1. 01 Mar, 2008 1 commit
    • weinig@apple.com's avatar
      WebCore: · 4ba897c4
      weinig@apple.com authored
              Reviewed by Darin Adler.
      
              Search the entire prototype chain when doing early prototype lookup in
              the Window's getOwnPropertySlot method.
      
              Makes fast/dom/Window/window-function-name-getter-precedence.html pass all tests.
      
              * bindings/js/kjs_window.cpp:
              (KJS::Window::getOwnPropertySlot):
      
      LayoutTests:
      
              Reviewed by Darin Adler.
      
              Update test result.
      
              * fast/dom/Window/window-function-name-getter-precedence-expected.txt:
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@30696 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      4ba897c4
  2. 11 Feb, 2008 1 commit
    • weinig@apple.com's avatar
      WebCore: · ddef914d
      weinig@apple.com authored
              Reviewed by Darin Adler.
      
              Make the cross-domain security model more closely match Firefox by always returning the
              native built-in functions when accessing functions cross-domain.
      
              Fixes for:
              <rdar://problem/5735497> Match Firefox's cross-domain model more accurately by return the built-in version of functions even if they have been overridden
              <rdar://problem/5735443> Crash when setting the Window objects prototype to a custom Object and then calling a method on it
      
              Tests: fast/dom/Window/window-custom-prototype-crash.html
                     fast/dom/Window/window-function-frame-getter-precedence.html
                     http/tests/security/cross-frame-access-get-override.html
                     http/tests/security/cross-frame-access-location-get-override.html
                     http/tests/security/cross-frame-access-location-get.html
                     http/tests/security/cross-frame-access-location-put.html
      
              * bindings/js/JSDOMWindowCustom.cpp:
              (WebCore::JSDOMWindow::customGetOwnPropertySlot):
              - Return the native-built in version of an cross-domain allowed function (eg. window.focus) whether or
                not it has been overridden, instead of undefined.
              - When doing findEntry lookup, use the the tables directly (JSDOMWindowPrototype::info.propHashTable) 
                instead of calling the virtual classInfo() method to avoid the unnecessary overhead.
              - Allow access to the native toString function cross-domain.  It always returns "[object Window]".
              - Use the new nonCachingStaticFunctionGetter when return allowed functions cross-frame so that
                the function an overridden function is not inadvertantly returned from the PropertyMap.\
      
              * bindings/js/JSHistoryCustom.cpp:
              (WebCore::JSHistory::customGetOwnPropertySlot):
              - Implement the same model as described above for the History object, always returning the
                native built-in function cross-domain.
              - Allow access to the native toString function cross-domain.
              - Clean up the code to make it clear that the custom functionality is only there for cross-domain
                access.
      
              * bindings/js/JSLocation.cpp:
              (WebCore::JSLocation::getOwnPropertySlot):
              - Match the generated classes by moving all the custom logic into a separate customGetOwnPropertySlot
                function.  This will help moving to a generated class in the future.
              (WebCore::JSLocation::customGetOwnPropertySlot):
              - Implement the same model as described above for the Location object, always returning the
                native built-in function cross-domain.
              - Clean up the code to make it clear that the custom functionality is only there for cross-domain
                access.
              (WebCore::JSLocation::put):
              (WebCore::JSLocation::deleteProperty):
              (WebCore::JSLocation::getPropertyNames):
              * bindings/js/JSLocation.h:
              - Clean up to match the rest of the file a little better.
      
              * bindings/js/kjs_binding.cpp:
              (WebCore::allowsAccessFromFrame):
              (WebCore::printErrorMessageForFrame):
              (WebCore::nonCachingStaticFunctionGetter):
              (WebCore::objectToStringFunctionGetter):
              * bindings/js/kjs_binding.h:
              - Put common functionality related to cross-domain access here to serve as a central shared point.
                This includes moving and augmenting the allowsAccessFromFrame method that was in both JSHistoryCustom.cpp
                and JSLocation.cpp.
      
              * bindings/js/kjs_dom.cpp:
              (WebCore::checkNodeSecurity):
              - Use the new allowsAccessFromFrame method.
      
              * bindings/js/kjs_window.cpp:
              (KJS::Window::childFrameGetter): Cleanup.
              (KJS::Window::namedItemGetter): Cleanup.
              (KJS::Window::getOwnPropertySlot):
              - Do the prototype lookup early to match Firefox in having function lookup have a higher precedence
                than the index or shortcut name getters.
              - Cleanup function to make it more understandable and slightly more efficient.
              (KJS::Window::allowsAccessFrom):
              - Add a new variant of this method that takes a reference to a String, which, on failure, will
                contain the error message to print out.  The caller can then pass this to printErrorMessage.
                This allows for code to check allowsAccessFrom and act on the result without printing out the
                error message. For convenience, a version with out the String parameter has been left which 
                prints out the message automatically.
              (KJS::Window::printErrorMessage):
              * bindings/js/kjs_window.h:
      
      LayoutTests:
      
              Reviewed by Darin Adler.
      
              Tests for:
              <rdar://problem/5735497> Match Firefox's cross-domain model more accurately by return the built-in version of functions even if they have been overridden
              <rdar://problem/5735443> Crash when setting the Window objects prototype to a custom Object and then calling a method on it
      
              * fast/dom/Window/resources/WindowProperties.js: Added.
              * fast/dom/Window/window-custom-prototype-crash-expected.txt: Added.
              * fast/dom/Window/window-custom-prototype-crash.html: Added.
              * fast/dom/Window/window-function-frame-getter-precedence-expected.txt: Added.
              * fast/dom/Window/window-function-frame-getter-precedence.html: Added.
              * fast/dom/Window/window-function-name-getter-precedence-expected.txt:
              * fast/dom/Window/window-function-name-getter-precedence.html:
              * http/tests/security/cross-frame-access-custom-expected.txt:
              * http/tests/security/cross-frame-access-custom.html:
              * http/tests/security/cross-frame-access-get-override-expected.txt: Added.
              * http/tests/security/cross-frame-access-get-override.html: Added.
              * http/tests/security/cross-frame-access-history-get-override-expected.txt:
              * http/tests/security/cross-frame-access-history-get-override.html:
              * http/tests/security/cross-frame-access-history-put-expected.txt:
              * http/tests/security/cross-frame-access-history-put.html:
              * http/tests/security/cross-frame-access-location-expected.txt: Removed.
              * http/tests/security/cross-frame-access-location-get-expected.txt: Added.
              * http/tests/security/cross-frame-access-location-get-override-expected.txt: Added.
              * http/tests/security/cross-frame-access-location-get-override.html: Added.
              * http/tests/security/cross-frame-access-location-get.html: Copied from http/tests/security/cross-frame-access-location.html.
              * http/tests/security/cross-frame-access-location-put-expected.txt: Added.
              * http/tests/security/cross-frame-access-location-put.html: Added.
              * http/tests/security/cross-frame-access-location.html: Removed.
              * http/tests/security/resources/cross-frame-iframe-for-get-override-test.html: Added.
              * http/tests/security/resources/cross-frame-iframe-for-get-test.html:
              * http/tests/security/resources/cross-frame-iframe-for-history-put-test.html:
              * http/tests/security/resources/cross-frame-iframe-for-location-get-override-test.html: Added.
              * http/tests/security/resources/cross-frame-iframe-for-location-get-test.html: Added.
              * http/tests/security/resources/cross-frame-iframe-for-location-put-test.html: Added.
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@30157 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      ddef914d
  3. 22 Jul, 2007 1 commit
    • weinig's avatar
      LayoutTests: · f7691618
      weinig authored
              Reviewed by Darin.
      
              Test for  http://bugs.webkit.org/show_bug.cgi?id=14682
              REGRESSION(24285-24399): alerts do not appear at W3C RTL test page
      
              * fast/dom/Window/window-function-name-getter-precedence-expected.txt: Added.
              * fast/dom/Window/window-function-name-getter-precedence.html: Added.
      
      WebCore:
      
              Reviewed by Darin.
      
              Fix for http://bugs.webkit.org/show_bug.cgi?id=14682
              REGRESSION(24285-24399): alerts do not appear at W3C RTL test page
      
              Test: fast/dom/Window/window-function-name-getter-precedence.html
      
              * bindings/js/JSDOMWindowCustom.cpp:
              (WebCore::JSDOMWindow::customGetOwnPropertySlot): Make sure to return functions
              before the custom name getter.
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@24528 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      f7691618