[SCM] WebKit Debian packaging branch, debian/experimental, updated. upstream/1.3.3-10851-g50815da

darin at apple.com darin at apple.com
Wed Dec 22 18:20:18 UTC 2010 

The following commit has been merged in the debian/experimental branch:
commit c957680a9f69efe8d6e2fdf2325b11027382d0bd
Author: darin at apple.com <darin at apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date:   Fri Dec 10 01:06:50 2010 +0000

    Rework my recent setLocation refactoring to use DOMWindow instead of Frame.
    It's difficult to make correct security decisions based on Frame since a
    Frame can navigate to a new document.
    
    Reviewed by Sam Weinig.
    
    Fixes some test failures that I somehow missed before the last check-in.
    
    * bindings/js/JSDOMWindowBase.cpp:
    (WebCore::JSDOMWindowBase::crossDomainAccessErrorMessage): Call to the
    shell DOMWindow; not sure this one matters, but it's closer to the old
    code before my last patch. Also pass the DOMWindow rather than the
    frame to crossDomainAccessErrorMessage.
    
    * bindings/js/JSDOMWindowCustom.cpp:
    (WebCore::JSDOMWindow::setLocation): Pass DOMWindow rather than Frame
    to the DOMWindow::setLocation function.
    
    * page/DOMWindow.cpp:
    (WebCore::DOMWindow::setLocation): Take DOMWindow rather than Frame.
    (WebCore::DOMWindow::crossDomainAccessErrorMessage): Ditto.
    
    * page/DOMWindow.h: Update new functions to take DOMWindow rather
    than Frame.
    
    
    
    git-svn-id: http://svn.webkit.org/repository/webkit/trunk@73660 268f45cc-cd09-0410-ab3c-d52691b4dbfc

diff --git a/WebCore/ChangeLog b/WebCore/ChangeLog
index c810115..f5062dd 100644
--- a/WebCore/ChangeLog
+++ b/WebCore/ChangeLog
@@ -1,3 +1,30 @@
+2010-12-09  Darin Adler  <darin at apple.com>
+
+        Reviewed by Sam Weinig.
+
+        Rework my recent setLocation refactoring to use DOMWindow instead of Frame.
+        It's difficult to make correct security decisions based on Frame since a
+        Frame can navigate to a new document.
+
+        Fixes some test failures that I somehow missed before the last check-in.
+
+        * bindings/js/JSDOMWindowBase.cpp:
+        (WebCore::JSDOMWindowBase::crossDomainAccessErrorMessage): Call to the
+        shell DOMWindow; not sure this one matters, but it's closer to the old
+        code before my last patch. Also pass the DOMWindow rather than the
+        frame to crossDomainAccessErrorMessage.
+
+        * bindings/js/JSDOMWindowCustom.cpp:
+        (WebCore::JSDOMWindow::setLocation): Pass DOMWindow rather than Frame
+        to the DOMWindow::setLocation function.
+
+        * page/DOMWindow.cpp:
+        (WebCore::DOMWindow::setLocation): Take DOMWindow rather than Frame.
+        (WebCore::DOMWindow::crossDomainAccessErrorMessage): Ditto.
+
+        * page/DOMWindow.h: Update new functions to take DOMWindow rather
+        than Frame.
+
 2010-12-09  Sam Weinig  <sam at webkit.org>
 
         Try and fix the mac build.
diff --git a/WebCore/bindings/js/JSDOMWindowBase.cpp b/WebCore/bindings/js/JSDOMWindowBase.cpp
index 0bd9c0b..26371da 100644
--- a/WebCore/bindings/js/JSDOMWindowBase.cpp
+++ b/WebCore/bindings/js/JSDOMWindowBase.cpp
@@ -77,7 +77,7 @@ ScriptExecutionContext* JSDOMWindowBase::scriptExecutionContext() const
 
 String JSDOMWindowBase::crossDomainAccessErrorMessage(const JSGlobalObject* other) const
 {
-    return impl()->crossDomainAccessErrorMessage(asJSDOMWindow(other)->impl()->frame());
+    return d()->shell->window()->impl()->crossDomainAccessErrorMessage(asJSDOMWindow(other)->impl());
 }
 
 void JSDOMWindowBase::printErrorMessage(const String& message) const
diff --git a/WebCore/bindings/js/JSDOMWindowCustom.cpp b/WebCore/bindings/js/JSDOMWindowCustom.cpp
index 1476b04..5373dd1 100644
--- a/WebCore/bindings/js/JSDOMWindowCustom.cpp
+++ b/WebCore/bindings/js/JSDOMWindowCustom.cpp
@@ -490,21 +490,19 @@ JSValue JSDOMWindow::location(ExecState* exec) const
 
 void JSDOMWindow::setLocation(ExecState* exec, JSValue value)
 {
-    Frame* activeFrame = toLexicalFrame(exec);
-    if (!activeFrame)
-        return;
-    Frame* firstFrame = toDynamicFrame(exec);
-    if (!firstFrame)
-        return;
+    DOMWindow* activeWindow = asJSDOMWindow(exec->lexicalGlobalObject())->impl();
+    DOMWindow* firstWindow = asJSDOMWindow(exec->dynamicGlobalObject())->impl();
 
 #if ENABLE(DASHBOARD_SUPPORT)
     // To avoid breaking old widgets, make "var location =" in a top-level frame create
     // a property named "location" instead of performing a navigation (<rdar://problem/5688039>).
-    if (Settings* settings = activeFrame->settings()) {
-        if (settings->usesDashboardBackwardCompatibilityMode() && !activeFrame->tree()->parent()) {
-            if (allowsAccessFrom(exec))
-                putDirect(Identifier(exec, "location"), value);
-            return;
+    if (Frame* activeFrame = activeWindow->frame()) {
+        if (Settings* settings = activeFrame->settings()) {
+            if (settings->usesDashboardBackwardCompatibilityMode() && !activeFrame->tree()->parent()) {
+                if (allowsAccessFrom(exec))
+                    putDirect(Identifier(exec, "location"), value);
+                return;
+            }
         }
     }
 #endif
@@ -513,7 +511,7 @@ void JSDOMWindow::setLocation(ExecState* exec, JSValue value)
     if (exec->hadException())
         return;
 
-    impl()->setLocation(ustringToString(locationString), activeFrame, firstFrame);
+    impl()->setLocation(ustringToString(locationString), activeWindow, firstWindow);
 }
 
 JSValue JSDOMWindow::crypto(ExecState*) const
diff --git a/WebCore/page/DOMWindow.cpp b/WebCore/page/DOMWindow.cpp
index 61ba226..0293a21 100644
--- a/WebCore/page/DOMWindow.cpp
+++ b/WebCore/page/DOMWindow.cpp
@@ -1618,26 +1618,27 @@ void DOMWindow::revokeObjectURL(const String& blobURLString)
 }
 #endif
 
-void DOMWindow::setLocation(const String& location, Frame* activeFrame, Frame* firstFrame)
+void DOMWindow::setLocation(const String& location, DOMWindow* activeWindow, DOMWindow* firstWindow)
 {
+    Frame* activeFrame = activeWindow->frame();
     if (!activeFrame)
         return;
-    if (!firstFrame)
+    if (!activeFrame->loader()->shouldAllowNavigation(m_frame))
         return;
 
+    Frame* firstFrame = firstWindow->frame();
+    if (!firstFrame)
+        return;
     KURL locationURL = firstFrame->loader()->completeURL(location);
     if (locationURL.isNull())
         return;
 
-    if (!activeFrame->loader()->shouldAllowNavigation(m_frame))
-        return;
-
     if (protocolIsJavaScript(locationURL)) {
-        // FIXME: Is there some way to eliminate the need for a separate "activeFrame != m_frame" check?
+        // FIXME: Is there some way to eliminate the need for a separate "activeWindow != this" check?
         // FIXME: The name canAccess seems to be a roundabout way to ask "can execute script".
         // Can we name the SecurityOrigin function better to make this more clear?
-        if (activeFrame != m_frame && !activeFrame->domWindow()->securityOrigin()->canAccess(securityOrigin())) {
-            printErrorMessage(crossDomainAccessErrorMessage(activeFrame));
+        if (activeWindow != this && !activeWindow->securityOrigin()->canAccess(securityOrigin())) {
+            printErrorMessage(crossDomainAccessErrorMessage(activeWindow));
             return;
         }
     }
@@ -1663,17 +1664,17 @@ void DOMWindow::printErrorMessage(const String& message)
     console()->addMessage(JSMessageSource, LogMessageType, ErrorMessageLevel, message, 1, String());
 }
 
-String DOMWindow::crossDomainAccessErrorMessage(Frame* activeFrame)
+String DOMWindow::crossDomainAccessErrorMessage(DOMWindow* activeWindow)
 {
-    const KURL& activeFrameURL = activeFrame->domWindow()->url();
-    if (activeFrameURL.isNull())
+    const KURL& activeWindowURL = activeWindow->url();
+    if (activeWindowURL.isNull())
         return String();
 
     // FIXME: This error message should contain more specifics of why the same origin check has failed.
     // Perhaps we should involve the security origin object in composing it.
     // FIXME: This message, and other console messages, have extra newlines. Should remove them.
     return makeString("Unsafe JavaScript attempt to access frame with URL ", m_url.string(),
-        " from frame with URL ", activeFrameURL.string(), ". Domains, protocols and ports must match.\n");
+        " from frame with URL ", activeWindowURL.string(), ". Domains, protocols and ports must match.\n");
 }
 
 } // namespace WebCore
diff --git a/WebCore/page/DOMWindow.h b/WebCore/page/DOMWindow.h
index 332109c..0e4fc27 100644
--- a/WebCore/page/DOMWindow.h
+++ b/WebCore/page/DOMWindow.h
@@ -141,7 +141,7 @@ namespace WebCore {
 #endif
         Location* location() const;
 
-        void setLocation(const String& location, Frame* activeFrame, Frame* firstFrame);
+        void setLocation(const String& location, DOMWindow* activeWindow, DOMWindow* firstWindow);
 
         DOMSelection* getSelection();
 
@@ -229,7 +229,7 @@ namespace WebCore {
         Console* console() const;
 
         void printErrorMessage(const String&);
-        String crossDomainAccessErrorMessage(Frame* activeFrame);
+        String crossDomainAccessErrorMessage(DOMWindow* activeWindow);
 
 #if ENABLE(OFFLINE_WEB_APPLICATIONS)
         DOMApplicationCache* applicationCache() const;

-- 
WebKit Debian packaging

More information about the Pkg-webkit-commits mailing list