Changeset 51577 in webkit
- Timestamp:
- Dec 1, 2009, 6:40:35 PM (16 years ago)
- Location:
- trunk
- Files:
-
- 55 added
- 23 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/LayoutTests/ChangeLog
r51576 r51577 1 2009-12-01 Patrik Persson <[email protected]> 2 3 Reviewed by Darin Adler. 4 5 Implement HTML5 sandbox attribute for iframes. 6 http://www.w3.org/TR/html5/text-level-semantics.html#attr-iframe-sandbox 7 https://bugs.webkit.org/show_bug.cgi?id=21288 8 9 * fast/frames/resources/non-sandboxed-iframe-navigation.html: Added. 10 * fast/frames/resources/sandboxed-iframe-attribute-parsing-allowed.html: Added. 11 * fast/frames/resources/sandboxed-iframe-attribute-parsing-disallowed.html: Added. 12 * fast/frames/resources/sandboxed-iframe-form-allowed.html: Added. 13 * fast/frames/resources/sandboxed-iframe-form-disallowed.html: Added. 14 * fast/frames/resources/sandboxed-iframe-navigated.html: Added. 15 * fast/frames/resources/sandboxed-iframe-navigation-child.html: Added. 16 * fast/frames/resources/sandboxed-iframe-navigation-navigated.html: Added. 17 * fast/frames/resources/sandboxed-iframe-navigation-parent.html: Added. 18 * fast/frames/resources/sandboxed-iframe-navigation-source.html: Added. 19 * fast/frames/resources/sandboxed-iframe-navigation-targetlink.html: Added. 20 * fast/frames/resources/sandboxed-iframe-navigation-windowopen.html: Added. 21 * fast/frames/resources/sandboxed-iframe-plugins-frame-applet.html: Added. 22 * fast/frames/resources/sandboxed-iframe-plugins-frame-embed.html: Added. 23 * fast/frames/resources/sandboxed-iframe-plugins-frame-object.html: Added. 24 * fast/frames/resources/sandboxed-iframe-script-dynamic.html: Added. 25 * fast/frames/resources/sandboxed-iframe-storage-allowed.html: Added. 26 * fast/frames/resources/sandboxed-iframe-storage-disallowed.html: Added. 27 * fast/frames/sandboxed-iframe-attribute-parsing-expected.txt: Added. 28 * fast/frames/sandboxed-iframe-attribute-parsing.html: Added. 29 * fast/frames/sandboxed-iframe-forms-expected.txt: Added. 30 * fast/frames/sandboxed-iframe-forms.html: Added. 31 * fast/frames/sandboxed-iframe-navigation-allowed-expected.txt: Added. 32 * fast/frames/sandboxed-iframe-navigation-allowed.html: Added. 33 * fast/frames/sandboxed-iframe-navigation-parent-expected.txt: Added. 34 * fast/frames/sandboxed-iframe-navigation-parent.html: Added. 35 * fast/frames/sandboxed-iframe-navigation-targetlink-expected.txt: Added. 36 * fast/frames/sandboxed-iframe-navigation-targetlink.html: Added. 37 * fast/frames/sandboxed-iframe-navigation-windowopen-expected.txt: Added. 38 * fast/frames/sandboxed-iframe-navigation-windowopen.html: Added. 39 * fast/frames/sandboxed-iframe-plugins-expected.txt: Added. 40 * fast/frames/sandboxed-iframe-plugins.html: Added. 41 * fast/frames/sandboxed-iframe-scripting-expected.txt: Added. 42 * fast/frames/sandboxed-iframe-scripting.html: Added. 43 * fast/frames/sandboxed-iframe-storage-expected.txt: Added. 44 * fast/frames/sandboxed-iframe-storage.html: Added. 45 * http/tests/security/resources/sandboxed-iframe-document-cookie-read-denied.html: Added. 46 * http/tests/security/resources/sandboxed-iframe-modify-self.html: Added. 47 * http/tests/security/resources/xss-DENIED-sandboxed-iframe-attacker.html: Added. 48 * http/tests/security/sandboxed-iframe-document-cookie-expected.txt: Added. 49 * http/tests/security/sandboxed-iframe-document-cookie.html: Added. 50 * http/tests/security/sandboxed-iframe-modify-self-expected.txt: Added. 51 * http/tests/security/sandboxed-iframe-modify-self.html: Added. 52 * http/tests/security/xss-DENIED-sandboxed-iframe-expected.txt: Added. 53 * http/tests/security/xss-DENIED-sandboxed-iframe.html: Added. 54 * http/tests/xmlhttprequest/access-control-sandboxed-iframe-allow-expected.txt: Added. 55 * http/tests/xmlhttprequest/access-control-sandboxed-iframe-allow.html: Added. 56 * http/tests/xmlhttprequest/access-control-sandboxed-iframe-denied-expected.txt: Added. 57 * http/tests/xmlhttprequest/access-control-sandboxed-iframe-denied-without-wildcard-expected.txt: Added. 58 * http/tests/xmlhttprequest/access-control-sandboxed-iframe-denied-without-wildcard.html: Added. 59 * http/tests/xmlhttprequest/access-control-sandboxed-iframe-denied.html: Added. 60 * http/tests/xmlhttprequest/resources/access-control-sandboxed-iframe-allow-iframe.html: Added. 61 * http/tests/xmlhttprequest/resources/access-control-sandboxed-iframe-allow.cgi: Added. 62 * http/tests/xmlhttprequest/resources/access-control-sandboxed-iframe-denied-iframe.html: Added. 63 * http/tests/xmlhttprequest/resources/access-control-sandboxed-iframe-denied-without-wildcard-iframe.html: Added. 64 * http/tests/xmlhttprequest/resources/access-control-sandboxed-iframe-denied-without-wildcard.cgi: Added. 65 * http/tests/xmlhttprequest/resources/access-control-sandboxed-iframe-denied.cgi: Added. 66 1 67 2009-12-01 Chris Fleizach <[email protected]> 2 68 -
trunk/WebCore/ChangeLog
r51576 r51577 1 2009-12-01 Patrik Persson <[email protected]> 2 3 Reviewed by Darin Adler. 4 5 Implement HTML5 sandbox attribute for iframes. 6 http://www.w3.org/TR/html5/text-level-semantics.html#attr-iframe-sandbox 7 https://bugs.webkit.org/show_bug.cgi?id=21288 8 9 Tests: fast/frames/sandboxed-iframe-attribute-parsing.html 10 fast/frames/sandboxed-iframe-forms.html 11 fast/frames/sandboxed-iframe-navigation-allowed.html 12 fast/frames/sandboxed-iframe-navigation-parent.html 13 fast/frames/sandboxed-iframe-navigation-targetlink.html 14 fast/frames/sandboxed-iframe-navigation-windowopen.html 15 fast/frames/sandboxed-iframe-plugins.html 16 fast/frames/sandboxed-iframe-scripting.html 17 fast/frames/sandboxed-iframe-storage.html 18 http/tests/security/sandboxed-iframe-document-cookie.html 19 http/tests/security/sandboxed-iframe-modify-self.html 20 http/tests/security/xss-DENIED-sandboxed-iframe.html 21 http/tests/xmlhttprequest/access-control-sandboxed-iframe-allow.html 22 http/tests/xmlhttprequest/access-control-sandboxed-iframe-denied-without-wildcard.html 23 http/tests/xmlhttprequest/access-control-sandboxed-iframe-denied.html 24 25 * bindings/js/JSDOMWindowCustom.cpp: sandboxing navigation 26 (WebCore::createWindow): 27 * bindings/js/ScriptController.cpp: sandboxing scripts 28 (WebCore::ScriptController::isEnabled): 29 * dom/Document.cpp: 30 (WebCore::Document::processHttpEquiv): 31 (WebCore::Document::cookie): raise exception when accessed from sandbox 32 (WebCore::Document::setCookie): raise exception when accessed from sandbox 33 (WebCore::Document::initSecurityContext): updae sandbox status 34 (WebCore::Document::updateSandboxFlags): 35 * dom/Document.h: 36 * dom/Document.idl: 37 * html/HTMLAppletElement.cpp: sandboxing applets 38 (WebCore::HTMLAppletElement::createRenderer): 39 (WebCore::HTMLAppletElement::renderWidgetForJSBindings): 40 (WebCore::HTMLAppletElement::canEmbedJava): 41 * html/HTMLAppletElement.h: 42 * html/HTMLAttributeNames.in: 43 * html/HTMLFrameOwnerElement.cpp: management of sandbox flags as stated in attribute 44 (WebCore::HTMLFrameOwnerElement::HTMLFrameOwnerElement): 45 (WebCore::HTMLFrameOwnerElement::setSandboxFlags): 46 * html/HTMLFrameOwnerElement.h: 47 (WebCore::HTMLFrameOwnerElement::sandboxFlags): 48 * html/HTMLIFrameElement.cpp: sandbox attribute parsing 49 (WebCore::parseSandboxAttribute): 50 (WebCore::HTMLIFrameElement::parseMappedAttribute): 51 * html/HTMLIFrameElement.idl: 52 * inspector/InspectorController.cpp: 53 (WebCore::InspectorController::getCookies): 54 * loader/CrossOriginAccessControl.cpp: 55 (WebCore::passesAccessControlCheck): 56 * loader/FrameLoader.cpp: 57 (WebCore::FrameLoader::FrameLoader): 58 (WebCore::FrameLoader::init): 59 (WebCore::FrameLoader::submitForm): sandboxing forms 60 (WebCore::FrameLoader::requestObject): sandboxing plugins 61 (WebCore::FrameLoader::shouldAllowNavigation): sandboxing navigation 62 (WebCore::FrameLoader::updateSandboxFlags): propagation of sandbox flags 63 * loader/FrameLoader.h: 64 (WebCore::FrameLoader::ownerElementSandboxFlagsChanged): 65 (WebCore::FrameLoader::isSandboxed): 66 (WebCore::FrameLoader::sandboxFlags): 67 * loader/FrameLoaderTypes.h: 68 (WebCore::): 69 * page/DOMWindow.cpp: disable storage and databases in sandboxed frames 70 (WebCore::DOMWindow::sessionStorage): 71 (WebCore::DOMWindow::localStorage): 72 (WebCore::DOMWindow::openDatabase): 73 * page/SecurityOrigin.cpp: added sandboxing status 74 (WebCore::SecurityOrigin::SecurityOrigin): 75 (WebCore::SecurityOrigin::canAccess): 76 (WebCore::SecurityOrigin::canRequest): 77 (WebCore::SecurityOrigin::toString): 78 * page/SecurityOrigin.h: 79 (WebCore::SecurityOrigin::setSandboxFlags): 80 (WebCore::SecurityOrigin::isSandboxed): 81 (WebCore::SecurityOrigin::canAccessDatabase): 82 (WebCore::SecurityOrigin::canAccessStorage): 83 * websockets/WebSocketChannel.cpp: 84 (WebCore::WebSocketChannel::didReceiveData): 85 1 86 2009-12-01 Chris Fleizach <[email protected]> 2 87 -
trunk/WebCore/bindings/js/JSDOMWindowCustom.cpp
r51363 r51577 745 745 ASSERT(dynamicFrame); 746 746 747 // Sandboxed iframes cannot open new auxiliary browsing contexts. 748 if (lexicalFrame && lexicalFrame->loader()->isSandboxed(SandboxNavigation)) 749 return 0; 750 747 751 ResourceRequest request; 748 752 -
trunk/WebCore/bindings/js/ScriptController.cpp
r51512 r51577 290 290 { 291 291 Settings* settings = m_frame->settings(); 292 return m_frame->loader()->client()->allowJavaScript(settings && settings->isJavaScriptEnabled() );292 return m_frame->loader()->client()->allowJavaScript(settings && settings->isJavaScriptEnabled() && !m_frame->loader()->isSandboxed(SandboxScripts)); 293 293 } 294 294 -
trunk/WebCore/dom/Document.cpp
r51374 r51577 2182 2182 } else if (equalIgnoringCase(equiv, "set-cookie")) { 2183 2183 // FIXME: make setCookie work on XML documents too; e.g. in case of <html:meta .....> 2184 if (isHTMLDocument()) 2185 static_cast<HTMLDocument*>(this)->setCookie(content); 2184 if (isHTMLDocument()) { 2185 ExceptionCode ec; // Exception (for sandboxed documents) ignored. 2186 static_cast<HTMLDocument*>(this)->setCookie(content, ec); 2187 } 2186 2188 } else if (equalIgnoringCase(equiv, "content-language")) 2187 2189 setContentLanguage(content); … … 3001 3003 } 3002 3004 3003 String Document::cookie( ) const3005 String Document::cookie(ExceptionCode& ec) const 3004 3006 { 3005 3007 if (page() && !page()->cookieEnabled()) 3006 3008 return String(); 3009 3010 // FIXME: The HTML5 DOM spec states that this attribute can raise an 3011 // INVALID_STATE_ERR exception on getting if the Document has no 3012 // browsing context. 3013 3014 if (securityOrigin()->isSandboxed(SandboxOrigin)) { 3015 ec = SECURITY_ERR; 3016 return String(); 3017 } 3007 3018 3008 3019 KURL cookieURL = this->cookieURL(); … … 3013 3024 } 3014 3025 3015 void Document::setCookie(const String& value )3026 void Document::setCookie(const String& value, ExceptionCode& ec) 3016 3027 { 3017 3028 if (page() && !page()->cookieEnabled()) 3018 3029 return; 3030 3031 // FIXME: The HTML5 DOM spec states that this attribute can raise an 3032 // INVALID_STATE_ERR exception on setting if the Document has no 3033 // browsing context. 3034 3035 if (securityOrigin()->isSandboxed(SandboxOrigin)) { 3036 ec = SECURITY_ERR; 3037 return; 3038 } 3019 3039 3020 3040 KURL cookieURL = this->cookieURL(); … … 4266 4286 ScriptExecutionContext::setSecurityOrigin(SecurityOrigin::create(url)); 4267 4287 4288 updateSandboxFlags(); 4289 4268 4290 if (SecurityOrigin::allowSubstituteDataAccessToLocal()) { 4269 4291 // If this document was loaded with substituteData, then the document can … … 4314 4336 // not applicable to arbitrary documents. 4315 4337 initDNSPrefetch(); 4338 } 4339 4340 void Document::updateSandboxFlags() 4341 { 4342 if (m_frame && securityOrigin()) 4343 securityOrigin()->setSandboxFlags(m_frame->loader()->sandboxFlags()); 4316 4344 } 4317 4345 -
trunk/WebCore/dom/Document.h
r51324 r51577 676 676 void removeTitle(Element* titleElement); 677 677 678 String cookie( ) const;679 void setCookie(const String& );678 String cookie(ExceptionCode&) const; 679 void setCookie(const String&, ExceptionCode&); 680 680 681 681 String referrer() const; … … 887 887 // that already contains content. 888 888 void setSecurityOrigin(SecurityOrigin*); 889 890 void updateSandboxFlags(); // Set sandbox flags as determined by the frame. 889 891 890 892 bool processingLoadEvent() const { return m_processingLoadEvent; } -
trunk/WebCore/dom/Document.idl
r51125 r51577 163 163 readonly attribute DOMString URL; 164 164 165 // FIXME: the DOM spec states that this attribute can166 // raise an exception on setting.167 165 attribute [ConvertNullToNullString] DOMString cookie 168 /*setter raises (DOMException)*/; 166 setter raises (DOMException), 167 getter raises (DOMException); 169 168 170 169 // FIXME: the DOM spec does NOT have this attribute -
trunk/WebCore/html/HTMLAppletElement.cpp
r47688 r51577 29 29 #include "MappedAttribute.h" 30 30 #include "RenderApplet.h" 31 #include "SecurityOrigin.h" 31 32 #include "Settings.h" 32 33 … … 109 110 RenderObject* HTMLAppletElement::createRenderer(RenderArena*, RenderStyle* style) 110 111 { 111 Settings* settings = document()->settings(); 112 113 if (settings && settings->isJavaEnabled()) { 112 if (canEmbedJava()) { 114 113 HashMap<String, String> args; 115 114 … … 143 142 RenderWidget* HTMLAppletElement::renderWidgetForJSBindings() const 144 143 { 145 Settings* settings = document()->settings(); 146 if (!settings || !settings->isJavaEnabled()) 144 if (!canEmbedJava()) 147 145 return 0; 148 146 … … 152 150 153 151 return applet; 152 } 153 154 bool HTMLAppletElement::canEmbedJava() const 155 { 156 if (document()->securityOrigin()->isSandboxed(SandboxPlugins)) 157 return false; 158 159 Settings* settings = document()->settings(); 160 return settings && settings->isJavaEnabled(); 154 161 } 155 162 -
trunk/WebCore/html/HTMLAppletElement.h
r47688 r51577 52 52 53 53 void setupApplet() const; 54 bool canEmbedJava() const; 54 55 55 56 virtual void insertedIntoDocument(); -
trunk/WebCore/html/HTMLAttributeNames.in
r51304 r51577 223 223 rowspan 224 224 rules 225 sandbox 225 226 scheme 226 227 scope -
trunk/WebCore/html/HTMLFrameOwnerElement.cpp
r47688 r51577 36 36 : HTMLElement(tagName, document, CreateElement) 37 37 , m_contentFrame(0) 38 , m_sandboxFlags(SandboxNone) 38 39 { 39 40 } … … 65 66 } 66 67 68 void HTMLFrameOwnerElement::setSandboxFlags(SandboxFlags flags) 69 { 70 if (m_sandboxFlags == flags) 71 return; 72 73 m_sandboxFlags = flags; 74 75 if (Frame* frame = contentFrame()) 76 frame->loader()->ownerElementSandboxFlagsChanged(); 77 } 78 67 79 #if ENABLE(SVG) 68 80 SVGDocument* HTMLFrameOwnerElement::getSVGDocument(ExceptionCode& ec) const -
trunk/WebCore/html/HTMLFrameOwnerElement.h
r47688 r51577 22 22 #define HTMLFrameOwnerElement_h 23 23 24 #include "FrameLoaderTypes.h" 24 25 #include "HTMLElement.h" 25 26 … … 47 48 virtual ScrollbarMode scrollingMode() const { return ScrollbarAuto; } 48 49 50 SandboxFlags sandboxFlags() const { return m_sandboxFlags; } 51 49 52 protected: 50 53 HTMLFrameOwnerElement(const QualifiedName& tagName, Document*); 51 54 55 void setSandboxFlags(SandboxFlags); 56 52 57 private: 53 58 friend class Frame; … … 59 64 60 65 Frame* m_contentFrame; 66 SandboxFlags m_sandboxFlags; 61 67 }; 62 68 -
trunk/WebCore/html/HTMLIFrameElement.cpp
r47688 r51577 5 5 * (C) 2001 Dirk Mueller ([email protected]) 6 6 * Copyright (C) 2004, 2006, 2008, 2009 Apple Inc. All rights reserved. 7 * Copyright (C) 2009 Ericsson AB. All rights reserved. 7 8 * 8 9 * This library is free software; you can redistribute it and/or … … 67 68 } 68 69 70 static SandboxFlags parseSandboxAttribute(MappedAttribute* attribute) 71 { 72 if (attribute->isNull()) 73 return SandboxNone; 74 75 // Parse the unordered set of unique space-separated tokens. 76 SandboxFlags flags = SandboxAll; 77 const UChar* characters = attribute->value().characters(); 78 unsigned length = attribute->value().length(); 79 unsigned start = 0; 80 while (true) { 81 while (start < length && isASCIISpace(characters[start])) 82 ++start; 83 if (start >= length) 84 break; 85 unsigned end = start + 1; 86 while (end < length && !isASCIISpace(characters[end])) 87 ++end; 88 89 // Turn off the corresponding sandbox flag if it's set as "allowed". 90 String sandboxToken = String(characters + start, end - start); 91 if (equalIgnoringCase(sandboxToken, "allow-same-origin")) 92 flags &= ~SandboxOrigin; 93 else if (equalIgnoringCase(sandboxToken, "allow-forms")) 94 flags &= ~SandboxForms; 95 else if (equalIgnoringCase(sandboxToken, "allow-scripts")) 96 flags &= ~SandboxScripts; 97 98 start = end + 1; 99 } 100 101 return flags; 102 } 103 69 104 void HTMLIFrameElement::parseMappedAttribute(MappedAttribute* attr) 70 105 { … … 89 124 // Add a rule that nulls out our border width. 90 125 addCSSLength(attr, CSSPropertyBorderWidth, "0"); 91 } else 126 } else if (attr->name() == sandboxAttr) 127 setSandboxFlags(parseSandboxAttribute(attr)); 128 else 92 129 HTMLFrameElementBase::parseMappedAttribute(attr); 93 130 } -
trunk/WebCore/html/HTMLIFrameElement.idl
r47352 r51577 34 34 attribute [ConvertNullToNullString, Reflect=marginwidth] DOMString marginWidth; 35 35 attribute [ConvertNullToNullString, Reflect] DOMString name; 36 attribute [ConvertNullToNullString, Reflect] DOMString sandbox; 36 37 attribute [ConvertNullToNullString, Reflect] DOMString scrolling; 37 38 attribute [ConvertNullToNullString, CustomSetter, Reflect] DOMString src; -
trunk/WebCore/inspector/InspectorController.cpp
r51544 r51577 1204 1204 rawCookiesImplemented = getRawCookies(document, document->cookieURL(), docCookiesList); 1205 1205 1206 if (!rawCookiesImplemented) 1207 // FIXME:We need duplication checking for the String representation of cookies. 1208 stringCookiesList += document->cookie(); 1209 else { 1206 if (!rawCookiesImplemented) { 1207 // FIXME: We need duplication checking for the String representation of cookies. 1208 ExceptionCode ec = 0; 1209 stringCookiesList += document->cookie(ec); 1210 // Exceptions are thrown by cookie() in sandboxed frames. That won't happen here 1211 // because "document" is the document of the main frame of the page. 1212 ASSERT(!ec); 1213 } else { 1210 1214 int cookiesSize = docCookiesList.size(); 1211 1215 for (int i = 0; i < cookiesSize; i++) { -
trunk/WebCore/loader/CrossOriginAccessControl.cpp
r41825 r51577 101 101 return true; 102 102 103 // A sandboxed frame has a unique origin (for same-origin purposes). 104 if (securityOrigin->isSandboxed(SandboxOrigin)) 105 return false; 106 103 107 RefPtr<SecurityOrigin> accessControlOrigin = SecurityOrigin::createFromString(accessControlOriginString); 104 108 if (!accessControlOrigin->isSameSchemeHostPort(securityOrigin)) -
trunk/WebCore/loader/FrameLoader.cpp
r51350 r51577 197 197 , m_loadingFromCachedPage(false) 198 198 , m_suppressOpenerInNewFrame(false) 199 , m_sandboxFlags(SandboxAll) 199 200 #ifndef NDEBUG 200 201 , m_didDispatchDidCommitLoad(false) … … 229 230 m_creatingInitialEmptyDocument = false; 230 231 m_didCallImplicitClose = true; 232 233 // Propagate sandbox attributes to this Frameloader and its descendants. 234 updateSandboxFlags(); 231 235 } 232 236 … … 437 441 KURL u = completeURL(url.isNull() ? "" : url); 438 442 if (u.isEmpty()) 443 return; 444 445 if (isSandboxed(SandboxForms)) 439 446 return; 440 447 … … 1255 1262 if (!settings || !settings->arePluginsEnabled() || 1256 1263 (!settings->isJavaEnabled() && MIMETypeRegistry::isJavaAppletMIMEType(mimeType))) 1264 return false; 1265 if (isSandboxed(SandboxPlugins)) 1257 1266 return false; 1258 1267 return loadPlugin(renderer, completedURL, mimeType, paramNames, paramValues, useFallback); … … 2197 2206 if (m_frame == targetFrame) 2198 2207 return true; 2208 2209 // A sandboxed frame can only navigate itself and its descendants. 2210 if (isSandboxed(SandboxNavigation) && !targetFrame->tree()->isDescendantOf(m_frame)) 2211 return false; 2199 2212 2200 2213 // Let a frame navigate the top-level window that contains it. This is … … 3906 3919 } 3907 3920 3921 void FrameLoader::updateSandboxFlags() 3922 { 3923 SandboxFlags flags = SandboxNone; 3924 if (Frame* parentFrame = m_frame->tree()->parent()) 3925 flags |= parentFrame->loader()->sandboxFlags(); 3926 if (HTMLFrameOwnerElement* ownerElement = m_frame->ownerElement()) 3927 flags |= ownerElement->sandboxFlags(); 3928 3929 if (m_sandboxFlags == flags) 3930 return; 3931 3932 m_sandboxFlags = flags; 3933 3934 m_frame->document()->updateSandboxFlags(); 3935 3936 for (Frame* child = m_frame->tree()->firstChild(); child; child = child->tree()->nextSibling()) 3937 child->loader()->updateSandboxFlags(); 3938 } 3939 3908 3940 PassRefPtr<Widget> FrameLoader::createJavaAppletWidget(const IntSize& size, HTMLAppletElement* element, const HashMap<String, String>& args) 3909 3941 { -
trunk/WebCore/loader/FrameLoader.h
r50991 r51577 252 252 void dispatchDocumentElementAvailable(); 253 253 254 void ownerElementSandboxFlagsChanged() { updateSandboxFlags(); } 255 256 bool isSandboxed(SandboxFlags mask) const { return m_sandboxFlags & mask; } 257 SandboxFlags sandboxFlags() const { return m_sandboxFlags; } 258 254 259 // Mixed content related functions. 255 260 static bool isMixedContent(SecurityOrigin* context, const KURL&); … … 436 441 bool shouldTreatURLAsSameAsCurrent(const KURL&) const; 437 442 443 void updateSandboxFlags(); 444 438 445 Frame* m_frame; 439 446 FrameLoaderClient* m_client; … … 507 514 bool m_suppressOpenerInNewFrame; 508 515 516 SandboxFlags m_sandboxFlags; 517 509 518 #ifndef NDEBUG 510 519 bool m_didDispatchDidCommitLoad; -
trunk/WebCore/loader/FrameLoaderTypes.h
r49809 r51577 93 93 NoReferrer 94 94 }; 95 96 enum SandboxFlag { 97 SandboxNone = 0, 98 SandboxNavigation = 1, 99 SandboxPlugins = 1 << 1, 100 SandboxOrigin = 1 << 2, 101 SandboxForms = 1 << 3, 102 SandboxScripts = 1 << 4, 103 SandboxAll = -1 // Mask with all bits set to 1. 104 }; 105 106 typedef unsigned SandboxFlags; 95 107 } 96 108 -
trunk/WebCore/page/DOMWindow.cpp
r51495 r51577 570 570 if (!document) 571 571 return 0; 572 573 if (!document->securityOrigin()->canAccessStorage()) 574 return 0; 572 575 573 576 Page* page = document->page(); … … 591 594 Document* document = this->document(); 592 595 if (!document) 596 return 0; 597 598 if (!document->securityOrigin()->canAccessStorage()) 593 599 return 0; 594 600 … … 1108 1114 return 0; 1109 1115 1110 Document* doc = m_frame->document(); 1116 Document* document = m_frame->document(); 1117 if (!document->securityOrigin()->canAccessDatabase()) 1118 return 0; 1111 1119 1112 1120 Settings* settings = m_frame->settings(); … … 1114 1122 return 0; 1115 1123 1116 return Database::openDatabase(doc , name, version, displayName, estimatedSize, ec);1124 return Database::openDatabase(document, name, version, displayName, estimatedSize, ec); 1117 1125 } 1118 1126 #endif -
trunk/WebCore/page/SecurityOrigin.cpp
r51294 r51577 96 96 , m_host(url.host().isNull() ? "" : url.host().lower()) 97 97 , m_port(url.port()) 98 , m_sandboxFlags(SandboxNone) 98 99 , m_noAccess(false) 99 100 , m_universalAccess(false) … … 128 129 , m_domain(other->m_domain.threadsafeCopy()) 129 130 , m_port(other->m_port) 131 , m_sandboxFlags(other->m_sandboxFlags) 130 132 , m_noAccess(other->m_noAccess) 131 133 , m_universalAccess(other->m_universalAccess) … … 168 170 return true; 169 171 170 if (m_noAccess || other->m_noAccess )172 if (m_noAccess || other->m_noAccess || isSandboxed(SandboxOrigin) || other->isSandboxed(SandboxOrigin)) 171 173 return false; 172 174 … … 209 211 return true; 210 212 211 if (m_noAccess )213 if (m_noAccess || isSandboxed(SandboxOrigin)) 212 214 return false; 213 215 … … 297 299 return "null"; 298 300 299 if (m_noAccess )301 if (m_noAccess || isSandboxed(SandboxOrigin)) 300 302 return "null"; 301 303 -
trunk/WebCore/page/SecurityOrigin.h
r50924 r51577 35 35 #include <wtf/Threading.h> 36 36 37 #include "FrameLoaderTypes.h" 37 38 #include "PlatformString.h" 38 39 #include "StringHash.h" … … 111 112 void grantUniversalAccess(); 112 113 114 // Sandboxing status as determined by the frame. 115 void setSandboxFlags(SandboxFlags flags) { m_sandboxFlags = flags; } 116 bool isSandboxed(SandboxFlags mask) const { return m_sandboxFlags & mask; } 117 118 bool canAccessDatabase() const { return !isSandboxed(SandboxOrigin); } 119 bool canAccessStorage() const { return !isSandboxed(SandboxOrigin); } 120 113 121 bool isSecureTransitionTo(const KURL&) const; 114 122 … … 182 190 String m_domain; 183 191 unsigned short m_port; 192 SandboxFlags m_sandboxFlags; 184 193 bool m_noAccess; 185 194 bool m_universalAccess; -
trunk/WebCore/websockets/WebSocketChannel.cpp
r51317 r51577 160 160 if (m_context->isDocument()) { 161 161 Document* document = static_cast<Document*>(m_context); 162 if (cookiesEnabled(document)) 163 document->setCookie(m_handshake.serverSetCookie()); 162 if (cookiesEnabled(document)) { 163 ExceptionCode ec; // Exception (for sandboxed documents) ignored. 164 document->setCookie(m_handshake.serverSetCookie(), ec); 165 } 164 166 } 165 167 }
Note:
See TracChangeset
for help on using the changeset viewer.