Commit 7da76c9e authored by weinig@apple.com's avatar weinig@apple.com

WebCore:

        Reviewed by Darin Adler.

        Fix for <rdar://problem/5708993> Mutability of the History object

        - Don't allow cross-domain get access to any of the history objects properties
          except the back(), forward() and go() methods.
        - Don't allow cross-domain put access to any of the history objects properties.
        - Don't allow cross-domain enumeration of the History or Location objects.

        Tests: http/tests/security/cross-frame-access-history-get-override.html
               http/tests/security/cross-frame-access-history-get.html
               http/tests/security/cross-frame-access-history-put.html

        * WebCore.xcodeproj/project.pbxproj:
        * bindings/js/JSDOMWindowCustom.cpp: Remove unnessary KJS::'s
        (WebCore::JSDOMWindow::customGetOwnPropertySlot):
        (WebCore::JSDOMWindow::customPut):
        (WebCore::JSDOMWindow::getPropertyNames): Moved implementation from KJS::Window now that the declaration is autogenerated
        using the new CustomGetPropertyNames.
        (WebCore::JSDOMWindow::postMessage):

        * bindings/js/JSHistoryCustom.cpp: Added.
        (WebCore::allowsAccessFromFrame):
        (WebCore::JSHistory::customGetOwnPropertySlot): Only allow getting the declared functions back(), forward() and go() from cross-domain.
        Deny all other gets.
        (WebCore::JSHistory::customPut): Don't allow putting cross-domain.
        (WebCore::JSHistory::getPropertyNames): Don't allow enumeration cross-domain.

        * bindings/js/JSLocation.cpp:
        (WebCore::allowsAccessFromFrame):
        (WebCore::JSLocation::getPropertyNames): Don't allow enumeration cross-domain.
        * bindings/js/JSLocation.h:

        * bindings/js/kjs_window.cpp:
        * bindings/js/kjs_window.h:

        * bindings/scripts/CodeGeneratorJS.pm:
        Add support for new CustomGetPropertNames extended attribute and changed the logic of CustomPutFunction
        to create an overrided put() function even if no read-write properties exist.

        * page/DOMWindow.idl: Added CustomGetPropertNames
        * page/History.idl: Added CustomGetPropertNames

LayoutTests:

        Reviewed by Darin Adler.

        Tests for <rdar://problem/5708993> Mutability of the History object

        * http/tests/security/cross-frame-access-enumeration-expected.txt:
        * http/tests/security/cross-frame-access-enumeration.html:
        * http/tests/security/cross-frame-access-history-expected.txt: Removed.
        * http/tests/security/cross-frame-access-history-get-expected.txt: Renamed from LayoutTests/http/tests/security/cross-frame-access-history-expected.txt.
        * http/tests/security/cross-frame-access-history-get-override-expected.txt: Added.
        * http/tests/security/cross-frame-access-history-get-override.html: Added.
        * http/tests/security/cross-frame-access-history-get.html: Renamed from LayoutTests/http/tests/security/cross-frame-access-history.html.
        * http/tests/security/cross-frame-access-history-put-expected.txt: Added.
        * http/tests/security/cross-frame-access-history-put.html: Added.
        * http/tests/security/cross-frame-access-history.html: Removed.
        * http/tests/security/resources/cross-frame-access.js:
        * http/tests/security/resources/cross-frame-iframe-for-enumeration-test.html:
        * http/tests/security/resources/cross-frame-iframe-for-history-get-override-test.html: Added.
        * http/tests/security/resources/cross-frame-iframe-for-history-get-test.html: Added.
        * http/tests/security/resources/cross-frame-iframe-for-history-put-test.html: Added.



git-svn-id: http://svn.webkit.org/repository/webkit/trunk@29890 268f45cc-cd09-0410-ab3c-d52691b4dbfc
parent 25222377
2008-01-30 Samuel Weinig <sam@webkit.org>
Reviewed by Darin Adler.
Tests for <rdar://problem/5708993> Mutability of the History object
* http/tests/security/cross-frame-access-enumeration-expected.txt:
* http/tests/security/cross-frame-access-enumeration.html:
* http/tests/security/cross-frame-access-history-expected.txt: Removed.
* http/tests/security/cross-frame-access-history-get-expected.txt: Renamed from LayoutTests/http/tests/security/cross-frame-access-history-expected.txt.
* http/tests/security/cross-frame-access-history-get-override-expected.txt: Added.
* http/tests/security/cross-frame-access-history-get-override.html: Added.
* http/tests/security/cross-frame-access-history-get.html: Renamed from LayoutTests/http/tests/security/cross-frame-access-history.html.
* http/tests/security/cross-frame-access-history-put-expected.txt: Added.
* http/tests/security/cross-frame-access-history-put.html: Added.
* http/tests/security/cross-frame-access-history.html: Removed.
* http/tests/security/resources/cross-frame-access.js:
* http/tests/security/resources/cross-frame-iframe-for-enumeration-test.html:
* http/tests/security/resources/cross-frame-iframe-for-history-get-override-test.html: Added.
* http/tests/security/resources/cross-frame-iframe-for-history-get-test.html: Added.
* http/tests/security/resources/cross-frame-iframe-for-history-put-test.html: Added.
2008-01-31 Dan Bernstein <mitz@apple.com> 2008-01-31 Dan Bernstein <mitz@apple.com>
Reviewed by Dave Hyatt. Reviewed by Dave Hyatt.
......
CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe-for-enumeration-test from frame with URL http://127.0.0.1:8000/security/cross-frame-access-enumeration.html. Domains, protocols and ports must match. CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe-for-enumeration-test from frame with URL http://127.0.0.1:8000/security/cross-frame-access-enumeration.html. Domains, protocols and ports must match.
CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe-for-enumeration-test from frame with URL http://127.0.0.1:8000/security/cross-frame-access-enumeration.html. Domains, protocols and ports must match.
CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe-for-enumeration-test from frame with URL http://127.0.0.1:8000/security/cross-frame-access-enumeration.html. Domains, protocols and ports must match.
This tests that variable names can't be enumerated cross domain (see http://bugs.webkit.org/show_bug.cgi?id=16387) This tests that variable names can't be enumerated cross domain (see http://bugs.webkit.org/show_bug.cgi?id=16387)
PASS: Cross frame access by enumerating the window object was denied. PASS: Cross frame access by enumerating the window object was denied.
PASS: Cross frame access by enumerating the History object was denied.
PASS: Cross frame access by enumerating the Location object was denied.
...@@ -32,10 +32,11 @@ ...@@ -32,10 +32,11 @@
runTest = function() runTest = function()
{ {
// Test enumerating the Window object
var b_win = document.getElementsByTagName("iframe")[0].contentWindow; var b_win = document.getElementsByTagName("iframe")[0].contentWindow;
try { try {
for (var k in b_win) { for (var k in b_win) {
if (k == "customProperty") { if (k == "customWindowProperty") {
log("FAIL: Cross frame access by enumerating the window object was allowed."); log("FAIL: Cross frame access by enumerating the window object was allowed.");
return; return;
} }
...@@ -43,6 +44,32 @@ ...@@ -43,6 +44,32 @@
} catch (e) { } catch (e) {
} }
log("PASS: Cross frame access by enumerating the window object was denied."); log("PASS: Cross frame access by enumerating the window object was denied.");
// Test enumerating the History object
var b_win_history = b_win.history;
try {
for (var k in b_win_history) {
if (k == "customHistoryProperty") {
log("FAIL: Cross frame access by enumerating the History object was allowed.");
return;
}
}
} catch (e) {
}
log("PASS: Cross frame access by enumerating the History object was denied.");
// Test enumerating the Location object
var b_win_location = b_win.location;
try {
for (var k in b_win_location) {
if (k == "customLocationProperty") {
log("FAIL: Cross frame access by enumerating the Location object was allowed.");
return;
}
}
} catch (e) {
}
log("PASS: Cross frame access by enumerating the Location object was denied.");
} }
</script> </script>
</head> </head>
......
CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe-for-history-get-test.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-history-get.html. Domains, protocols and ports must match.
CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe-for-history-get-test.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-history-get.html. Domains, protocols and ports must match.
CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe-for-history-get-test.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-history-get.html. Domains, protocols and ports must match.
CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe-for-history-get-test.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-history-get.html. Domains, protocols and ports must match.
CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe-for-history-get-test.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-history-get.html. Domains, protocols and ports must match.
CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe-for-history-get-test.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-history-get.html. Domains, protocols and ports must match.
CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe-for-history-get-test.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-history-get.html. Domains, protocols and ports must match.
----- tests for getting window.history and its properties -----
PASS: canGet('targetWindow.history.length') should be 'false' and is.
PASS: canGet('targetWindow.history.back') should be 'true' and is.
PASS: canGet('targetWindow.history.forward') should be 'true' and is.
PASS: canGet('targetWindow.history.go') should be 'true' and is.
PASS: canGet('targetWindow.history.toString') should be 'true' and is.
PASS: toString('targetWindow.history') should be '[object History]' and is.
PASS: canGet('targetWindow.__proto__') should be 'false' and is.
PASS: canGet('targetWindow.constructor') should be 'false' and is.
PASS: canGet('targetWindow.history.existingCustomProperty') should be 'false' and is.
PASS: canGet('targetWindow.history.__proto__.prototypeCustomProperty') should be 'false' and is.
PASS: canCall('targetWindow.history.existingCustomFunction') should be 'false' and is.
PASS: canCall('targetWindow.history.prototypeCustomFunction') should be 'false' and is.
----- tests for getting custorm overrides of window.history's functions -----
----- tests for getting/setting window.history and its properties -----
Firefox prohibits getting 'history.length' but that seems unnecessarily strict since you're allowed to use the 'history' object.
PASS: canGet('targetWindow.history.length') should be 'true' and is.
PASS: canGet('targetWindow.history.back') should be 'true' and is. PASS: canGet('targetWindow.history.back') should be 'true' and is.
PASS: toString('targetWindow.history.back') should be 'function () { return "new back";}' and is.
PASS: canGet('targetWindow.history.forward') should be 'true' and is. PASS: canGet('targetWindow.history.forward') should be 'true' and is.
PASS: toString('targetWindow.history.forward') should be 'function () { return "new forward";}' and is.
PASS: canGet('targetWindow.history.go') should be 'true' and is. PASS: canGet('targetWindow.history.go') should be 'true' and is.
PASS: canGet('targetWindow.history.toString') should be 'true' and is. PASS: toString('targetWindow.history.go') should be 'new go' and is.
PASS: toString('targetWindow.history') should be '[object History]' and is.
<html>
<head>
<script src="resources/cross-frame-access.js"></script>
<script>
window.onload = function()
{
if (window.layoutTestController) {
layoutTestController.dumpAsText();
layoutTestController.waitUntilDone();
}
if (window.layoutTestController) {
setTimeout(pollForTest, 1);
} else {
log("To run the test, click the button below when the opened window finishes loading.");
var button = document.createElement("button");
button.appendChild(document.createTextNode("Run Test"));
button.onclick = runTest;
document.body.appendChild(button);
}
}
pollForTest = function()
{
if (!layoutTestController.globalFlag) {
setTimeout(pollForTest, 1);
return;
}
runTest();
layoutTestController.notifyDone();
}
runTest = function()
{
window.targetWindow = frames[0];
log("----- tests for getting custorm overrides of window.history's functions -----\n");
// Overriden using window.history.back = function() { return "new back" }
newBack = function() { return "new back"; }
shouldBeTrue("canGet('targetWindow.history.back')");
shouldBe("toString('targetWindow.history.back')", "toString(newBack)");
// Overriden using window.history.__proto__.forward = function() { return "new forward;" }
newForward = function() { return "new forward"; }
shouldBeTrue("canGet('targetWindow.history.forward')");
shouldBe("toString('targetWindow.history.forward')", "toString(newForward)");
// Overriden using window.history.go = "new go"
shouldBeTrue("canGet('targetWindow.history.go')");
shouldBe("toString('targetWindow.history.go')", "'new go'");
}
</script>
</head>
<body>
<iframe src="http://localhost:8000/security/resources/cross-frame-iframe-for-history-get-override-test.html"></iframe>
<pre id="console"></pre>
</body>
</html>
<html>
<head>
<script src="resources/cross-frame-access.js"></script>
<script>
window.onload = function()
{
if (window.layoutTestController) {
layoutTestController.dumpAsText();
layoutTestController.waitUntilDone();
}
if (window.layoutTestController) {
setTimeout(pollForTest, 1);
} else {
log("To run the test, click the button below when the opened window finishes loading.");
var button = document.createElement("button");
button.appendChild(document.createTextNode("Run Test"));
button.onclick = runTest;
document.body.appendChild(button);
}
}
pollForTest = function()
{
if (!layoutTestController.globalFlag) {
setTimeout(pollForTest, 1);
return;
}
runTest();
layoutTestController.notifyDone();
}
runTest = function()
{
window.targetWindow = frames[0];
log("\n----- tests for getting window.history and its properties -----\n");
// history object
shouldBeFalse("canGet('targetWindow.history.length')");
shouldBeTrue("canGet('targetWindow.history.back')");
shouldBeTrue("canGet('targetWindow.history.forward')");
shouldBeTrue("canGet('targetWindow.history.go')");
// FIXME: Calling these currently cause the subsequent test to include a dump of this test's render tree.
// (see http://bugs.webkit.org/show_bug.cgi?id=16510)
// shouldBeTrue("canCall('targetWindow.history.back')");
// shouldBeTrue("canCall('targetWindow.history.forward')");
// shouldBeTrue("canCall('targetWindow.history.go', '-1')");
shouldBeTrue("canGet('targetWindow.history.toString')");
shouldBe("toString('targetWindow.history')", "'[object History]'");
shouldBeFalse("canGet('targetWindow.__proto__')");
shouldBeFalse("canGet('targetWindow.constructor')");
// Check custom properties
shouldBeFalse("canGet('targetWindow.history.existingCustomProperty')");
shouldBeFalse("canGet('targetWindow.history.__proto__.prototypeCustomProperty')");
shouldBeFalse("canCall('targetWindow.history.existingCustomFunction')");
shouldBeFalse("canCall('targetWindow.history.prototypeCustomFunction')");
}
</script>
</head>
<body>
<iframe src="http://localhost:8000/security/resources/cross-frame-iframe-for-history-get-test.html"></iframe>
<pre id="console"></pre>
</body>
</html>
CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe-for-history-put-test.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-history-put.html. Domains, protocols and ports must match.
CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe-for-history-put-test.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-history-put.html. Domains, protocols and ports must match.
CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe-for-history-put-test.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-history-put.html. Domains, protocols and ports must match.
CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe-for-history-put-test.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-history-put.html. Domains, protocols and ports must match.
CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe-for-history-put-test.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-history-put.html. Domains, protocols and ports must match.
--------
Frame: '<!--framePath //<!--frame0-->-->'
--------
----- tests for putting window.history and its properties -----
PASS: window.history.back should be 'function back() { [native code]}' and is.
PASS: window.history.forward should be 'function forward() { [native code]}' and is.
PASS: window.history.go should be 'function go() { [native code]}' and is.
PASS: window.history.toString should be 'function toString() { [native code]}' and is.
PASS: window.history.length matched the expected value.
<html>
<head>
<script>
if (window.layoutTestController) {
layoutTestController.dumpAsText();
layoutTestController.dumpChildFramesAsText();
layoutTestController.waitUntilDone();
}
receiver = function(e)
{
if (e.data == "storedOldValuesComplete")
setTest();
}
document.addEventListener('message', receiver, false);
setTest = function()
{
window.targetWindow = frames[0];
targetWindow.history.back = "FAIL!! CUSTOM back";
targetWindow.history.forward = "FAIL!! CUSTOM forward";
targetWindow.history.go = "FAIL!! CUSTOM go";
targetWindow.history.toString = "FAIL!! CUSTOM toString";
targetWindow.history.length = "FAIL!! CUSTOM length";
targetWindow.postMessage("settingValuesComplete");
}
</script>
</head>
<body>
<iframe src="http://localhost:8000/security/resources/cross-frame-iframe-for-history-put-test.html"></iframe>
</body>
</html>
<html>
<head>
<script src="resources/cross-frame-access.js"></script>
</head>
<body>
<iframe src="http://localhost:8000/security/resources/cross-frame-iframe-for-get-test.html" style=""></iframe>
<pre id="console"></pre>
<script>
window.targetWindow = frames[0];
window.onload = function()
{
if (window.layoutTestController)
layoutTestController.dumpAsText();
log("\n----- tests for getting/setting window.history and its properties -----\n");
// history object
log("Firefox prohibits getting 'history.length' but that seems unnecessarily strict since you're allowed to use the 'history' object.");
shouldBeTrue("canGet('targetWindow.history.length')");
shouldBeTrue("canGet('targetWindow.history.back')");
shouldBeTrue("canGet('targetWindow.history.forward')");
shouldBeTrue("canGet('targetWindow.history.go')");
// FIXME: Calling these currently cause the subsequent test to include a dump of this test's render tree.
// (see http://bugs.webkit.org/show_bug.cgi?id=16510)
// shouldBeTrue("canCall('targetWindow.history.back')");
// shouldBeTrue("canCall('targetWindow.history.forward')");
// shouldBeTrue("canCall('targetWindow.history.go', '-1')");
shouldBeTrue("canGet('targetWindow.history.toString')");
shouldBe("toString('targetWindow.history')", "'[object History]'");
// Work around DRT bug that causes subsequent tests to fail.
window.stop();
}
</script>
</body>
</html>
...@@ -3,7 +3,7 @@ function log(s) ...@@ -3,7 +3,7 @@ function log(s)
document.getElementById("console").appendChild(document.createTextNode(s + "\n")); document.getElementById("console").appendChild(document.createTextNode(s + "\n"));
} }
function shouldBe(a, b) function shouldBe(a, b, shouldNotPrintValues)
{ {
var evalA, evalB; var evalA, evalB;
try { try {
...@@ -13,9 +13,19 @@ function shouldBe(a, b) ...@@ -13,9 +13,19 @@ function shouldBe(a, b)
evalA = e; evalA = e;
} }
var message = (evalA === evalB) var message;
? "PASS: " + a + " should be '" + evalB + "' and is." if (evalA === evalB) {
: "*** FAIL: " + a + " should be '" + evalB + "' but instead is " + evalA + ". ***"; message = "PASS";
if (!shouldNotPrintValues) {
message += ": " + a + " should be '" + evalB + "' and is.";
} else {
message += ": " + a + " matched the expected value.";
}
} else {
message = "*** FAIL: " + a + " should be '" + evalB + "' but instead is " + evalA + ". ***";
}
message = String(message).replace(/\n/g, "");
log(message); log(message);
} }
......
<script> <script>
window.customProperty = 1; window.customWindowProperty = 1;
window.history.customHistoryProperty = 1;
window.location.customLocationProperty = 1;
window.onload = function() window.onload = function()
{ {
......
<html>
<head>
<script>
window.history.back = function() { return "new back"; }
window.history.__proto__.forward = function() { return "new forward"; }
window.history.go = "new go";
window.onload = function()
{
if (window.layoutTestController)
layoutTestController.globalFlag = true;
}
</script>
</head>
<body>
</body>
</html>
<html>
<head>
<script>
window.history.existingCustomProperty = 1;
window.history.__proto__.prototypeCustomProperty = 1;
window.onload = function()
{
if (window.layoutTestController)
layoutTestController.globalFlag = true;
}
</script>
</head>
<body>
</body>
</html>
<html>
<head>
<script src="cross-frame-access.js"></script>
<script>
var backOld;
var forwardOld;
var goOld;
var toStringOld;
var lengthOld;
receiver = function(e)
{
if (e.data == "settingValuesComplete")
setCheck();
}
document.addEventListener('message', receiver, false);
window.onload = function()
{
backOld = window.history.back;
forwardOld = window.history.forward;
goOld = window.history.go;
toStringOld = window.history.toString;
lengthOld = window.history.length;
window.parent.postMessage("storedOldValuesComplete");
}
setCheck = function()
{
log("\n----- tests for putting window.history and its properties -----\n");
shouldBe("window.history.back", "backOld");
shouldBe("window.history.forward", "forwardOld");
shouldBe("window.history.go", "goOld");
shouldBe("window.history.toString", "toStringOld");
shouldBe("window.history.length", "lengthOld", true);
if (window.layoutTestController)
layoutTestController.notifyDone();
}
</script>
</head>
<body>
<pre id="console"></pre>
</body>
</html>
2008-01-30 Samuel Weinig <sam@webkit.org>
Reviewed by Darin Adler.
Fix for <rdar://problem/5708993> Mutability of the History object
- Don't allow cross-domain get access to any of the history objects properties
except the back(), forward() and go() methods.
- Don't allow cross-domain put access to any of the history objects properties.
- Don't allow cross-domain enumeration of the History or Location objects.
Tests: http/tests/security/cross-frame-access-history-get-override.html
http/tests/security/cross-frame-access-history-get.html
http/tests/security/cross-frame-access-history-put.html
* WebCore.xcodeproj/project.pbxproj:
* bindings/js/JSDOMWindowCustom.cpp: Remove unnessary KJS::'s
(WebCore::JSDOMWindow::customGetOwnPropertySlot):
(WebCore::JSDOMWindow::customPut):
(WebCore::JSDOMWindow::getPropertyNames): Moved implementation from KJS::Window now that the declaration is autogenerated
using the new CustomGetPropertyNames.
(WebCore::JSDOMWindow::postMessage):
* bindings/js/JSHistoryCustom.cpp: Added.
(WebCore::allowsAccessFromFrame):
(WebCore::JSHistory::customGetOwnPropertySlot): Only allow getting the declared functions back(), forward() and go() from cross-domain.
Deny all other gets.
(WebCore::JSHistory::customPut): Don't allow putting cross-domain.
(WebCore::JSHistory::getPropertyNames): Don't allow enumeration cross-domain.
* bindings/js/JSLocation.cpp:
(WebCore::allowsAccessFromFrame):
(WebCore::JSLocation::getPropertyNames): Don't allow enumeration cross-domain.
* bindings/js/JSLocation.h:
* bindings/js/kjs_window.cpp:
* bindings/js/kjs_window.h:
* bindings/scripts/CodeGeneratorJS.pm:
Add support for new CustomGetPropertNames extended attribute and changed the logic of CustomPutFunction
to create an overrided put() function even if no read-write properties exist.
* page/DOMWindow.idl: Added CustomGetPropertNames
* page/History.idl: Added CustomGetPropertNames
2008-01-30 Justin Garcia <justin.garcia@apple.com> 2008-01-30 Justin Garcia <justin.garcia@apple.com>
Reviewed by Darin Adler. Reviewed by Darin Adler.
...@@ -3615,6 +3615,7 @@ ...@@ -3615,6 +3615,7 @@
BCE0139B0C0BEF180043860A /* JSStyleSheet.h in Headers */ = {isa = PBXBuildFile; fileRef = BCE013990C0BEF180043860A /* JSStyleSheet.h */; }; BCE0139B0C0BEF180043860A /* JSStyleSheet.h in Headers */ = {isa = PBXBuildFile; fileRef = BCE013990C0BEF180043860A /* JSStyleSheet.h */; };
BCE3BEC20D222B1D007E06E4 /* TagNodeList.cpp in Sources */ = {isa = PBXBuildFile; fileRef = BCE3BEC00D222B1D007E06E4 /* TagNodeList.cpp */; }; BCE3BEC20D222B1D007E06E4 /* TagNodeList.cpp in Sources */ = {isa = PBXBuildFile; fileRef = BCE3BEC00D222B1D007E06E4 /* TagNodeList.cpp */; };
BCE3BEC30D222B1D007E06E4 /* TagNodeList.h in Headers */ = {isa = PBXBuildFile; fileRef = BCE3BEC10D222B1D007E06E4 /* TagNodeList.h */; }; BCE3BEC30D222B1D007E06E4 /* TagNodeList.h in Headers */ = {isa = PBXBuildFile; fileRef = BCE3BEC10D222B1D007E06E4 /* TagNodeList.h */; };
BCE7B1930D4E86960075A539 /* JSHistoryCustom.cpp in Sources */ = {isa = PBXBuildFile; fileRef = BCE7B1920D4E86960075A539 /* JSHistoryCustom.cpp */; };
BCEA478F097CAAC80094C9E4 /* CSSComputedStyleDeclaration.cpp in Sources */ = {isa = PBXBuildFile; fileRef = BCEA477C097CAAC80094C9E4 /* CSSComputedStyleDeclaration.cpp */; }; BCEA478F097CAAC80094C9E4 /* CSSComputedStyleDeclaration.cpp in Sources */ = {isa = PBXBuildFile; fileRef = BCEA477C097CAAC80094C9E4 /* CSSComputedStyleDeclaration.cpp */; };
BCEA4790097CAAC80094C9E4 /* CSSComputedStyleDeclaration.h in Headers */ = {isa = PBXBuildFile; fileRef = BCEA477D097CAAC80094C9E4 /* CSSComputedStyleDeclaration.h */; }; BCEA4790097CAAC80094C9E4 /* CSSComputedStyleDeclaration.h in Headers */ = {isa = PBXBuildFile; fileRef = BCEA477D097CAAC80094C9E4 /* CSSComputedStyleDeclaration.h */; };
BCEA4852097D93020094C9E4 /* bidi.cpp in Sources */ = {isa = PBXBuildFile; fileRef = BCEA4813097D93020094C9E4 /* bidi.cpp */; }; BCEA4852097D93020094C9E4 /* bidi.cpp in Sources */ = {isa = PBXBuildFile; fileRef = BCEA4813097D93020094C9E4 /* bidi.cpp */; };
...@@ -7699,6 +7700,7 @@ ...@@ -7699,6 +7700,7 @@
BCE013990C0BEF180043860A /* JSStyleSheet.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = JSStyleSheet.h; sourceTree = "<group>"; }; BCE013990C0BEF180043860A /* JSStyleSheet.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = JSStyleSheet.h; sourceTree = "<group>"; };
BCE3BEC00D222B1D007E06E4 /* TagNodeList.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = TagNodeList.cpp; sourceTree = "<group>"; }; BCE3BEC00D222B1D007E06E4 /* TagNodeList.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = TagNodeList.cpp; sourceTree = "<group>"; };
BCE3BEC10D222B1D007E06E4 /* TagNodeList.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = TagNodeList.h; sourceTree = "<group>"; }; BCE3BEC10D222B1D007E06E4 /* TagNodeList.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = TagNodeList.h; sourceTree = "<group>"; };
BCE7B1920D4E86960075A539 /* JSHistoryCustom.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = JSHistoryCustom.cpp; sourceTree = "<group>"; };
BCEA477C097CAAC80094C9E4 /* CSSComputedStyleDeclaration.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = CSSComputedStyleDeclaration.cpp; sourceTree = "<group>"; }; BCEA477C097CAAC80094C9E4 /* CSSComputedStyleDeclaration.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = CSSComputedStyleDeclaration.cpp; sourceTree = "<group>"; };
BCEA477D097CAAC80094C9E4 /* CSSComputedStyleDeclaration.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = CSSComputedStyleDeclaration.h; sourceTree = "<group>"; };