Commit 7da76c9e authored by weinig@apple.com's avatar weinig@apple.com

WebCore:

        Reviewed by Darin Adler.

        Fix for <rdar://problem/5708993> Mutability of the History object

        - Don't allow cross-domain get access to any of the history objects properties
          except the back(), forward() and go() methods.
        - Don't allow cross-domain put access to any of the history objects properties.
        - Don't allow cross-domain enumeration of the History or Location objects.

        Tests: http/tests/security/cross-frame-access-history-get-override.html
               http/tests/security/cross-frame-access-history-get.html
               http/tests/security/cross-frame-access-history-put.html

        * WebCore.xcodeproj/project.pbxproj:
        * bindings/js/JSDOMWindowCustom.cpp: Remove unnessary KJS::'s
        (WebCore::JSDOMWindow::customGetOwnPropertySlot):
        (WebCore::JSDOMWindow::customPut):
        (WebCore::JSDOMWindow::getPropertyNames): Moved implementation from KJS::Window now that the declaration is autogenerated
        using the new CustomGetPropertyNames.
        (WebCore::JSDOMWindow::postMessage):

        * bindings/js/JSHistoryCustom.cpp: Added.
        (WebCore::allowsAccessFromFrame):
        (WebCore::JSHistory::customGetOwnPropertySlot): Only allow getting the declared functions back(), forward() and go() from cross-domain.
        Deny all other gets.
        (WebCore::JSHistory::customPut): Don't allow putting cross-domain.
        (WebCore::JSHistory::getPropertyNames): Don't allow enumeration cross-domain.

        * bindings/js/JSLocation.cpp:
        (WebCore::allowsAccessFromFrame):
        (WebCore::JSLocation::getPropertyNames): Don't allow enumeration cross-domain.
        * bindings/js/JSLocation.h:

        * bindings/js/kjs_window.cpp:
        * bindings/js/kjs_window.h:

        * bindings/scripts/CodeGeneratorJS.pm:
        Add support for new CustomGetPropertNames extended attribute and changed the logic of CustomPutFunction
        to create an overrided put() function even if no read-write properties exist.

        * page/DOMWindow.idl: Added CustomGetPropertNames
        * page/History.idl: Added CustomGetPropertNames

LayoutTests:

        Reviewed by Darin Adler.

        Tests for <rdar://problem/5708993> Mutability of the History object

        * http/tests/security/cross-frame-access-enumeration-expected.txt:
        * http/tests/security/cross-frame-access-enumeration.html:
        * http/tests/security/cross-frame-access-history-expected.txt: Removed.
        * http/tests/security/cross-frame-access-history-get-expected.txt: Renamed from LayoutTests/http/tests/security/cross-frame-access-history-expected.txt.
        * http/tests/security/cross-frame-access-history-get-override-expected.txt: Added.
        * http/tests/security/cross-frame-access-history-get-override.html: Added.
        * http/tests/security/cross-frame-access-history-get.html: Renamed from LayoutTests/http/tests/security/cross-frame-access-history.html.
        * http/tests/security/cross-frame-access-history-put-expected.txt: Added.
        * http/tests/security/cross-frame-access-history-put.html: Added.
        * http/tests/security/cross-frame-access-history.html: Removed.
        * http/tests/security/resources/cross-frame-access.js:
        * http/tests/security/resources/cross-frame-iframe-for-enumeration-test.html:
        * http/tests/security/resources/cross-frame-iframe-for-history-get-override-test.html: Added.
        * http/tests/security/resources/cross-frame-iframe-for-history-get-test.html: Added.
        * http/tests/security/resources/cross-frame-iframe-for-history-put-test.html: Added.



git-svn-id: http://svn.webkit.org/repository/webkit/trunk@29890 268f45cc-cd09-0410-ab3c-d52691b4dbfc
parent 25222377
2008-01-30 Samuel Weinig <sam@webkit.org>
Reviewed by Darin Adler.
Tests for <rdar://problem/5708993> Mutability of the History object
* http/tests/security/cross-frame-access-enumeration-expected.txt:
* http/tests/security/cross-frame-access-enumeration.html:
* http/tests/security/cross-frame-access-history-expected.txt: Removed.
* http/tests/security/cross-frame-access-history-get-expected.txt: Renamed from LayoutTests/http/tests/security/cross-frame-access-history-expected.txt.
* http/tests/security/cross-frame-access-history-get-override-expected.txt: Added.
* http/tests/security/cross-frame-access-history-get-override.html: Added.
* http/tests/security/cross-frame-access-history-get.html: Renamed from LayoutTests/http/tests/security/cross-frame-access-history.html.
* http/tests/security/cross-frame-access-history-put-expected.txt: Added.
* http/tests/security/cross-frame-access-history-put.html: Added.
* http/tests/security/cross-frame-access-history.html: Removed.
* http/tests/security/resources/cross-frame-access.js:
* http/tests/security/resources/cross-frame-iframe-for-enumeration-test.html:
* http/tests/security/resources/cross-frame-iframe-for-history-get-override-test.html: Added.
* http/tests/security/resources/cross-frame-iframe-for-history-get-test.html: Added.
* http/tests/security/resources/cross-frame-iframe-for-history-put-test.html: Added.
2008-01-31 Dan Bernstein <mitz@apple.com>
Reviewed by Dave Hyatt.
......
CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe-for-enumeration-test from frame with URL http://127.0.0.1:8000/security/cross-frame-access-enumeration.html. Domains, protocols and ports must match.
CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe-for-enumeration-test from frame with URL http://127.0.0.1:8000/security/cross-frame-access-enumeration.html. Domains, protocols and ports must match.
CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe-for-enumeration-test from frame with URL http://127.0.0.1:8000/security/cross-frame-access-enumeration.html. Domains, protocols and ports must match.
This tests that variable names can't be enumerated cross domain (see http://bugs.webkit.org/show_bug.cgi?id=16387)
PASS: Cross frame access by enumerating the window object was denied.
PASS: Cross frame access by enumerating the History object was denied.
PASS: Cross frame access by enumerating the Location object was denied.
......@@ -32,10 +32,11 @@
runTest = function()
{
// Test enumerating the Window object
var b_win = document.getElementsByTagName("iframe")[0].contentWindow;
try {
for (var k in b_win) {
if (k == "customProperty") {
if (k == "customWindowProperty") {
log("FAIL: Cross frame access by enumerating the window object was allowed.");
return;
}
......@@ -43,6 +44,32 @@
} catch (e) {
}
log("PASS: Cross frame access by enumerating the window object was denied.");
// Test enumerating the History object
var b_win_history = b_win.history;
try {
for (var k in b_win_history) {
if (k == "customHistoryProperty") {
log("FAIL: Cross frame access by enumerating the History object was allowed.");
return;
}
}
} catch (e) {
}
log("PASS: Cross frame access by enumerating the History object was denied.");
// Test enumerating the Location object
var b_win_location = b_win.location;
try {
for (var k in b_win_location) {
if (k == "customLocationProperty") {
log("FAIL: Cross frame access by enumerating the Location object was allowed.");
return;
}
}
} catch (e) {
}
log("PASS: Cross frame access by enumerating the Location object was denied.");
}
</script>
</head>
......
CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe-for-history-get-test.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-history-get.html. Domains, protocols and ports must match.
CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe-for-history-get-test.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-history-get.html. Domains, protocols and ports must match.
CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe-for-history-get-test.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-history-get.html. Domains, protocols and ports must match.
CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe-for-history-get-test.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-history-get.html. Domains, protocols and ports must match.
CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe-for-history-get-test.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-history-get.html. Domains, protocols and ports must match.
CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe-for-history-get-test.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-history-get.html. Domains, protocols and ports must match.
CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe-for-history-get-test.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-history-get.html. Domains, protocols and ports must match.
----- tests for getting window.history and its properties -----
PASS: canGet('targetWindow.history.length') should be 'false' and is.
PASS: canGet('targetWindow.history.back') should be 'true' and is.
PASS: canGet('targetWindow.history.forward') should be 'true' and is.
PASS: canGet('targetWindow.history.go') should be 'true' and is.
PASS: canGet('targetWindow.history.toString') should be 'true' and is.
PASS: toString('targetWindow.history') should be '[object History]' and is.
PASS: canGet('targetWindow.__proto__') should be 'false' and is.
PASS: canGet('targetWindow.constructor') should be 'false' and is.
PASS: canGet('targetWindow.history.existingCustomProperty') should be 'false' and is.
PASS: canGet('targetWindow.history.__proto__.prototypeCustomProperty') should be 'false' and is.
PASS: canCall('targetWindow.history.existingCustomFunction') should be 'false' and is.
PASS: canCall('targetWindow.history.prototypeCustomFunction') should be 'false' and is.
----- tests for getting custorm overrides of window.history's functions -----
----- tests for getting/setting window.history and its properties -----
Firefox prohibits getting 'history.length' but that seems unnecessarily strict since you're allowed to use the 'history' object.
PASS: canGet('targetWindow.history.length') should be 'true' and is.
PASS: canGet('targetWindow.history.back') should be 'true' and is.
PASS: toString('targetWindow.history.back') should be 'function () { return "new back";}' and is.
PASS: canGet('targetWindow.history.forward') should be 'true' and is.
PASS: toString('targetWindow.history.forward') should be 'function () { return "new forward";}' and is.
PASS: canGet('targetWindow.history.go') should be 'true' and is.
PASS: canGet('targetWindow.history.toString') should be 'true' and is.
PASS: toString('targetWindow.history') should be '[object History]' and is.
PASS: toString('targetWindow.history.go') should be 'new go' and is.
<html>
<head>
<script src="resources/cross-frame-access.js"></script>
<script>
window.onload = function()
{
if (window.layoutTestController) {
layoutTestController.dumpAsText();
layoutTestController.waitUntilDone();
}
if (window.layoutTestController) {
setTimeout(pollForTest, 1);
} else {
log("To run the test, click the button below when the opened window finishes loading.");
var button = document.createElement("button");
button.appendChild(document.createTextNode("Run Test"));
button.onclick = runTest;
document.body.appendChild(button);
}
}
pollForTest = function()
{
if (!layoutTestController.globalFlag) {
setTimeout(pollForTest, 1);
return;
}
runTest();
layoutTestController.notifyDone();
}
runTest = function()
{
window.targetWindow = frames[0];
log("----- tests for getting custorm overrides of window.history's functions -----\n");
// Overriden using window.history.back = function() { return "new back" }
newBack = function() { return "new back"; }
shouldBeTrue("canGet('targetWindow.history.back')");
shouldBe("toString('targetWindow.history.back')", "toString(newBack)");
// Overriden using window.history.__proto__.forward = function() { return "new forward;" }
newForward = function() { return "new forward"; }
shouldBeTrue("canGet('targetWindow.history.forward')");
shouldBe("toString('targetWindow.history.forward')", "toString(newForward)");
// Overriden using window.history.go = "new go"
shouldBeTrue("canGet('targetWindow.history.go')");
shouldBe("toString('targetWindow.history.go')", "'new go'");
}
</script>
</head>
<body>
<iframe src="http://localhost:8000/security/resources/cross-frame-iframe-for-history-get-override-test.html"></iframe>
<pre id="console"></pre>
</body>
</html>
<html>
<head>
<script src="resources/cross-frame-access.js"></script>
<script>
window.onload = function()
{
if (window.layoutTestController) {
layoutTestController.dumpAsText();
layoutTestController.waitUntilDone();
}
if (window.layoutTestController) {
setTimeout(pollForTest, 1);
} else {
log("To run the test, click the button below when the opened window finishes loading.");
var button = document.createElement("button");
button.appendChild(document.createTextNode("Run Test"));
button.onclick = runTest;
document.body.appendChild(button);
}
}
pollForTest = function()
{
if (!layoutTestController.globalFlag) {
setTimeout(pollForTest, 1);
return;
}
runTest();
layoutTestController.notifyDone();
}
runTest = function()
{
window.targetWindow = frames[0];
log("\n----- tests for getting window.history and its properties -----\n");
// history object
shouldBeFalse("canGet('targetWindow.history.length')");
shouldBeTrue("canGet('targetWindow.history.back')");
shouldBeTrue("canGet('targetWindow.history.forward')");
shouldBeTrue("canGet('targetWindow.history.go')");
// FIXME: Calling these currently cause the subsequent test to include a dump of this test's render tree.
// (see http://bugs.webkit.org/show_bug.cgi?id=16510)
// shouldBeTrue("canCall('targetWindow.history.back')");
// shouldBeTrue("canCall('targetWindow.history.forward')");
// shouldBeTrue("canCall('targetWindow.history.go', '-1')");
shouldBeTrue("canGet('targetWindow.history.toString')");
shouldBe("toString('targetWindow.history')", "'[object History]'");
shouldBeFalse("canGet('targetWindow.__proto__')");
shouldBeFalse("canGet('targetWindow.constructor')");
// Check custom properties
shouldBeFalse("canGet('targetWindow.history.existingCustomProperty')");
shouldBeFalse("canGet('targetWindow.history.__proto__.prototypeCustomProperty')");
shouldBeFalse("canCall('targetWindow.history.existingCustomFunction')");
shouldBeFalse("canCall('targetWindow.history.prototypeCustomFunction')");
}
</script>
</head>
<body>
<iframe src="http://localhost:8000/security/resources/cross-frame-iframe-for-history-get-test.html"></iframe>
<pre id="console"></pre>
</body>
</html>
CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe-for-history-put-test.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-history-put.html. Domains, protocols and ports must match.
CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe-for-history-put-test.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-history-put.html. Domains, protocols and ports must match.
CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe-for-history-put-test.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-history-put.html. Domains, protocols and ports must match.
CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe-for-history-put-test.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-history-put.html. Domains, protocols and ports must match.
CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe-for-history-put-test.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-history-put.html. Domains, protocols and ports must match.
--------
Frame: '<!--framePath //<!--frame0-->-->'
--------
----- tests for putting window.history and its properties -----
PASS: window.history.back should be 'function back() { [native code]}' and is.
PASS: window.history.forward should be 'function forward() { [native code]}' and is.
PASS: window.history.go should be 'function go() { [native code]}' and is.
PASS: window.history.toString should be 'function toString() { [native code]}' and is.
PASS: window.history.length matched the expected value.
<html>
<head>
<script>
if (window.layoutTestController) {
layoutTestController.dumpAsText();
layoutTestController.dumpChildFramesAsText();
layoutTestController.waitUntilDone();
}
receiver = function(e)
{
if (e.data == "storedOldValuesComplete")
setTest();
}
document.addEventListener('message', receiver, false);
setTest = function()
{
window.targetWindow = frames[0];
targetWindow.history.back = "FAIL!! CUSTOM back";
targetWindow.history.forward = "FAIL!! CUSTOM forward";
targetWindow.history.go = "FAIL!! CUSTOM go";
targetWindow.history.toString = "FAIL!! CUSTOM toString";
targetWindow.history.length = "FAIL!! CUSTOM length";
targetWindow.postMessage("settingValuesComplete");
}
</script>
</head>
<body>
<iframe src="http://localhost:8000/security/resources/cross-frame-iframe-for-history-put-test.html"></iframe>
</body>
</html>
<html>
<head>
<script src="resources/cross-frame-access.js"></script>
</head>
<body>
<iframe src="http://localhost:8000/security/resources/cross-frame-iframe-for-get-test.html" style=""></iframe>
<pre id="console"></pre>
<script>
window.targetWindow = frames[0];
window.onload = function()
{
if (window.layoutTestController)
layoutTestController.dumpAsText();
log("\n----- tests for getting/setting window.history and its properties -----\n");
// history object
log("Firefox prohibits getting 'history.length' but that seems unnecessarily strict since you're allowed to use the 'history' object.");
shouldBeTrue("canGet('targetWindow.history.length')");
shouldBeTrue("canGet('targetWindow.history.back')");
shouldBeTrue("canGet('targetWindow.history.forward')");
shouldBeTrue("canGet('targetWindow.history.go')");
// FIXME: Calling these currently cause the subsequent test to include a dump of this test's render tree.
// (see http://bugs.webkit.org/show_bug.cgi?id=16510)
// shouldBeTrue("canCall('targetWindow.history.back')");
// shouldBeTrue("canCall('targetWindow.history.forward')");
// shouldBeTrue("canCall('targetWindow.history.go', '-1')");
shouldBeTrue("canGet('targetWindow.history.toString')");
shouldBe("toString('targetWindow.history')", "'[object History]'");
// Work around DRT bug that causes subsequent tests to fail.
window.stop();
}
</script>
</body>
</html>
......@@ -3,7 +3,7 @@ function log(s)
document.getElementById("console").appendChild(document.createTextNode(s + "\n"));
}
function shouldBe(a, b)
function shouldBe(a, b, shouldNotPrintValues)
{
var evalA, evalB;
try {
......@@ -13,9 +13,19 @@ function shouldBe(a, b)
evalA = e;
}
var message = (evalA === evalB)
? "PASS: " + a + " should be '" + evalB + "' and is."
: "*** FAIL: " + a + " should be '" + evalB + "' but instead is " + evalA + ". ***";
var message;
if (evalA === evalB) {
message = "PASS";
if (!shouldNotPrintValues) {
message += ": " + a + " should be '" + evalB + "' and is.";
} else {
message += ": " + a + " matched the expected value.";
}
} else {
message = "*** FAIL: " + a + " should be '" + evalB + "' but instead is " + evalA + ". ***";
}
message = String(message).replace(/\n/g, "");
log(message);
}
......
<script>
window.customProperty = 1;
window.customWindowProperty = 1;
window.history.customHistoryProperty = 1;
window.location.customLocationProperty = 1;
window.onload = function()
{
......
<html>
<head>
<script>
window.history.back = function() { return "new back"; }
window.history.__proto__.forward = function() { return "new forward"; }
window.history.go = "new go";
window.onload = function()
{
if (window.layoutTestController)
layoutTestController.globalFlag = true;
}
</script>
</head>
<body>
</body>
</html>
<html>
<head>
<script>
window.history.existingCustomProperty = 1;
window.history.__proto__.prototypeCustomProperty = 1;
window.onload = function()
{
if (window.layoutTestController)
layoutTestController.globalFlag = true;
}
</script>
</head>
<body>
</body>
</html>
<html>
<head>
<script src="cross-frame-access.js"></script>
<script>
var backOld;
var forwardOld;
var goOld;
var toStringOld;
var lengthOld;
receiver = function(e)
{
if (e.data == "settingValuesComplete")
setCheck();
}
document.addEventListener('message', receiver, false);
window.onload = function()
{
backOld = window.history.back;
forwardOld = window.history.forward;
goOld = window.history.go;
toStringOld = window.history.toString;
lengthOld = window.history.length;
window.parent.postMessage("storedOldValuesComplete");
}
setCheck = function()
{
log("\n----- tests for putting window.history and its properties -----\n");
shouldBe("window.history.back", "backOld");
shouldBe("window.history.forward", "forwardOld");
shouldBe("window.history.go", "goOld");
shouldBe("window.history.toString", "toStringOld");
shouldBe("window.history.length", "lengthOld", true);
if (window.layoutTestController)
layoutTestController.notifyDone();
}
</script>
</head>
<body>
<pre id="console"></pre>
</body>
</html>
2008-01-30 Samuel Weinig <sam@webkit.org>
Reviewed by Darin Adler.
Fix for <rdar://problem/5708993> Mutability of the History object
- Don't allow cross-domain get access to any of the history objects properties
except the back(), forward() and go() methods.
- Don't allow cross-domain put access to any of the history objects properties.
- Don't allow cross-domain enumeration of the History or Location objects.
Tests: http/tests/security/cross-frame-access-history-get-override.html
http/tests/security/cross-frame-access-history-get.html
http/tests/security/cross-frame-access-history-put.html
* WebCore.xcodeproj/project.pbxproj:
* bindings/js/JSDOMWindowCustom.cpp: Remove unnessary KJS::'s
(WebCore::JSDOMWindow::customGetOwnPropertySlot):
(WebCore::JSDOMWindow::customPut):
(WebCore::JSDOMWindow::getPropertyNames): Moved implementation from KJS::Window now that the declaration is autogenerated
using the new CustomGetPropertyNames.
(WebCore::JSDOMWindow::postMessage):
* bindings/js/JSHistoryCustom.cpp: Added.
(WebCore::allowsAccessFromFrame):
(WebCore::JSHistory::customGetOwnPropertySlot): Only allow getting the declared functions back(), forward() and go() from cross-domain.
Deny all other gets.
(WebCore::JSHistory::customPut): Don't allow putting cross-domain.
(WebCore::JSHistory::getPropertyNames): Don't allow enumeration cross-domain.
* bindings/js/JSLocation.cpp:
(WebCore::allowsAccessFromFrame):
(WebCore::JSLocation::getPropertyNames): Don't allow enumeration cross-domain.
* bindings/js/JSLocation.h:
* bindings/js/kjs_window.cpp:
* bindings/js/kjs_window.h:
* bindings/scripts/CodeGeneratorJS.pm:
Add support for new CustomGetPropertNames extended attribute and changed the logic of CustomPutFunction
to create an overrided put() function even if no read-write properties exist.
* page/DOMWindow.idl: Added CustomGetPropertNames
* page/History.idl: Added CustomGetPropertNames
2008-01-30 Justin Garcia <justin.garcia@apple.com>
Reviewed by Darin Adler.
......@@ -3615,6 +3615,7 @@
BCE0139B0C0BEF180043860A /* JSStyleSheet.h in Headers */ = {isa = PBXBuildFile; fileRef = BCE013990C0BEF180043860A /* JSStyleSheet.h */; };
BCE3BEC20D222B1D007E06E4 /* TagNodeList.cpp in Sources */ = {isa = PBXBuildFile; fileRef = BCE3BEC00D222B1D007E06E4 /* TagNodeList.cpp */; };
BCE3BEC30D222B1D007E06E4 /* TagNodeList.h in Headers */ = {isa = PBXBuildFile; fileRef = BCE3BEC10D222B1D007E06E4 /* TagNodeList.h */; };
BCE7B1930D4E86960075A539 /* JSHistoryCustom.cpp in Sources */ = {isa = PBXBuildFile; fileRef = BCE7B1920D4E86960075A539 /* JSHistoryCustom.cpp */; };
BCEA478F097CAAC80094C9E4 /* CSSComputedStyleDeclaration.cpp in Sources */ = {isa = PBXBuildFile; fileRef = BCEA477C097CAAC80094C9E4 /* CSSComputedStyleDeclaration.cpp */; };
BCEA4790097CAAC80094C9E4 /* CSSComputedStyleDeclaration.h in Headers */ = {isa = PBXBuildFile; fileRef = BCEA477D097CAAC80094C9E4 /* CSSComputedStyleDeclaration.h */; };
BCEA4852097D93020094C9E4 /* bidi.cpp in Sources */ = {isa = PBXBuildFile; fileRef = BCEA4813097D93020094C9E4 /* bidi.cpp */; };
......@@ -7699,6 +7700,7 @@
BCE013990C0BEF180043860A /* JSStyleSheet.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = JSStyleSheet.h; sourceTree = "<group>"; };
BCE3BEC00D222B1D007E06E4 /* TagNodeList.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = TagNodeList.cpp; sourceTree = "<group>"; };
BCE3BEC10D222B1D007E06E4 /* TagNodeList.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = TagNodeList.h; sourceTree = "<group>"; };
BCE7B1920D4E86960075A539 /* JSHistoryCustom.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = JSHistoryCustom.cpp; sourceTree = "<group>"; };
BCEA477C097CAAC80094C9E4 /* CSSComputedStyleDeclaration.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = CSSComputedStyleDeclaration.cpp; sourceTree = "<group>"; };
BCEA477D097CAAC80094C9E4 /* CSSComputedStyleDeclaration.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = CSSComputedStyleDeclaration.h; sourceTree = "<group>"; };
BCEA477E097CAAC80094C9E4 /* CSSGrammar.y */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.yacc; path = CSSGrammar.y; sourceTree = "<group>"; };
......@@ -11506,6 +11508,7 @@
BCD9C25E0C17AA67005C90A2 /* JSDOMWindowCustom.cpp */,
BC2ED5540C6B9BD300920BFF /* JSElementCustom.cpp */,
BCEFAF4D0C317E6900FA81F6 /* JSEventCustom.cpp */,
BCE7B1920D4E86960075A539 /* JSHistoryCustom.cpp */,
BC4EDEF30C08F3FB007EDD49 /* JSHTMLAppletElementCustom.cpp */,
BCCBAD3A0C18BFF800CE890F /* JSHTMLCollectionCustom.cpp */,
BC51580A0C03D404008BB0EE /* JSHTMLDocumentCustom.cpp */,
......@@ -15784,6 +15787,7 @@
ABFE7E120D32FAF60066F4D2 /* MediaControlElements.cpp in Sources */,
B237C8A70D344D110013F707 /* SVGFontData.cpp in Sources */,
E4EEFFC80D34550C00469A58 /* JSAudioConstructor.cpp in Sources */,
BCE7B1930D4E86960075A539 /* JSHistoryCustom.cpp in Sources */,
);
runOnlyForDeploymentPostprocessing = 0;
};
/*
* Copyright (C) 2007 Apple, Inc.
* Copyright (C) 2007, 2008 Apple Inc. All rights reserved.
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Library General Public
......@@ -29,27 +29,29 @@
#include "kjs/object.h"
#include "kjs/value.h"
using namespace KJS;
namespace WebCore {
bool JSDOMWindow::customGetOwnPropertySlot(KJS::ExecState* exec, const KJS::Identifier& propertyName, KJS::PropertySlot& slot)
bool JSDOMWindow::customGetOwnPropertySlot(ExecState* exec, const Identifier& propertyName, PropertySlot& slot)
{
// we don't want any properties other than "closed" on a closed window
if (!impl()->frame()) {
if (propertyName == "closed") {
const KJS::HashEntry* entry = KJS::Lookup::findEntry(classInfo()->propHashTable, propertyName);
const HashEntry* entry = Lookup::findEntry(classInfo()->propHashTable, propertyName);
ASSERT(entry);
if (entry) {
slot.setStaticEntry(this, entry, KJS::staticValueGetter<JSDOMWindow>);
slot.setStaticEntry(this, entry, staticValueGetter<JSDOMWindow>);
return true;
}
}
if (propertyName == "close") {
KJS::JSValue* proto = prototype();
JSValue* proto = prototype();
if (proto->isObject()) {
const KJS::HashEntry* entry = KJS::Lookup::findEntry(static_cast<KJS::JSObject*>(proto)->classInfo()->propHashTable, propertyName);
const HashEntry* entry = Lookup::findEntry(static_cast<JSObject*>(proto)->classInfo()->propHashTable, propertyName);
ASSERT(entry);
if (entry) {
slot.setStaticEntry(this, entry, KJS::staticFunctionGetter);
slot.setStaticEntry(this, entry, staticFunctionGetter);
return true;
}
}
......@@ -69,21 +71,21 @@ bool JSDOMWindow::customGetOwnPropertySlot(KJS::ExecState* exec, const KJS::Iden
// FIXME: We need this to work around the blanket same origin (allowsAccessFrom) check in KJS::Window. Once we remove that, we
// can move this to JSDOMWindowPrototype.
KJS::JSValue* proto = prototype();
JSValue* proto = prototype();
if (proto->isObject()) {
const KJS::HashEntry* entry = KJS::Lookup::findEntry(static_cast<KJS::JSObject*>(proto)->classInfo()->propHashTable, propertyName);
const HashEntry* entry = Lookup::findEntry(static_cast<JSObject*>(proto)->classInfo()->propHashTable, propertyName);
if (entry) {
if (entry->attr & KJS::Function) {
if (entry->attr & Function) {
if (entry->value.functionValue == jsDOMWindowPrototypeFunctionFocus
|| entry->value.functionValue == jsDOMWindowPrototypeFunctionBlur
|| entry->value.functionValue == jsDOMWindowPrototypeFunctionClose
|| entry->value.functionValue == jsDOMWindowPrototypeFunctionPostMessage)
slot.setStaticEntry(this, entry, KJS::staticFunctionGetter);
slot.setStaticEntry(this, entry, staticFunctionGetter);
else {
if (!allowsAccessFrom(exec))
slot.setUndefined(this);
else
slot.setStaticEntry