Changeset 51577 in webkit


Ignore:
Timestamp:
Dec 1, 2009, 6:40:35 PM (16 years ago)
Author:
[email protected]
Message:

2009-12-01 Patrik Persson <[email protected]>

Reviewed by Darin Adler.

Implement HTML5 sandbox attribute for iframes.
http://www.w3.org/TR/html5/text-level-semantics.html#attr-iframe-sandbox
https://bugs.webkit.org/show_bug.cgi?id=21288

  • fast/frames/resources/non-sandboxed-iframe-navigation.html: Added.
  • fast/frames/resources/sandboxed-iframe-attribute-parsing-allowed.html: Added.
  • fast/frames/resources/sandboxed-iframe-attribute-parsing-disallowed.html: Added.
  • fast/frames/resources/sandboxed-iframe-form-allowed.html: Added.
  • fast/frames/resources/sandboxed-iframe-form-disallowed.html: Added.
  • fast/frames/resources/sandboxed-iframe-navigated.html: Added.
  • fast/frames/resources/sandboxed-iframe-navigation-child.html: Added.
  • fast/frames/resources/sandboxed-iframe-navigation-navigated.html: Added.
  • fast/frames/resources/sandboxed-iframe-navigation-parent.html: Added.
  • fast/frames/resources/sandboxed-iframe-navigation-source.html: Added.
  • fast/frames/resources/sandboxed-iframe-navigation-targetlink.html: Added.
  • fast/frames/resources/sandboxed-iframe-navigation-windowopen.html: Added.
  • fast/frames/resources/sandboxed-iframe-plugins-frame-applet.html: Added.
  • fast/frames/resources/sandboxed-iframe-plugins-frame-embed.html: Added.
  • fast/frames/resources/sandboxed-iframe-plugins-frame-object.html: Added.
  • fast/frames/resources/sandboxed-iframe-script-dynamic.html: Added.
  • fast/frames/resources/sandboxed-iframe-storage-allowed.html: Added.
  • fast/frames/resources/sandboxed-iframe-storage-disallowed.html: Added.
  • fast/frames/sandboxed-iframe-attribute-parsing-expected.txt: Added.
  • fast/frames/sandboxed-iframe-attribute-parsing.html: Added.
  • fast/frames/sandboxed-iframe-forms-expected.txt: Added.
  • fast/frames/sandboxed-iframe-forms.html: Added.
  • fast/frames/sandboxed-iframe-navigation-allowed-expected.txt: Added.
  • fast/frames/sandboxed-iframe-navigation-allowed.html: Added.
  • fast/frames/sandboxed-iframe-navigation-parent-expected.txt: Added.
  • fast/frames/sandboxed-iframe-navigation-parent.html: Added.
  • fast/frames/sandboxed-iframe-navigation-targetlink-expected.txt: Added.
  • fast/frames/sandboxed-iframe-navigation-targetlink.html: Added.
  • fast/frames/sandboxed-iframe-navigation-windowopen-expected.txt: Added.
  • fast/frames/sandboxed-iframe-navigation-windowopen.html: Added.
  • fast/frames/sandboxed-iframe-plugins-expected.txt: Added.
  • fast/frames/sandboxed-iframe-plugins.html: Added.
  • fast/frames/sandboxed-iframe-scripting-expected.txt: Added.
  • fast/frames/sandboxed-iframe-scripting.html: Added.
  • fast/frames/sandboxed-iframe-storage-expected.txt: Added.
  • fast/frames/sandboxed-iframe-storage.html: Added.
  • http/tests/security/resources/sandboxed-iframe-document-cookie-read-denied.html: Added.
  • http/tests/security/resources/sandboxed-iframe-modify-self.html: Added.
  • http/tests/security/resources/xss-DENIED-sandboxed-iframe-attacker.html: Added.
  • http/tests/security/sandboxed-iframe-document-cookie-expected.txt: Added.
  • http/tests/security/sandboxed-iframe-document-cookie.html: Added.
  • http/tests/security/sandboxed-iframe-modify-self-expected.txt: Added.
  • http/tests/security/sandboxed-iframe-modify-self.html: Added.
  • http/tests/security/xss-DENIED-sandboxed-iframe-expected.txt: Added.
  • http/tests/security/xss-DENIED-sandboxed-iframe.html: Added.
  • http/tests/xmlhttprequest/access-control-sandboxed-iframe-allow-expected.txt: Added.
  • http/tests/xmlhttprequest/access-control-sandboxed-iframe-allow.html: Added.
  • http/tests/xmlhttprequest/access-control-sandboxed-iframe-denied-expected.txt: Added.
  • http/tests/xmlhttprequest/access-control-sandboxed-iframe-denied-without-wildcard-expected.txt: Added.
  • http/tests/xmlhttprequest/access-control-sandboxed-iframe-denied-without-wildcard.html: Added.
  • http/tests/xmlhttprequest/access-control-sandboxed-iframe-denied.html: Added.
  • http/tests/xmlhttprequest/resources/access-control-sandboxed-iframe-allow-iframe.html: Added.
  • http/tests/xmlhttprequest/resources/access-control-sandboxed-iframe-allow.cgi: Added.
  • http/tests/xmlhttprequest/resources/access-control-sandboxed-iframe-denied-iframe.html: Added.
  • http/tests/xmlhttprequest/resources/access-control-sandboxed-iframe-denied-without-wildcard-iframe.html: Added.
  • http/tests/xmlhttprequest/resources/access-control-sandboxed-iframe-denied-without-wildcard.cgi: Added.
  • http/tests/xmlhttprequest/resources/access-control-sandboxed-iframe-denied.cgi: Added.

2009-12-01 Patrik Persson <[email protected]>

Reviewed by Darin Adler.

Implement HTML5 sandbox attribute for iframes.
http://www.w3.org/TR/html5/text-level-semantics.html#attr-iframe-sandbox
https://bugs.webkit.org/show_bug.cgi?id=21288

Tests: fast/frames/sandboxed-iframe-attribute-parsing.html

fast/frames/sandboxed-iframe-forms.html
fast/frames/sandboxed-iframe-navigation-allowed.html
fast/frames/sandboxed-iframe-navigation-parent.html
fast/frames/sandboxed-iframe-navigation-targetlink.html
fast/frames/sandboxed-iframe-navigation-windowopen.html
fast/frames/sandboxed-iframe-plugins.html
fast/frames/sandboxed-iframe-scripting.html
fast/frames/sandboxed-iframe-storage.html
http/tests/security/sandboxed-iframe-document-cookie.html
http/tests/security/sandboxed-iframe-modify-self.html
http/tests/security/xss-DENIED-sandboxed-iframe.html
http/tests/xmlhttprequest/access-control-sandboxed-iframe-allow.html
http/tests/xmlhttprequest/access-control-sandboxed-iframe-denied-without-wildcard.html
http/tests/xmlhttprequest/access-control-sandboxed-iframe-denied.html

  • bindings/js/JSDOMWindowCustom.cpp: sandboxing navigation (WebCore::createWindow):
  • bindings/js/ScriptController.cpp: sandboxing scripts (WebCore::ScriptController::isEnabled):
  • dom/Document.cpp: (WebCore::Document::processHttpEquiv): (WebCore::Document::cookie): raise exception when accessed from sandbox (WebCore::Document::setCookie): raise exception when accessed from sandbox (WebCore::Document::initSecurityContext): updae sandbox status (WebCore::Document::updateSandboxFlags):
  • dom/Document.h:
  • dom/Document.idl:
  • html/HTMLAppletElement.cpp: sandboxing applets (WebCore::HTMLAppletElement::createRenderer): (WebCore::HTMLAppletElement::renderWidgetForJSBindings): (WebCore::HTMLAppletElement::canEmbedJava):
  • html/HTMLAppletElement.h:
  • html/HTMLAttributeNames.in:
  • html/HTMLFrameOwnerElement.cpp: management of sandbox flags as stated in attribute (WebCore::HTMLFrameOwnerElement::HTMLFrameOwnerElement): (WebCore::HTMLFrameOwnerElement::setSandboxFlags):
  • html/HTMLFrameOwnerElement.h: (WebCore::HTMLFrameOwnerElement::sandboxFlags):
  • html/HTMLIFrameElement.cpp: sandbox attribute parsing (WebCore::parseSandboxAttribute): (WebCore::HTMLIFrameElement::parseMappedAttribute):
  • html/HTMLIFrameElement.idl:
  • inspector/InspectorController.cpp: (WebCore::InspectorController::getCookies):
  • loader/CrossOriginAccessControl.cpp: (WebCore::passesAccessControlCheck):
  • loader/FrameLoader.cpp: (WebCore::FrameLoader::FrameLoader): (WebCore::FrameLoader::init): (WebCore::FrameLoader::submitForm): sandboxing forms (WebCore::FrameLoader::requestObject): sandboxing plugins (WebCore::FrameLoader::shouldAllowNavigation): sandboxing navigation (WebCore::FrameLoader::updateSandboxFlags): propagation of sandbox flags
  • loader/FrameLoader.h: (WebCore::FrameLoader::ownerElementSandboxFlagsChanged): (WebCore::FrameLoader::isSandboxed): (WebCore::FrameLoader::sandboxFlags):
  • loader/FrameLoaderTypes.h: (WebCore::):
  • page/DOMWindow.cpp: disable storage and databases in sandboxed frames (WebCore::DOMWindow::sessionStorage): (WebCore::DOMWindow::localStorage): (WebCore::DOMWindow::openDatabase):
  • page/SecurityOrigin.cpp: added sandboxing status (WebCore::SecurityOrigin::SecurityOrigin): (WebCore::SecurityOrigin::canAccess): (WebCore::SecurityOrigin::canRequest): (WebCore::SecurityOrigin::toString):
  • page/SecurityOrigin.h: (WebCore::SecurityOrigin::setSandboxFlags): (WebCore::SecurityOrigin::isSandboxed): (WebCore::SecurityOrigin::canAccessDatabase): (WebCore::SecurityOrigin::canAccessStorage):
  • websockets/WebSocketChannel.cpp: (WebCore::WebSocketChannel::didReceiveData):
Location:
trunk
Files:
55 added
23 edited

Legend:

Unmodified
Added
Removed
  • trunk/LayoutTests/ChangeLog

    r51576 r51577  
     12009-12-01  Patrik Persson  <[email protected]>
     2
     3        Reviewed by Darin Adler.
     4
     5        Implement HTML5 sandbox attribute for iframes.
     6        http://www.w3.org/TR/html5/text-level-semantics.html#attr-iframe-sandbox
     7        https://bugs.webkit.org/show_bug.cgi?id=21288
     8
     9        * fast/frames/resources/non-sandboxed-iframe-navigation.html: Added.
     10        * fast/frames/resources/sandboxed-iframe-attribute-parsing-allowed.html: Added.
     11        * fast/frames/resources/sandboxed-iframe-attribute-parsing-disallowed.html: Added.
     12        * fast/frames/resources/sandboxed-iframe-form-allowed.html: Added.
     13        * fast/frames/resources/sandboxed-iframe-form-disallowed.html: Added.
     14        * fast/frames/resources/sandboxed-iframe-navigated.html: Added.
     15        * fast/frames/resources/sandboxed-iframe-navigation-child.html: Added.
     16        * fast/frames/resources/sandboxed-iframe-navigation-navigated.html: Added.
     17        * fast/frames/resources/sandboxed-iframe-navigation-parent.html: Added.
     18        * fast/frames/resources/sandboxed-iframe-navigation-source.html: Added.
     19        * fast/frames/resources/sandboxed-iframe-navigation-targetlink.html: Added.
     20        * fast/frames/resources/sandboxed-iframe-navigation-windowopen.html: Added.
     21        * fast/frames/resources/sandboxed-iframe-plugins-frame-applet.html: Added.
     22        * fast/frames/resources/sandboxed-iframe-plugins-frame-embed.html: Added.
     23        * fast/frames/resources/sandboxed-iframe-plugins-frame-object.html: Added.
     24        * fast/frames/resources/sandboxed-iframe-script-dynamic.html: Added.
     25        * fast/frames/resources/sandboxed-iframe-storage-allowed.html: Added.
     26        * fast/frames/resources/sandboxed-iframe-storage-disallowed.html: Added.
     27        * fast/frames/sandboxed-iframe-attribute-parsing-expected.txt: Added.
     28        * fast/frames/sandboxed-iframe-attribute-parsing.html: Added.
     29        * fast/frames/sandboxed-iframe-forms-expected.txt: Added.
     30        * fast/frames/sandboxed-iframe-forms.html: Added.
     31        * fast/frames/sandboxed-iframe-navigation-allowed-expected.txt: Added.
     32        * fast/frames/sandboxed-iframe-navigation-allowed.html: Added.
     33        * fast/frames/sandboxed-iframe-navigation-parent-expected.txt: Added.
     34        * fast/frames/sandboxed-iframe-navigation-parent.html: Added.
     35        * fast/frames/sandboxed-iframe-navigation-targetlink-expected.txt: Added.
     36        * fast/frames/sandboxed-iframe-navigation-targetlink.html: Added.
     37        * fast/frames/sandboxed-iframe-navigation-windowopen-expected.txt: Added.
     38        * fast/frames/sandboxed-iframe-navigation-windowopen.html: Added.
     39        * fast/frames/sandboxed-iframe-plugins-expected.txt: Added.
     40        * fast/frames/sandboxed-iframe-plugins.html: Added.
     41        * fast/frames/sandboxed-iframe-scripting-expected.txt: Added.
     42        * fast/frames/sandboxed-iframe-scripting.html: Added.
     43        * fast/frames/sandboxed-iframe-storage-expected.txt: Added.
     44        * fast/frames/sandboxed-iframe-storage.html: Added.
     45        * http/tests/security/resources/sandboxed-iframe-document-cookie-read-denied.html: Added.
     46        * http/tests/security/resources/sandboxed-iframe-modify-self.html: Added.
     47        * http/tests/security/resources/xss-DENIED-sandboxed-iframe-attacker.html: Added.
     48        * http/tests/security/sandboxed-iframe-document-cookie-expected.txt: Added.
     49        * http/tests/security/sandboxed-iframe-document-cookie.html: Added.
     50        * http/tests/security/sandboxed-iframe-modify-self-expected.txt: Added.
     51        * http/tests/security/sandboxed-iframe-modify-self.html: Added.
     52        * http/tests/security/xss-DENIED-sandboxed-iframe-expected.txt: Added.
     53        * http/tests/security/xss-DENIED-sandboxed-iframe.html: Added.
     54        * http/tests/xmlhttprequest/access-control-sandboxed-iframe-allow-expected.txt: Added.
     55        * http/tests/xmlhttprequest/access-control-sandboxed-iframe-allow.html: Added.
     56        * http/tests/xmlhttprequest/access-control-sandboxed-iframe-denied-expected.txt: Added.
     57        * http/tests/xmlhttprequest/access-control-sandboxed-iframe-denied-without-wildcard-expected.txt: Added.
     58        * http/tests/xmlhttprequest/access-control-sandboxed-iframe-denied-without-wildcard.html: Added.
     59        * http/tests/xmlhttprequest/access-control-sandboxed-iframe-denied.html: Added.
     60        * http/tests/xmlhttprequest/resources/access-control-sandboxed-iframe-allow-iframe.html: Added.
     61        * http/tests/xmlhttprequest/resources/access-control-sandboxed-iframe-allow.cgi: Added.
     62        * http/tests/xmlhttprequest/resources/access-control-sandboxed-iframe-denied-iframe.html: Added.
     63        * http/tests/xmlhttprequest/resources/access-control-sandboxed-iframe-denied-without-wildcard-iframe.html: Added.
     64        * http/tests/xmlhttprequest/resources/access-control-sandboxed-iframe-denied-without-wildcard.cgi: Added.
     65        * http/tests/xmlhttprequest/resources/access-control-sandboxed-iframe-denied.cgi: Added.
     66
    1672009-12-01  Chris Fleizach  <[email protected]>
    268
  • trunk/WebCore/ChangeLog

    r51576 r51577  
     12009-12-01  Patrik Persson  <[email protected]>
     2
     3        Reviewed by Darin Adler.
     4
     5        Implement HTML5 sandbox attribute for iframes.
     6        http://www.w3.org/TR/html5/text-level-semantics.html#attr-iframe-sandbox
     7        https://bugs.webkit.org/show_bug.cgi?id=21288
     8
     9        Tests: fast/frames/sandboxed-iframe-attribute-parsing.html
     10               fast/frames/sandboxed-iframe-forms.html
     11               fast/frames/sandboxed-iframe-navigation-allowed.html
     12               fast/frames/sandboxed-iframe-navigation-parent.html
     13               fast/frames/sandboxed-iframe-navigation-targetlink.html
     14               fast/frames/sandboxed-iframe-navigation-windowopen.html
     15               fast/frames/sandboxed-iframe-plugins.html
     16               fast/frames/sandboxed-iframe-scripting.html
     17               fast/frames/sandboxed-iframe-storage.html
     18               http/tests/security/sandboxed-iframe-document-cookie.html
     19               http/tests/security/sandboxed-iframe-modify-self.html
     20               http/tests/security/xss-DENIED-sandboxed-iframe.html
     21               http/tests/xmlhttprequest/access-control-sandboxed-iframe-allow.html
     22               http/tests/xmlhttprequest/access-control-sandboxed-iframe-denied-without-wildcard.html
     23               http/tests/xmlhttprequest/access-control-sandboxed-iframe-denied.html
     24
     25        * bindings/js/JSDOMWindowCustom.cpp: sandboxing navigation
     26        (WebCore::createWindow):
     27        * bindings/js/ScriptController.cpp: sandboxing scripts
     28        (WebCore::ScriptController::isEnabled):
     29        * dom/Document.cpp:
     30        (WebCore::Document::processHttpEquiv):
     31        (WebCore::Document::cookie): raise exception when accessed from sandbox
     32        (WebCore::Document::setCookie): raise exception when accessed from sandbox
     33        (WebCore::Document::initSecurityContext): updae sandbox status
     34        (WebCore::Document::updateSandboxFlags):
     35        * dom/Document.h:
     36        * dom/Document.idl:
     37        * html/HTMLAppletElement.cpp: sandboxing applets
     38        (WebCore::HTMLAppletElement::createRenderer):
     39        (WebCore::HTMLAppletElement::renderWidgetForJSBindings):
     40        (WebCore::HTMLAppletElement::canEmbedJava):
     41        * html/HTMLAppletElement.h:
     42        * html/HTMLAttributeNames.in:
     43        * html/HTMLFrameOwnerElement.cpp: management of sandbox flags as stated in attribute
     44        (WebCore::HTMLFrameOwnerElement::HTMLFrameOwnerElement):
     45        (WebCore::HTMLFrameOwnerElement::setSandboxFlags):
     46        * html/HTMLFrameOwnerElement.h:
     47        (WebCore::HTMLFrameOwnerElement::sandboxFlags):
     48        * html/HTMLIFrameElement.cpp: sandbox attribute parsing
     49        (WebCore::parseSandboxAttribute):
     50        (WebCore::HTMLIFrameElement::parseMappedAttribute):
     51        * html/HTMLIFrameElement.idl:
     52        * inspector/InspectorController.cpp:
     53        (WebCore::InspectorController::getCookies):
     54        * loader/CrossOriginAccessControl.cpp:
     55        (WebCore::passesAccessControlCheck):
     56        * loader/FrameLoader.cpp:
     57        (WebCore::FrameLoader::FrameLoader):
     58        (WebCore::FrameLoader::init):
     59        (WebCore::FrameLoader::submitForm): sandboxing forms
     60        (WebCore::FrameLoader::requestObject): sandboxing plugins
     61        (WebCore::FrameLoader::shouldAllowNavigation): sandboxing navigation
     62        (WebCore::FrameLoader::updateSandboxFlags): propagation of sandbox flags
     63        * loader/FrameLoader.h:
     64        (WebCore::FrameLoader::ownerElementSandboxFlagsChanged):
     65        (WebCore::FrameLoader::isSandboxed):
     66        (WebCore::FrameLoader::sandboxFlags):
     67        * loader/FrameLoaderTypes.h:
     68        (WebCore::):
     69        * page/DOMWindow.cpp: disable storage and databases in sandboxed frames
     70        (WebCore::DOMWindow::sessionStorage):
     71        (WebCore::DOMWindow::localStorage):
     72        (WebCore::DOMWindow::openDatabase):
     73        * page/SecurityOrigin.cpp: added sandboxing status
     74        (WebCore::SecurityOrigin::SecurityOrigin):
     75        (WebCore::SecurityOrigin::canAccess):
     76        (WebCore::SecurityOrigin::canRequest):
     77        (WebCore::SecurityOrigin::toString):
     78        * page/SecurityOrigin.h:
     79        (WebCore::SecurityOrigin::setSandboxFlags):
     80        (WebCore::SecurityOrigin::isSandboxed):
     81        (WebCore::SecurityOrigin::canAccessDatabase):
     82        (WebCore::SecurityOrigin::canAccessStorage):
     83        * websockets/WebSocketChannel.cpp:
     84        (WebCore::WebSocketChannel::didReceiveData):
     85
    1862009-12-01  Chris Fleizach  <[email protected]>
    287
  • trunk/WebCore/bindings/js/JSDOMWindowCustom.cpp

    r51363 r51577  
    745745    ASSERT(dynamicFrame);
    746746
     747    // Sandboxed iframes cannot open new auxiliary browsing contexts.
     748    if (lexicalFrame && lexicalFrame->loader()->isSandboxed(SandboxNavigation))
     749        return 0;
     750
    747751    ResourceRequest request;
    748752
  • trunk/WebCore/bindings/js/ScriptController.cpp

    r51512 r51577  
    290290{
    291291    Settings* settings = m_frame->settings();
    292     return m_frame->loader()->client()->allowJavaScript(settings && settings->isJavaScriptEnabled());
     292    return m_frame->loader()->client()->allowJavaScript(settings && settings->isJavaScriptEnabled() && !m_frame->loader()->isSandboxed(SandboxScripts));
    293293}
    294294
  • trunk/WebCore/dom/Document.cpp

    r51374 r51577  
    21822182    } else if (equalIgnoringCase(equiv, "set-cookie")) {
    21832183        // FIXME: make setCookie work on XML documents too; e.g. in case of <html:meta .....>
    2184         if (isHTMLDocument())
    2185             static_cast<HTMLDocument*>(this)->setCookie(content);
     2184        if (isHTMLDocument()) {
     2185            ExceptionCode ec; // Exception (for sandboxed documents) ignored.
     2186            static_cast<HTMLDocument*>(this)->setCookie(content, ec);
     2187        }
    21862188    } else if (equalIgnoringCase(equiv, "content-language"))
    21872189        setContentLanguage(content);
     
    30013003}
    30023004
    3003 String Document::cookie() const
     3005String Document::cookie(ExceptionCode& ec) const
    30043006{
    30053007    if (page() && !page()->cookieEnabled())
    30063008        return String();
     3009
     3010    // FIXME: The HTML5 DOM spec states that this attribute can raise an
     3011    // INVALID_STATE_ERR exception on getting if the Document has no
     3012    // browsing context.
     3013
     3014    if (securityOrigin()->isSandboxed(SandboxOrigin)) {
     3015        ec = SECURITY_ERR;
     3016        return String();
     3017    }
    30073018
    30083019    KURL cookieURL = this->cookieURL();
     
    30133024}
    30143025
    3015 void Document::setCookie(const String& value)
     3026void Document::setCookie(const String& value, ExceptionCode& ec)
    30163027{
    30173028    if (page() && !page()->cookieEnabled())
    30183029        return;
     3030
     3031    // FIXME: The HTML5 DOM spec states that this attribute can raise an
     3032    // INVALID_STATE_ERR exception on setting if the Document has no
     3033    // browsing context.
     3034
     3035    if (securityOrigin()->isSandboxed(SandboxOrigin)) {
     3036        ec = SECURITY_ERR;
     3037        return;
     3038    }
    30193039
    30203040    KURL cookieURL = this->cookieURL();
     
    42664286    ScriptExecutionContext::setSecurityOrigin(SecurityOrigin::create(url));
    42674287
     4288    updateSandboxFlags();
     4289 
    42684290    if (SecurityOrigin::allowSubstituteDataAccessToLocal()) {
    42694291        // If this document was loaded with substituteData, then the document can
     
    43144336    // not applicable to arbitrary documents.
    43154337    initDNSPrefetch();
     4338}
     4339
     4340void Document::updateSandboxFlags()
     4341{
     4342    if (m_frame && securityOrigin())
     4343        securityOrigin()->setSandboxFlags(m_frame->loader()->sandboxFlags());
    43164344}
    43174345
  • trunk/WebCore/dom/Document.h

    r51324 r51577  
    676676    void removeTitle(Element* titleElement);
    677677
    678     String cookie() const;
    679     void setCookie(const String&);
     678    String cookie(ExceptionCode&) const;
     679    void setCookie(const String&, ExceptionCode&);
    680680
    681681    String referrer() const;
     
    887887    //       that already contains content.
    888888    void setSecurityOrigin(SecurityOrigin*);
     889
     890    void updateSandboxFlags(); // Set sandbox flags as determined by the frame.
    889891
    890892    bool processingLoadEvent() const { return m_processingLoadEvent; }
  • trunk/WebCore/dom/Document.idl

    r51125 r51577  
    163163        readonly attribute DOMString URL;
    164164
    165         // FIXME: the DOM spec states that this attribute can
    166         // raise an exception on setting.
    167165                 attribute [ConvertNullToNullString] DOMString cookie
    168                      /*setter raises (DOMException)*/;
     166                     setter raises (DOMException),
     167                     getter raises (DOMException);
    169168
    170169        // FIXME: the DOM spec does NOT have this attribute
  • trunk/WebCore/html/HTMLAppletElement.cpp

    r47688 r51577  
    2929#include "MappedAttribute.h"
    3030#include "RenderApplet.h"
     31#include "SecurityOrigin.h"
    3132#include "Settings.h"
    3233
     
    109110RenderObject* HTMLAppletElement::createRenderer(RenderArena*, RenderStyle* style)
    110111{
    111     Settings* settings = document()->settings();
    112 
    113     if (settings && settings->isJavaEnabled()) {
     112    if (canEmbedJava()) {
    114113        HashMap<String, String> args;
    115114
     
    143142RenderWidget* HTMLAppletElement::renderWidgetForJSBindings() const
    144143{
    145     Settings* settings = document()->settings();
    146     if (!settings || !settings->isJavaEnabled())
     144    if (!canEmbedJava())
    147145        return 0;
    148146
     
    152150
    153151    return applet;
     152}
     153
     154bool HTMLAppletElement::canEmbedJava() const
     155{
     156    if (document()->securityOrigin()->isSandboxed(SandboxPlugins))
     157        return false;
     158
     159    Settings* settings = document()->settings();
     160    return settings && settings->isJavaEnabled();
    154161}
    155162
  • trunk/WebCore/html/HTMLAppletElement.h

    r47688 r51577  
    5252
    5353    void setupApplet() const;
     54    bool canEmbedJava() const;
    5455
    5556    virtual void insertedIntoDocument();
  • trunk/WebCore/html/HTMLAttributeNames.in

    r51304 r51577  
    223223rowspan
    224224rules
     225sandbox
    225226scheme
    226227scope
  • trunk/WebCore/html/HTMLFrameOwnerElement.cpp

    r47688 r51577  
    3636    : HTMLElement(tagName, document, CreateElement)
    3737    , m_contentFrame(0)
     38    , m_sandboxFlags(SandboxNone)
    3839{
    3940}
     
    6566}
    6667
     68void HTMLFrameOwnerElement::setSandboxFlags(SandboxFlags flags)
     69{
     70    if (m_sandboxFlags == flags)
     71        return;
     72
     73    m_sandboxFlags = flags;
     74   
     75    if (Frame* frame = contentFrame())
     76        frame->loader()->ownerElementSandboxFlagsChanged();
     77}
     78
    6779#if ENABLE(SVG)
    6880SVGDocument* HTMLFrameOwnerElement::getSVGDocument(ExceptionCode& ec) const
  • trunk/WebCore/html/HTMLFrameOwnerElement.h

    r47688 r51577  
    2222#define HTMLFrameOwnerElement_h
    2323
     24#include "FrameLoaderTypes.h"
    2425#include "HTMLElement.h"
    2526
     
    4748    virtual ScrollbarMode scrollingMode() const { return ScrollbarAuto; }
    4849
     50    SandboxFlags sandboxFlags() const { return m_sandboxFlags; }
     51   
    4952protected:
    5053    HTMLFrameOwnerElement(const QualifiedName& tagName, Document*);
    5154
     55    void setSandboxFlags(SandboxFlags);
     56   
    5257private:
    5358    friend class Frame;
     
    5964
    6065    Frame* m_contentFrame;
     66    SandboxFlags m_sandboxFlags;
    6167};
    6268
  • trunk/WebCore/html/HTMLIFrameElement.cpp

    r47688 r51577  
    55 *           (C) 2001 Dirk Mueller ([email protected])
    66 * Copyright (C) 2004, 2006, 2008, 2009 Apple Inc. All rights reserved.
     7 * Copyright (C) 2009 Ericsson AB. All rights reserved.
    78 *
    89 * This library is free software; you can redistribute it and/or
     
    6768}
    6869
     70static SandboxFlags parseSandboxAttribute(MappedAttribute* attribute)
     71{
     72    if (attribute->isNull())
     73        return SandboxNone;
     74
     75    // Parse the unordered set of unique space-separated tokens.
     76    SandboxFlags flags = SandboxAll;
     77    const UChar* characters = attribute->value().characters();
     78    unsigned length = attribute->value().length();
     79    unsigned start = 0;
     80    while (true) {
     81        while (start < length && isASCIISpace(characters[start]))
     82            ++start;
     83        if (start >= length)
     84            break;
     85        unsigned end = start + 1;
     86        while (end < length && !isASCIISpace(characters[end]))
     87            ++end;
     88
     89        // Turn off the corresponding sandbox flag if it's set as "allowed".
     90        String sandboxToken = String(characters + start, end - start);
     91        if (equalIgnoringCase(sandboxToken, "allow-same-origin"))
     92            flags &= ~SandboxOrigin;
     93        else if (equalIgnoringCase(sandboxToken, "allow-forms"))
     94            flags &= ~SandboxForms;
     95        else if (equalIgnoringCase(sandboxToken, "allow-scripts"))
     96            flags &= ~SandboxScripts;
     97
     98        start = end + 1;
     99    }
     100   
     101    return flags;
     102}
     103
    69104void HTMLIFrameElement::parseMappedAttribute(MappedAttribute* attr)
    70105{
     
    89124            // Add a rule that nulls out our border width.
    90125            addCSSLength(attr, CSSPropertyBorderWidth, "0");
    91     } else
     126    } else if (attr->name() == sandboxAttr)
     127        setSandboxFlags(parseSandboxAttribute(attr));
     128    else
    92129        HTMLFrameElementBase::parseMappedAttribute(attr);
    93130}
  • trunk/WebCore/html/HTMLIFrameElement.idl

    r47352 r51577  
    3434                 attribute [ConvertNullToNullString, Reflect=marginwidth] DOMString       marginWidth;
    3535                 attribute [ConvertNullToNullString, Reflect] DOMString       name;
     36                 attribute [ConvertNullToNullString, Reflect] DOMString       sandbox;
    3637                 attribute [ConvertNullToNullString, Reflect] DOMString       scrolling;
    3738                 attribute [ConvertNullToNullString, CustomSetter, Reflect] DOMString       src;
  • trunk/WebCore/inspector/InspectorController.cpp

    r51544 r51577  
    12041204            rawCookiesImplemented = getRawCookies(document, document->cookieURL(), docCookiesList);
    12051205           
    1206             if (!rawCookiesImplemented)
    1207                 // FIXME:We need duplication checking for the String representation of cookies.
    1208                 stringCookiesList += document->cookie();
    1209             else {
     1206            if (!rawCookiesImplemented) {
     1207                // FIXME: We need duplication checking for the String representation of cookies.
     1208                ExceptionCode ec = 0;
     1209                stringCookiesList += document->cookie(ec);
     1210                // Exceptions are thrown by cookie() in sandboxed frames. That won't happen here
     1211                // because "document" is the document of the main frame of the page.
     1212                ASSERT(!ec);
     1213            } else {
    12101214                int cookiesSize = docCookiesList.size();
    12111215                for (int i = 0; i < cookiesSize; i++) {
  • trunk/WebCore/loader/CrossOriginAccessControl.cpp

    r41825 r51577  
    101101        return true;
    102102
     103    // A sandboxed frame has a unique origin (for same-origin purposes).
     104    if (securityOrigin->isSandboxed(SandboxOrigin))
     105        return false;
     106
    103107    RefPtr<SecurityOrigin> accessControlOrigin = SecurityOrigin::createFromString(accessControlOriginString);
    104108    if (!accessControlOrigin->isSameSchemeHostPort(securityOrigin))
  • trunk/WebCore/loader/FrameLoader.cpp

    r51350 r51577  
    197197    , m_loadingFromCachedPage(false)
    198198    , m_suppressOpenerInNewFrame(false)
     199    , m_sandboxFlags(SandboxAll)
    199200#ifndef NDEBUG
    200201    , m_didDispatchDidCommitLoad(false)
     
    229230    m_creatingInitialEmptyDocument = false;
    230231    m_didCallImplicitClose = true;
     232
     233    // Propagate sandbox attributes to this Frameloader and its descendants.
     234    updateSandboxFlags();
    231235}
    232236
     
    437441    KURL u = completeURL(url.isNull() ? "" : url);
    438442    if (u.isEmpty())
     443        return;
     444
     445    if (isSandboxed(SandboxForms))
    439446        return;
    440447
     
    12551262        if (!settings || !settings->arePluginsEnabled() ||
    12561263            (!settings->isJavaEnabled() && MIMETypeRegistry::isJavaAppletMIMEType(mimeType)))
     1264            return false;
     1265        if (isSandboxed(SandboxPlugins))
    12571266            return false;
    12581267        return loadPlugin(renderer, completedURL, mimeType, paramNames, paramValues, useFallback);
     
    21972206    if (m_frame == targetFrame)
    21982207        return true;
     2208
     2209    // A sandboxed frame can only navigate itself and its descendants.
     2210    if (isSandboxed(SandboxNavigation) && !targetFrame->tree()->isDescendantOf(m_frame))
     2211        return false;
    21992212
    22002213    // Let a frame navigate the top-level window that contains it.  This is
     
    39063919}
    39073920
     3921void FrameLoader::updateSandboxFlags()
     3922{
     3923    SandboxFlags flags = SandboxNone;
     3924    if (Frame* parentFrame = m_frame->tree()->parent())
     3925        flags |= parentFrame->loader()->sandboxFlags();
     3926    if (HTMLFrameOwnerElement* ownerElement = m_frame->ownerElement())
     3927        flags |= ownerElement->sandboxFlags();
     3928
     3929    if (m_sandboxFlags == flags)
     3930        return;
     3931       
     3932    m_sandboxFlags = flags;
     3933
     3934    m_frame->document()->updateSandboxFlags();
     3935
     3936    for (Frame* child = m_frame->tree()->firstChild(); child; child = child->tree()->nextSibling())
     3937        child->loader()->updateSandboxFlags();
     3938 }
     3939
    39083940PassRefPtr<Widget> FrameLoader::createJavaAppletWidget(const IntSize& size, HTMLAppletElement* element, const HashMap<String, String>& args)
    39093941{
  • trunk/WebCore/loader/FrameLoader.h

    r50991 r51577  
    252252    void dispatchDocumentElementAvailable();
    253253
     254    void ownerElementSandboxFlagsChanged() { updateSandboxFlags(); }
     255   
     256    bool isSandboxed(SandboxFlags mask) const { return m_sandboxFlags & mask; }
     257    SandboxFlags sandboxFlags() const { return m_sandboxFlags; }
     258
    254259    // Mixed content related functions.
    255260    static bool isMixedContent(SecurityOrigin* context, const KURL&);
     
    436441    bool shouldTreatURLAsSameAsCurrent(const KURL&) const;
    437442
     443    void updateSandboxFlags();
     444   
    438445    Frame* m_frame;
    439446    FrameLoaderClient* m_client;
     
    507514    bool m_suppressOpenerInNewFrame;
    508515   
     516    SandboxFlags m_sandboxFlags;
     517
    509518#ifndef NDEBUG
    510519    bool m_didDispatchDidCommitLoad;
  • trunk/WebCore/loader/FrameLoaderTypes.h

    r49809 r51577  
    9393        NoReferrer
    9494    };
     95   
     96    enum SandboxFlag {
     97        SandboxNone = 0,
     98        SandboxNavigation = 1,
     99        SandboxPlugins = 1 << 1,
     100        SandboxOrigin = 1 << 2,
     101        SandboxForms = 1 << 3,
     102        SandboxScripts = 1 << 4,
     103        SandboxAll = -1 // Mask with all bits set to 1.
     104    };
     105
     106    typedef unsigned SandboxFlags;
    95107}
    96108
  • trunk/WebCore/page/DOMWindow.cpp

    r51495 r51577  
    570570    if (!document)
    571571        return 0;
     572   
     573    if (!document->securityOrigin()->canAccessStorage())
     574        return 0;
    572575
    573576    Page* page = document->page();
     
    591594    Document* document = this->document();
    592595    if (!document)
     596        return 0;
     597   
     598    if (!document->securityOrigin()->canAccessStorage())
    593599        return 0;
    594600       
     
    11081114        return 0;
    11091115
    1110     Document* doc = m_frame->document();
     1116    Document* document = m_frame->document();
     1117    if (!document->securityOrigin()->canAccessDatabase())
     1118        return 0;
    11111119
    11121120    Settings* settings = m_frame->settings();
     
    11141122        return 0;
    11151123
    1116     return Database::openDatabase(doc, name, version, displayName, estimatedSize, ec);
     1124    return Database::openDatabase(document, name, version, displayName, estimatedSize, ec);
    11171125}
    11181126#endif
  • trunk/WebCore/page/SecurityOrigin.cpp

    r51294 r51577  
    9696    , m_host(url.host().isNull() ? "" : url.host().lower())
    9797    , m_port(url.port())
     98    , m_sandboxFlags(SandboxNone)
    9899    , m_noAccess(false)
    99100    , m_universalAccess(false)
     
    128129    , m_domain(other->m_domain.threadsafeCopy())
    129130    , m_port(other->m_port)
     131    , m_sandboxFlags(other->m_sandboxFlags)
    130132    , m_noAccess(other->m_noAccess)
    131133    , m_universalAccess(other->m_universalAccess)
     
    168170        return true;
    169171
    170     if (m_noAccess || other->m_noAccess)
     172    if (m_noAccess || other->m_noAccess || isSandboxed(SandboxOrigin) || other->isSandboxed(SandboxOrigin))
    171173        return false;
    172174
     
    209211        return true;
    210212
    211     if (m_noAccess)
     213    if (m_noAccess || isSandboxed(SandboxOrigin))
    212214        return false;
    213215
     
    297299        return "null";
    298300
    299     if (m_noAccess)
     301    if (m_noAccess || isSandboxed(SandboxOrigin))
    300302        return "null";
    301303
  • trunk/WebCore/page/SecurityOrigin.h

    r50924 r51577  
    3535#include <wtf/Threading.h>
    3636
     37#include "FrameLoaderTypes.h"
    3738#include "PlatformString.h"
    3839#include "StringHash.h"
     
    111112        void grantUniversalAccess();
    112113
     114        // Sandboxing status as determined by the frame.
     115        void setSandboxFlags(SandboxFlags flags) { m_sandboxFlags = flags; }
     116        bool isSandboxed(SandboxFlags mask) const { return m_sandboxFlags & mask; }
     117
     118        bool canAccessDatabase() const { return !isSandboxed(SandboxOrigin); }
     119        bool canAccessStorage() const { return !isSandboxed(SandboxOrigin); }
     120
    113121        bool isSecureTransitionTo(const KURL&) const;
    114122
     
    182190        String m_domain;
    183191        unsigned short m_port;
     192        SandboxFlags m_sandboxFlags;
    184193        bool m_noAccess;
    185194        bool m_universalAccess;
  • trunk/WebCore/websockets/WebSocketChannel.cpp

    r51317 r51577  
    160160                if (m_context->isDocument()) {
    161161                    Document* document = static_cast<Document*>(m_context);
    162                     if (cookiesEnabled(document))
    163                         document->setCookie(m_handshake.serverSetCookie());
     162                    if (cookiesEnabled(document)) {
     163                        ExceptionCode ec; // Exception (for sandboxed documents) ignored.
     164                        document->setCookie(m_handshake.serverSetCookie(), ec);
     165                    }
    164166                }
    165167            }
Note: See TracChangeset for help on using the changeset viewer.