->setSecurityOrigin(forcedSecurityOrigin.get());
m_frame->domWindow()->setURL(document->url());
m_frame->domWindow()->setSecurityOrigin(document->securityOrigin());
updatePolicyBaseURL();
Settings* settings = document->settings();
......@@ -988,8 +991,7 @@ void FrameLoader::write(const char* str, int len, bool flush)
m_decoder = new TextResourceDecoder(m_responseMIMEType, settings ? settings->defaultTextEncodingName() : String());
if (m_encoding.isEmpty()) {
Frame* parentFrame = m_frame->tree()->parent();
SecurityOrigin::Reason reason;
if (parentFrame && parentFrame->document()->securityOrigin()->canAccess(m_frame->document()->securityOrigin(), reason))
if (parentFrame && parentFrame->document()->securityOrigin()->canAccess(m_frame->document()->securityOrigin()))
m_decoder->setEncoding(parentFrame->document()->inputEncoding(), TextResourceDecoder::DefaultEncoding);
} else {
m_decoder->setEncoding(m_encoding,
......@@ -1772,8 +1774,10 @@ void FrameLoader::setOpener(Frame* opener)
opener->loader()->m_openedFrames.add(m_frame);
m_opener = opener;
if (m_frame->document())
if (m_frame->document()) {
m_frame->document()->initSecurityOrigin();
m_frame->domWindow()->setSecurityOrigin(m_frame->document()->securityOrigin());
}
}
bool FrameLoader::openedByDOM() const
......@@ -2444,9 +2448,8 @@ bool FrameLoader::shouldAllowNavigation(Frame* targetFrame) const
if (!ancestorDocument)
return true;
SecurityOrigin::Reason reason;
const SecurityOrigin* ancestorSecurityOrigin = ancestorDocument->securityOrigin();
if (activeSecurityOrigin->canAccess(ancestorSecurityOrigin, reason))
if (activeSecurityOrigin->canAccess(ancestorSecurityOrigin))
return true;
}
......
......@@ -26,9 +26,11 @@
#ifndef DOMWindow_h
#define DOMWindow_h
#include "KURL.h"
#include "PlatformString.h"
#include <wtf/RefCounted.h>
#include "SecurityOrigin.h"
#include <wtf/Forward.h>
#include <wtf/RefCounted.h>
#include <wtf/RefPtr.h>
namespace WebCore {
......@@ -68,6 +70,12 @@ namespace WebCore {
void clear();
void setSecurityOrigin(SecurityOrigin* securityOrigin) { m_securityOrigin = securityOrigin; }
SecurityOrigin* securityOrigin() const { return m_securityOrigin.get(); }
void setURL(const KURL& url) { m_url = url; }
KURL url() const { return m_url; }
static void adjustWindowRect(const FloatRect& screen, FloatRect& window, const FloatRect& pendingChanges);
// DOM Level 0
......@@ -199,10 +207,13 @@ namespace WebCore {
#if ENABLE(OFFLINE_WEB_APPLICATIONS)
DOMApplicationCache* optionalApplicationCache() const { return m_applicationCache.get(); }
#endif
private:
DOMWindow(Frame*);
RefPtr<SecurityOrigin> m_securityOrigin;
KURL m_url;
Frame* m_frame;
mutable RefPtr<Screen> m_screen;
mutable RefPtr<DOMSelection> m_selection;
......
......@@ -135,15 +135,13 @@ void SecurityOrigin::setDomainFromDOM(const String& newDomain)
m_domain = newDomain.lower();
}
bool SecurityOrigin::canAccess(const SecurityOrigin* other, Reason& reason) const
bool SecurityOrigin::canAccess(const SecurityOrigin* other) const
{
if (FrameLoader::shouldTreatSchemeAsLocal(m_protocol))
return true;
if (m_noAccess || other->m_noAccess) {
reason = SecurityOrigin::GenericMismatch;
if (m_noAccess || other->m_noAccess)
return false;
}
// Here are three cases where we should permit access:
//
......@@ -178,14 +176,11 @@ bool SecurityOrigin::canAccess(const SecurityOrigin* other, Reason& reason) cons
if (m_domain == other->m_domain)
return true;
} else {
if (m_host == other->m_host && m_port == other->m_port) {
reason = DomainSetInDOMMismatch;
if (m_host == other->m_host && m_port == other->m_port)
return false;
}
}
}
reason = SecurityOrigin::GenericMismatch;
return false;
}
......@@ -196,8 +191,7 @@ bool SecurityOrigin::isSecureTransitionTo(const KURL& url) const
return true;
RefPtr<SecurityOrigin> other = SecurityOrigin::create(url);
Reason reason;
return canAccess(other.get(), reason);
return canAccess(other.get());
}
String SecurityOrigin::toString() const
......
......@@ -54,12 +54,8 @@ namespace WebCore {
String host() const { return m_host; }
String domain() const { return m_domain; }
unsigned short port() const { return m_port; }
enum Reason {
GenericMismatch,
DomainSetInDOMMismatch
};
bool canAccess(const SecurityOrigin*, Reason&) const;
bool canAccess(const SecurityOrigin*) const;
bool isSecureTransitionTo(const KURL&) const;
bool isEmpty() const;
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment