[SCM] WebKit Debian packaging branch, debian/experimental, updated. upstream/1.3.3-10851-g50815da
darin at apple.com
darin at apple.com
Wed Dec 22 18:20:18 UTC 2010
The following commit has been merged in the debian/experimental branch:
commit c957680a9f69efe8d6e2fdf2325b11027382d0bd
Author: darin at apple.com <darin at apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date: Fri Dec 10 01:06:50 2010 +0000
Rework my recent setLocation refactoring to use DOMWindow instead of Frame.
It's difficult to make correct security decisions based on Frame since a
Frame can navigate to a new document.
Reviewed by Sam Weinig.
Fixes some test failures that I somehow missed before the last check-in.
* bindings/js/JSDOMWindowBase.cpp:
(WebCore::JSDOMWindowBase::crossDomainAccessErrorMessage): Call to the
shell DOMWindow; not sure this one matters, but it's closer to the old
code before my last patch. Also pass the DOMWindow rather than the
frame to crossDomainAccessErrorMessage.
* bindings/js/JSDOMWindowCustom.cpp:
(WebCore::JSDOMWindow::setLocation): Pass DOMWindow rather than Frame
to the DOMWindow::setLocation function.
* page/DOMWindow.cpp:
(WebCore::DOMWindow::setLocation): Take DOMWindow rather than Frame.
(WebCore::DOMWindow::crossDomainAccessErrorMessage): Ditto.
* page/DOMWindow.h: Update new functions to take DOMWindow rather
than Frame.
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@73660 268f45cc-cd09-0410-ab3c-d52691b4dbfc
diff --git a/WebCore/ChangeLog b/WebCore/ChangeLog
index c810115..f5062dd 100644
--- a/WebCore/ChangeLog
+++ b/WebCore/ChangeLog
@@ -1,3 +1,30 @@
+2010-12-09 Darin Adler <darin at apple.com>
+
+ Reviewed by Sam Weinig.
+
+ Rework my recent setLocation refactoring to use DOMWindow instead of Frame.
+ It's difficult to make correct security decisions based on Frame since a
+ Frame can navigate to a new document.
+
+ Fixes some test failures that I somehow missed before the last check-in.
+
+ * bindings/js/JSDOMWindowBase.cpp:
+ (WebCore::JSDOMWindowBase::crossDomainAccessErrorMessage): Call to the
+ shell DOMWindow; not sure this one matters, but it's closer to the old
+ code before my last patch. Also pass the DOMWindow rather than the
+ frame to crossDomainAccessErrorMessage.
+
+ * bindings/js/JSDOMWindowCustom.cpp:
+ (WebCore::JSDOMWindow::setLocation): Pass DOMWindow rather than Frame
+ to the DOMWindow::setLocation function.
+
+ * page/DOMWindow.cpp:
+ (WebCore::DOMWindow::setLocation): Take DOMWindow rather than Frame.
+ (WebCore::DOMWindow::crossDomainAccessErrorMessage): Ditto.
+
+ * page/DOMWindow.h: Update new functions to take DOMWindow rather
+ than Frame.
+
2010-12-09 Sam Weinig <sam at webkit.org>
Try and fix the mac build.
diff --git a/WebCore/bindings/js/JSDOMWindowBase.cpp b/WebCore/bindings/js/JSDOMWindowBase.cpp
index 0bd9c0b..26371da 100644
--- a/WebCore/bindings/js/JSDOMWindowBase.cpp
+++ b/WebCore/bindings/js/JSDOMWindowBase.cpp
@@ -77,7 +77,7 @@ ScriptExecutionContext* JSDOMWindowBase::scriptExecutionContext() const
String JSDOMWindowBase::crossDomainAccessErrorMessage(const JSGlobalObject* other) const
{
- return impl()->crossDomainAccessErrorMessage(asJSDOMWindow(other)->impl()->frame());
+ return d()->shell->window()->impl()->crossDomainAccessErrorMessage(asJSDOMWindow(other)->impl());
}
void JSDOMWindowBase::printErrorMessage(const String& message) const
diff --git a/WebCore/bindings/js/JSDOMWindowCustom.cpp b/WebCore/bindings/js/JSDOMWindowCustom.cpp
index 1476b04..5373dd1 100644
--- a/WebCore/bindings/js/JSDOMWindowCustom.cpp
+++ b/WebCore/bindings/js/JSDOMWindowCustom.cpp
@@ -490,21 +490,19 @@ JSValue JSDOMWindow::location(ExecState* exec) const
void JSDOMWindow::setLocation(ExecState* exec, JSValue value)
{
- Frame* activeFrame = toLexicalFrame(exec);
- if (!activeFrame)
- return;
- Frame* firstFrame = toDynamicFrame(exec);
- if (!firstFrame)
- return;
+ DOMWindow* activeWindow = asJSDOMWindow(exec->lexicalGlobalObject())->impl();
+ DOMWindow* firstWindow = asJSDOMWindow(exec->dynamicGlobalObject())->impl();
#if ENABLE(DASHBOARD_SUPPORT)
// To avoid breaking old widgets, make "var location =" in a top-level frame create
// a property named "location" instead of performing a navigation (<rdar://problem/5688039>).
- if (Settings* settings = activeFrame->settings()) {
- if (settings->usesDashboardBackwardCompatibilityMode() && !activeFrame->tree()->parent()) {
- if (allowsAccessFrom(exec))
- putDirect(Identifier(exec, "location"), value);
- return;
+ if (Frame* activeFrame = activeWindow->frame()) {
+ if (Settings* settings = activeFrame->settings()) {
+ if (settings->usesDashboardBackwardCompatibilityMode() && !activeFrame->tree()->parent()) {
+ if (allowsAccessFrom(exec))
+ putDirect(Identifier(exec, "location"), value);
+ return;
+ }
}
}
#endif
@@ -513,7 +511,7 @@ void JSDOMWindow::setLocation(ExecState* exec, JSValue value)
if (exec->hadException())
return;
- impl()->setLocation(ustringToString(locationString), activeFrame, firstFrame);
+ impl()->setLocation(ustringToString(locationString), activeWindow, firstWindow);
}
JSValue JSDOMWindow::crypto(ExecState*) const
diff --git a/WebCore/page/DOMWindow.cpp b/WebCore/page/DOMWindow.cpp
index 61ba226..0293a21 100644
--- a/WebCore/page/DOMWindow.cpp
+++ b/WebCore/page/DOMWindow.cpp
@@ -1618,26 +1618,27 @@ void DOMWindow::revokeObjectURL(const String& blobURLString)
}
#endif
-void DOMWindow::setLocation(const String& location, Frame* activeFrame, Frame* firstFrame)
+void DOMWindow::setLocation(const String& location, DOMWindow* activeWindow, DOMWindow* firstWindow)
{
+ Frame* activeFrame = activeWindow->frame();
if (!activeFrame)
return;
- if (!firstFrame)
+ if (!activeFrame->loader()->shouldAllowNavigation(m_frame))
return;
+ Frame* firstFrame = firstWindow->frame();
+ if (!firstFrame)
+ return;
KURL locationURL = firstFrame->loader()->completeURL(location);
if (locationURL.isNull())
return;
- if (!activeFrame->loader()->shouldAllowNavigation(m_frame))
- return;
-
if (protocolIsJavaScript(locationURL)) {
- // FIXME: Is there some way to eliminate the need for a separate "activeFrame != m_frame" check?
+ // FIXME: Is there some way to eliminate the need for a separate "activeWindow != this" check?
// FIXME: The name canAccess seems to be a roundabout way to ask "can execute script".
// Can we name the SecurityOrigin function better to make this more clear?
- if (activeFrame != m_frame && !activeFrame->domWindow()->securityOrigin()->canAccess(securityOrigin())) {
- printErrorMessage(crossDomainAccessErrorMessage(activeFrame));
+ if (activeWindow != this && !activeWindow->securityOrigin()->canAccess(securityOrigin())) {
+ printErrorMessage(crossDomainAccessErrorMessage(activeWindow));
return;
}
}
@@ -1663,17 +1664,17 @@ void DOMWindow::printErrorMessage(const String& message)
console()->addMessage(JSMessageSource, LogMessageType, ErrorMessageLevel, message, 1, String());
}
-String DOMWindow::crossDomainAccessErrorMessage(Frame* activeFrame)
+String DOMWindow::crossDomainAccessErrorMessage(DOMWindow* activeWindow)
{
- const KURL& activeFrameURL = activeFrame->domWindow()->url();
- if (activeFrameURL.isNull())
+ const KURL& activeWindowURL = activeWindow->url();
+ if (activeWindowURL.isNull())
return String();
// FIXME: This error message should contain more specifics of why the same origin check has failed.
// Perhaps we should involve the security origin object in composing it.
// FIXME: This message, and other console messages, have extra newlines. Should remove them.
return makeString("Unsafe JavaScript attempt to access frame with URL ", m_url.string(),
- " from frame with URL ", activeFrameURL.string(), ". Domains, protocols and ports must match.\n");
+ " from frame with URL ", activeWindowURL.string(), ". Domains, protocols and ports must match.\n");
}
} // namespace WebCore
diff --git a/WebCore/page/DOMWindow.h b/WebCore/page/DOMWindow.h
index 332109c..0e4fc27 100644
--- a/WebCore/page/DOMWindow.h
+++ b/WebCore/page/DOMWindow.h
@@ -141,7 +141,7 @@ namespace WebCore {
#endif
Location* location() const;
- void setLocation(const String& location, Frame* activeFrame, Frame* firstFrame);
+ void setLocation(const String& location, DOMWindow* activeWindow, DOMWindow* firstWindow);
DOMSelection* getSelection();
@@ -229,7 +229,7 @@ namespace WebCore {
Console* console() const;
void printErrorMessage(const String&);
- String crossDomainAccessErrorMessage(Frame* activeFrame);
+ String crossDomainAccessErrorMessage(DOMWindow* activeWindow);
#if ENABLE(OFFLINE_WEB_APPLICATIONS)
DOMApplicationCache* applicationCache() const;
--
WebKit Debian packaging
More information about the Pkg-webkit-commits
mailing list