[SCM] WebKit Debian packaging branch, debian/unstable, updated. debian/1.1.15-1-40151-g37bb677

cblu cblu at 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Sat Sep 26 07:53:24 UTC 2009 

The following commit has been merged in the debian/unstable branch:
commit 169ed18663ad3f670527aaae6200efa48920a3b2
Author: cblu <cblu at 268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date:   Fri Aug 22 01:31:20 2003 +0000

    	Fixed: <rdar://problem/3386673>: a particular fidelity.com "Log in" link does nothing because of cross-domain JavaScript rules
    
            Reviewed by mjs.
    
            * config.h:
            * khtml/ecma/kjs_window.cpp:
            (Window::get): allow other frames to get the location object
            (Window::isSafeScript): added JS logging
            (Location::get): don't allow other frames to access location attributes
            (LocationFunc::tryCall): don't allow other frames to call functions on the location object
    
    
    git-svn-id: http://svn.webkit.org/repository/webkit/trunk@4875 268f45cc-cd09-0410-ab3c-d52691b4dbfc

diff --git a/WebCore/ChangeLog-2003-10-25 b/WebCore/ChangeLog-2003-10-25
index c1592ee..fe0db78 100644
--- a/WebCore/ChangeLog-2003-10-25
+++ b/WebCore/ChangeLog-2003-10-25
@@ -1,3 +1,16 @@
+2003-08-21  Chris Blumenberg  <cblu at apple.com>
+
+	Fixed: <rdar://problem/3386673>: a particular fidelity.com "Log in" link does nothing because of cross-domain JavaScript rules
+
+        Reviewed by mjs.
+
+        * config.h:
+        * khtml/ecma/kjs_window.cpp:
+        (Window::get): allow other frames to get the location object
+        (Window::isSafeScript): added JS logging
+        (Location::get): don't allow other frames to access location attributes
+        (LocationFunc::tryCall): don't allow other frames to call functions on the location object
+
 2003-08-21  Richard Williamson   <rjw at apple.com>
 	
 	Fixed 3378810.  Avoid resizing frame from drawRect: when printing.  This will corrupt the graphics context.
diff --git a/WebCore/ChangeLog-2005-08-23 b/WebCore/ChangeLog-2005-08-23
index c1592ee..fe0db78 100644
--- a/WebCore/ChangeLog-2005-08-23
+++ b/WebCore/ChangeLog-2005-08-23
@@ -1,3 +1,16 @@
+2003-08-21  Chris Blumenberg  <cblu at apple.com>
+
+	Fixed: <rdar://problem/3386673>: a particular fidelity.com "Log in" link does nothing because of cross-domain JavaScript rules
+
+        Reviewed by mjs.
+
+        * config.h:
+        * khtml/ecma/kjs_window.cpp:
+        (Window::get): allow other frames to get the location object
+        (Window::isSafeScript): added JS logging
+        (Location::get): don't allow other frames to access location attributes
+        (LocationFunc::tryCall): don't allow other frames to call functions on the location object
+
 2003-08-21  Richard Williamson   <rjw at apple.com>
 	
 	Fixed 3378810.  Avoid resizing frame from drawRect: when printing.  This will corrupt the graphics context.
diff --git a/WebCore/khtml/ecma/kjs_window.cpp b/WebCore/khtml/ecma/kjs_window.cpp
index 39c94b0..3efc1a4 100644
--- a/WebCore/khtml/ecma/kjs_window.cpp
+++ b/WebCore/khtml/ecma/kjs_window.cpp
@@ -451,10 +451,7 @@ Value Window::get(ExecState *exec, const Identifier &p) const
     case Length:
       return Number(m_part->frames().count());
     case _Location:
-      if (isSafeScript(exec))
-        return Value(location());
-      else
-        return Undefined();
+      return Value(location());
     case Name:
       return String(m_part->name());
     case _Navigator:
@@ -977,7 +974,13 @@ bool Window::isSafeScript(ExecState *exec) const
   //kdDebug(6070) << "current domain:" << actDomain.string() << ", frame domain:" << thisDomain.string() << endl;
   if ( actDomain == thisDomain )
     return true;
-
+#if APPLE_CHANGES
+  if (Interpreter::shouldPrintExceptions()) {
+      printf("Unsafe JavaScript attempt to access frame with URL %s from frame with URL %s. Domains must match.\n", 
+             thisDocument->URL().latin1(), actDocument->URL().latin1());
+  }
+#endif
+  
   kdWarning(6070) << "Javascript: access denied for current frame '" << actDomain.string() << "' to frame '" << thisDomain.string() << "'" << endl;
   return false;
 }
@@ -1801,6 +1804,10 @@ Value Location::get(ExecState *exec, const Identifier &p) const
 
   if (m_part.isNull())
     return Undefined();
+  
+  const Window* window = Window::retrieveWindow(m_part);
+  if (!window || !window->isSafeScript(exec))
+      return Undefined();
 
   KURL url = m_part->url();
   const HashEntry *entry = Lookup::findEntry(&LocationTable, p);
@@ -1935,6 +1942,11 @@ Value LocationFunc::tryCall(ExecState *exec, Object &thisObj, const List &args)
   Location *location = static_cast<Location *>(thisObj.imp());
   KHTMLPart *part = location->part();
   if (part) {
+      
+    Window* window = Window::retrieveWindow(part);
+    if (!window->isSafeScript(exec) && id != Location::Replace)
+        return Undefined();
+      
     switch (id) {
     case Location::Replace:
     {

-- 
WebKit Debian packaging

More information about the Pkg-webkit-commits mailing list