[SCM] WebKit Debian packaging branch, debian/experimental, updated. upstream/1.3.3-10851-g50815da
darin at apple.com
darin at apple.com
Wed Dec 22 18:19:38 UTC 2010
The following commit has been merged in the debian/experimental branch:
commit 05ce6e8baafd73480e62ec11ebcc819314e6e7d2
Author: darin at apple.com <darin at apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date: Thu Dec 9 22:24:40 2010 +0000
2010-12-08 Darin Adler <darin at apple.com>
Reviewed by Geoffrey Garen.
Move DOMWindow::setLocation logic into DOMWindow class and out of JavaScript binding
https://bugs.webkit.org/show_bug.cgi?id=50640
* bindings/js/JSDOMBinding.cpp:
(WebCore::printErrorMessageForFrame): Removed body; just call through to
DOMWindow::printErrorMessage.
* bindings/js/JSDOMWindowBase.cpp:
(WebCore::JSDOMWindowBase::crossDomainAccessErrorMessage): Removed body;
just call through to DOMWindow::crossDomainAccessErrorMessage.
* bindings/js/JSDOMWindowCustom.cpp:
(WebCore::JSDOMWindow::setLocation): Changed terminology to use activeFrame and
firstFrame, rather than the older lexicalFrame and dynamicFrame. Removed most
of the body and moved it into DOMWindow::setLocation.
* page/DOMWindow.cpp:
(WebCore::DOMWindow::setLocation): Added. Does all the same work that
JSDOMWindow::setLocation used to do, but in a way that's not specific
to JavaScript.
(WebCore::DOMWindow::printErrorMessage): Added.
(WebCore::DOMWindow::crossDomainAccessErrorMessage): Added.
* page/DOMWindow.h: Added setLocation, printErrorMessage, and
crossDomainAccessErrorMessage.
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@73647 268f45cc-cd09-0410-ab3c-d52691b4dbfc
diff --git a/WebCore/ChangeLog b/WebCore/ChangeLog
index de64ec3..9783247 100644
--- a/WebCore/ChangeLog
+++ b/WebCore/ChangeLog
@@ -1,3 +1,33 @@
+2010-12-08 Darin Adler <darin at apple.com>
+
+ Reviewed by Geoffrey Garen.
+
+ Move DOMWindow::setLocation logic into DOMWindow class and out of JavaScript binding
+ https://bugs.webkit.org/show_bug.cgi?id=50640
+
+ * bindings/js/JSDOMBinding.cpp:
+ (WebCore::printErrorMessageForFrame): Removed body; just call through to
+ DOMWindow::printErrorMessage.
+
+ * bindings/js/JSDOMWindowBase.cpp:
+ (WebCore::JSDOMWindowBase::crossDomainAccessErrorMessage): Removed body;
+ just call through to DOMWindow::crossDomainAccessErrorMessage.
+
+ * bindings/js/JSDOMWindowCustom.cpp:
+ (WebCore::JSDOMWindow::setLocation): Changed terminology to use activeFrame and
+ firstFrame, rather than the older lexicalFrame and dynamicFrame. Removed most
+ of the body and moved it into DOMWindow::setLocation.
+
+ * page/DOMWindow.cpp:
+ (WebCore::DOMWindow::setLocation): Added. Does all the same work that
+ JSDOMWindow::setLocation used to do, but in a way that's not specific
+ to JavaScript.
+ (WebCore::DOMWindow::printErrorMessage): Added.
+ (WebCore::DOMWindow::crossDomainAccessErrorMessage): Added.
+
+ * page/DOMWindow.h: Added setLocation, printErrorMessage, and
+ crossDomainAccessErrorMessage.
+
2010-12-09 Sam Weinig <sam at webkit.org>
Reviewed by Dan Bernstein.
diff --git a/WebCore/bindings/js/JSDOMBinding.cpp b/WebCore/bindings/js/JSDOMBinding.cpp
index cf0a16a..267d18a 100644
--- a/WebCore/bindings/js/JSDOMBinding.cpp
+++ b/WebCore/bindings/js/JSDOMBinding.cpp
@@ -707,16 +707,7 @@ void printErrorMessageForFrame(Frame* frame, const String& message)
{
if (!frame)
return;
- if (message.isEmpty())
- return;
-
- Settings* settings = frame->settings();
- if (!settings)
- return;
- if (settings->privateBrowsingEnabled())
- return;
-
- frame->domWindow()->console()->addMessage(JSMessageSource, LogMessageType, ErrorMessageLevel, message, 1, String()); // FIXME: provide a real line number and source URL.
+ frame->domWindow()->printErrorMessage(message);
}
Frame* toLexicalFrame(ExecState* exec)
diff --git a/WebCore/bindings/js/JSDOMWindowBase.cpp b/WebCore/bindings/js/JSDOMWindowBase.cpp
index ad4e2f7..0bd9c0b 100644
--- a/WebCore/bindings/js/JSDOMWindowBase.cpp
+++ b/WebCore/bindings/js/JSDOMWindowBase.cpp
@@ -77,14 +77,7 @@ ScriptExecutionContext* JSDOMWindowBase::scriptExecutionContext() const
String JSDOMWindowBase::crossDomainAccessErrorMessage(const JSGlobalObject* other) const
{
- KURL originURL = asJSDOMWindow(other)->impl()->url();
- KURL targetURL = d()->shell->window()->impl()->url();
- if (originURL.isNull() || targetURL.isNull())
- return String();
-
- // FIXME: this error message should contain more specifics of why the same origin check has failed.
- return makeString("Unsafe JavaScript attempt to access frame with URL ", targetURL.string(),
- " from frame with URL ", originURL.string(), ". Domains, protocols and ports must match.\n");
+ return impl()->crossDomainAccessErrorMessage(asJSDOMWindow(other)->impl()->frame());
}
void JSDOMWindowBase::printErrorMessage(const String& message) const
diff --git a/WebCore/bindings/js/JSDOMWindowCustom.cpp b/WebCore/bindings/js/JSDOMWindowCustom.cpp
index 85a1af3..1476b04 100644
--- a/WebCore/bindings/js/JSDOMWindowCustom.cpp
+++ b/WebCore/bindings/js/JSDOMWindowCustom.cpp
@@ -34,11 +34,6 @@
#include "HTMLDocument.h"
#include "History.h"
#include "JSAudioConstructor.h"
-
-#if ENABLE(WEB_AUDIO)
-#include "JSAudioContext.h"
-#endif
-
#include "JSDOMWindowShell.h"
#include "JSEvent.h"
#include "JSEventListener.h"
@@ -51,27 +46,8 @@
#include "JSMessagePort.h"
#include "JSMessagePortCustom.h"
#include "JSOptionConstructor.h"
-
-#if ENABLE(SHARED_WORKERS)
-#include "JSSharedWorker.h"
-#endif
-
-#if ENABLE(3D_CANVAS) || ENABLE(BLOB)
-#include "JSArrayBuffer.h"
-#include "JSDataView.h"
-#include "JSInt8Array.h"
-#include "JSUint8Array.h"
-#include "JSInt32Array.h"
-#include "JSUint32Array.h"
-#include "JSInt16Array.h"
-#include "JSUint16Array.h"
-#include "JSFloat32Array.h"
-#endif
#include "JSWebKitCSSMatrix.h"
#include "JSWebKitPoint.h"
-#if ENABLE(WEB_SOCKETS)
-#include "JSWebSocket.h"
-#endif
#include "JSWorker.h"
#include "JSXMLHttpRequest.h"
#include "JSXSLTProcessor.h"
@@ -94,6 +70,30 @@
#include <runtime/PrototypeFunction.h>
#include <wtf/text/AtomicString.h>
+#if ENABLE(3D_CANVAS) || ENABLE(BLOB)
+#include "JSArrayBuffer.h"
+#include "JSDataView.h"
+#include "JSFloat32Array.h"
+#include "JSInt16Array.h"
+#include "JSInt32Array.h"
+#include "JSInt8Array.h"
+#include "JSUint16Array.h"
+#include "JSUint32Array.h"
+#include "JSUint8Array.h"
+#endif
+
+#if ENABLE(SHARED_WORKERS)
+#include "JSSharedWorker.h"
+#endif
+
+#if ENABLE(WEB_AUDIO)
+#include "JSAudioContext.h"
+#endif
+
+#if ENABLE(WEB_SOCKETS)
+#include "JSWebSocket.h"
+#endif
+
using namespace JSC;
namespace WebCore {
@@ -490,15 +490,18 @@ JSValue JSDOMWindow::location(ExecState* exec) const
void JSDOMWindow::setLocation(ExecState* exec, JSValue value)
{
- Frame* lexicalFrame = toLexicalFrame(exec);
- if (!lexicalFrame)
+ Frame* activeFrame = toLexicalFrame(exec);
+ if (!activeFrame)
+ return;
+ Frame* firstFrame = toDynamicFrame(exec);
+ if (!firstFrame)
return;
#if ENABLE(DASHBOARD_SUPPORT)
// To avoid breaking old widgets, make "var location =" in a top-level frame create
// a property named "location" instead of performing a navigation (<rdar://problem/5688039>).
- if (Settings* settings = lexicalFrame->settings()) {
- if (settings->usesDashboardBackwardCompatibilityMode() && !lexicalFrame->tree()->parent()) {
+ if (Settings* settings = activeFrame->settings()) {
+ if (settings->usesDashboardBackwardCompatibilityMode() && !activeFrame->tree()->parent()) {
if (allowsAccessFrom(exec))
putDirect(Identifier(exec, "location"), value);
return;
@@ -506,21 +509,11 @@ void JSDOMWindow::setLocation(ExecState* exec, JSValue value)
}
#endif
- Frame* frame = impl()->frame();
- ASSERT(frame);
-
- KURL url = completeURL(exec, ustringToString(value.toString(exec)));
- if (url.isNull())
- return;
-
- if (!shouldAllowNavigation(exec, frame))
+ UString locationString = value.toString(exec);
+ if (exec->hadException())
return;
- if (!protocolIsJavaScript(url) || allowsAccessFrom(exec)) {
- // We want a new history item if this JS was called via a user gesture.
- frame->navigationScheduler()->scheduleLocationChange(lexicalFrame->document()->securityOrigin(),
- url, lexicalFrame->loader()->outgoingReferrer(), !lexicalFrame->script()->anyPageIsProcessingUserGesture(), false);
- }
+ impl()->setLocation(ustringToString(locationString), activeFrame, firstFrame);
}
JSValue JSDOMWindow::crypto(ExecState*) const
diff --git a/WebCore/page/DOMWindow.cpp b/WebCore/page/DOMWindow.cpp
index ebb3db5..61ba226 100644
--- a/WebCore/page/DOMWindow.cpp
+++ b/WebCore/page/DOMWindow.cpp
@@ -1618,4 +1618,62 @@ void DOMWindow::revokeObjectURL(const String& blobURLString)
}
#endif
+void DOMWindow::setLocation(const String& location, Frame* activeFrame, Frame* firstFrame)
+{
+ if (!activeFrame)
+ return;
+ if (!firstFrame)
+ return;
+
+ KURL locationURL = firstFrame->loader()->completeURL(location);
+ if (locationURL.isNull())
+ return;
+
+ if (!activeFrame->loader()->shouldAllowNavigation(m_frame))
+ return;
+
+ if (protocolIsJavaScript(locationURL)) {
+ // FIXME: Is there some way to eliminate the need for a separate "activeFrame != m_frame" check?
+ // FIXME: The name canAccess seems to be a roundabout way to ask "can execute script".
+ // Can we name the SecurityOrigin function better to make this more clear?
+ if (activeFrame != m_frame && !activeFrame->domWindow()->securityOrigin()->canAccess(securityOrigin())) {
+ printErrorMessage(crossDomainAccessErrorMessage(activeFrame));
+ return;
+ }
+ }
+
+ // We want a new history item if we are processing a user gesture.
+ m_frame->navigationScheduler()->scheduleLocationChange(activeFrame->document()->securityOrigin(),
+ locationURL, activeFrame->loader()->outgoingReferrer(),
+ !activeFrame->script()->anyPageIsProcessingUserGesture(), false);
+}
+
+void DOMWindow::printErrorMessage(const String& message)
+{
+ if (message.isEmpty())
+ return;
+
+ Settings* settings = m_frame->settings();
+ if (!settings)
+ return;
+ if (settings->privateBrowsingEnabled())
+ return;
+
+ // FIXME: Add arguments so that we can provide a correct source URL and line number.
+ console()->addMessage(JSMessageSource, LogMessageType, ErrorMessageLevel, message, 1, String());
+}
+
+String DOMWindow::crossDomainAccessErrorMessage(Frame* activeFrame)
+{
+ const KURL& activeFrameURL = activeFrame->domWindow()->url();
+ if (activeFrameURL.isNull())
+ return String();
+
+ // FIXME: This error message should contain more specifics of why the same origin check has failed.
+ // Perhaps we should involve the security origin object in composing it.
+ // FIXME: This message, and other console messages, have extra newlines. Should remove them.
+ return makeString("Unsafe JavaScript attempt to access frame with URL ", m_url.string(),
+ " from frame with URL ", activeFrameURL.string(), ". Domains, protocols and ports must match.\n");
+}
+
} // namespace WebCore
diff --git a/WebCore/page/DOMWindow.h b/WebCore/page/DOMWindow.h
index 68b21ff..332109c 100644
--- a/WebCore/page/DOMWindow.h
+++ b/WebCore/page/DOMWindow.h
@@ -141,6 +141,8 @@ namespace WebCore {
#endif
Location* location() const;
+ void setLocation(const String& location, Frame* activeFrame, Frame* firstFrame);
+
DOMSelection* getSelection();
Element* frameElement() const;
@@ -226,6 +228,9 @@ namespace WebCore {
Console* console() const;
+ void printErrorMessage(const String&);
+ String crossDomainAccessErrorMessage(Frame* activeFrame);
+
#if ENABLE(OFFLINE_WEB_APPLICATIONS)
DOMApplicationCache* applicationCache() const;
#endif
--
WebKit Debian packaging
More information about the Pkg-webkit-commits
mailing list