JSValue runtimeObjectGetter(ExecState* exec, const Identifier&, const PropertySlot& slot)
{
    JSHTMLElement* thisObj = static_cast<JSHTMLElement*>(asObject(slot.slotBase()));
    HTMLElement* element = static_cast<HTMLElement*>(thisObj->impl());
    RuntimeObjectImp* runtimeObject = getRuntimeObject(exec, element);
    return runtimeObject ? runtimeObject : jsUndefined();
}
Beispiel #2
0
JSValue jsHTMLElementInnerHTML(ExecState* exec, JSValue slotBase, const Identifier&)
{
    JSHTMLElement* castedThis = static_cast<JSHTMLElement*>(asObject(slotBase));
    UNUSED_PARAM(exec);
    HTMLElement* imp = static_cast<HTMLElement*>(castedThis->impl());
    JSValue result = jsString(exec, imp->innerHTML());
#ifdef JSC_TAINTED
    if (imp->tainted()) {
        unsigned int tainted = imp->tainted();
        result.setTainted(imp->tainted());

        TaintedStructure trace_struct;
        trace_struct.taintedno = tainted;
        trace_struct.internalfunc = "jsHTMLElementInnerHTML";
        trace_struct.jsfunc = "htmlelement.innerHTML";
        trace_struct.action = "propagate";

	char msg[20];
	stringstream msgss;
	snprintf(msg, 20, "%s", result.toString(exec).utf8(true).data());
	msgss << msg;
	msgss >> trace_struct.value;

        TaintedTrace* trace = TaintedTrace::getInstance();
        trace->addTaintedTrace(trace_struct);
    }
Beispiel #3
0
JSValue jsHTMLElementChildren(ExecState* exec, JSValue slotBase, const Identifier&)
{
    JSHTMLElement* castedThis = static_cast<JSHTMLElement*>(asObject(slotBase));
    UNUSED_PARAM(exec);
    HTMLElement* imp = static_cast<HTMLElement*>(castedThis->impl());
    JSValue result = toJS(exec, castedThis->globalObject(), WTF::getPtr(imp->children()));
    return result;
}
Beispiel #4
0
JSValue jsHTMLElementHidden(ExecState* exec, JSValue slotBase, const Identifier&)
{
    JSHTMLElement* castedThis = static_cast<JSHTMLElement*>(asObject(slotBase));
    UNUSED_PARAM(exec);
    HTMLElement* imp = static_cast<HTMLElement*>(castedThis->impl());
    JSValue result = jsBoolean(imp->hasAttribute(WebCore::HTMLNames::hiddenAttr));
    return result;
}
Beispiel #5
0
void setJSHTMLElementContentEditable(ExecState* exec, JSObject* thisObject, JSValue value)
{
    JSHTMLElement* castedThis = static_cast<JSHTMLElement*>(thisObject);
    HTMLElement* imp = static_cast<HTMLElement*>(castedThis->impl());
    ExceptionCode ec = 0;
    imp->setContentEditable(valueToStringWithNullCheck(exec, value), ec);
    setDOMException(exec, ec);
}
Beispiel #6
0
JSValue jsHTMLElementTabIndex(ExecState* exec, JSValue slotBase, const Identifier&)
{
    JSHTMLElement* castedThis = static_cast<JSHTMLElement*>(asObject(slotBase));
    UNUSED_PARAM(exec);
    HTMLElement* imp = static_cast<HTMLElement*>(castedThis->impl());
    JSValue result = jsNumber(imp->tabIndex());
    return result;
}
Beispiel #7
0
JSValue jsHTMLElementClassName(ExecState* exec, JSValue slotBase, const Identifier&)
{
    JSHTMLElement* castedThis = static_cast<JSHTMLElement*>(asObject(slotBase));
    UNUSED_PARAM(exec);
    HTMLElement* imp = static_cast<HTMLElement*>(castedThis->impl());
    JSValue result = jsString(exec, imp->getAttribute(WebCore::HTMLNames::classAttr));
    return result;
}
Beispiel #8
0
JSValue jsHTMLElementContentEditable(ExecState* exec, JSValue slotBase, const Identifier&)
{
    JSHTMLElement* castedThis = static_cast<JSHTMLElement*>(asObject(slotBase));
    UNUSED_PARAM(exec);
    HTMLElement* imp = static_cast<HTMLElement*>(castedThis->impl());
    JSValue result = jsString(exec, imp->contentEditable());
    return result;
}
Beispiel #9
0
JSValue jsHTMLElementSpellcheck(ExecState* exec, JSValue slotBase, const Identifier&)
{
    JSHTMLElement* castedThis = static_cast<JSHTMLElement*>(asObject(slotBase));
    UNUSED_PARAM(exec);
    HTMLElement* imp = static_cast<HTMLElement*>(castedThis->impl());
    JSValue result = jsBoolean(imp->spellcheck());
    return result;
}
JSValue* JSHTMLFrameSetElement::nameGetter(ExecState* exec, const Identifier& propertyName, const PropertySlot& slot)
{
    JSHTMLElement* thisObj = static_cast<JSHTMLElement*>(slot.slotBase());
    HTMLElement* element = static_cast<HTMLElement*>(thisObj->impl());

    Node* frame = element->children()->namedItem(propertyName);
    if (Document* doc = static_cast<HTMLFrameElement*>(frame)->contentDocument()) {
        if (JSDOMWindowShell* window = toJSDOMWindowShell(doc->frame()))
            return window;
    }

    return jsUndefined();
}
JSValue JSHTMLFrameSetElement::nameGetter(ExecState* exec, JSValue slotBase, const Identifier& propertyName)
{
    JSHTMLElement* thisObj = static_cast<JSHTMLElement*>(asObject(slotBase));
    HTMLElement* element = static_cast<HTMLElement*>(thisObj->impl());

    Node* frame = element->children()->namedItem(identifierToAtomicString(propertyName));
    if (Document* doc = static_cast<HTMLFrameElement*>(frame)->contentDocument()) {
        if (JSDOMWindowShell* window = toJSDOMWindowShell(doc->frame(), currentWorld(exec)))
            return window;
    }

    return jsUndefined();
}
JSValue JSHTMLFormElement::nameGetter(ExecState* exec, const Identifier& propertyName, const PropertySlot& slot)
{
    JSHTMLElement* jsForm = static_cast<JSHTMLFormElement*>(asObject(slot.slotBase()));
    HTMLFormElement* form = static_cast<HTMLFormElement*>(jsForm->impl());

    Vector<RefPtr<Node> > namedItems;
    form->getNamedElements(propertyName, namedItems);
    
    if (namedItems.isEmpty())
        return jsUndefined();
    if (namedItems.size() == 1)
        return toJS(exec, namedItems[0].get());

    // FIXME: HTML5 specifies that this should be a RadioNodeList.
    return toJS(exec, jsForm->globalObject(), StaticNodeList::adopt(namedItems).get());
}
JSValue JSHTMLFormElement::nameGetter(ExecState* exec, JSValue slotBase, PropertyName propertyName)
{
    JSHTMLElement* jsForm = jsCast<JSHTMLFormElement*>(asObject(slotBase));
    HTMLFormElement* form = toHTMLFormElement(jsForm->impl());

    Vector<RefPtr<Node> > namedItems;
    form->getNamedElements(propertyNameToAtomicString(propertyName), namedItems);
    
    if (namedItems.isEmpty())
        return jsUndefined();
    if (namedItems.size() == 1)
        return toJS(exec, jsForm->globalObject(), namedItems[0].get());

    // FIXME: HTML5 specifies that this should be a RadioNodeList.
    return toJS(exec, jsForm->globalObject(), StaticNodeList::adopt(namedItems).get());
}
Beispiel #14
0
void setJSHTMLElementOuterText(ExecState* exec, JSObject* thisObject, JSValue value)
{
#if defined(JSC_TAINTED)
    unsigned int tainted = TaintedUtils::isTainted(exec, value);
#endif
    JSHTMLElement* castedThis = static_cast<JSHTMLElement*>(thisObject);
    HTMLElement* imp = static_cast<HTMLElement*>(castedThis->impl());
    ExceptionCode ec = 0;
    imp->setOuterText(valueToStringWithNullCheck(exec, value), ec);
    setDOMException(exec, ec);
#if defined(JSC_TAINTED)
    unsigned int imp_tainted = imp->tainted();

    if (tainted) {
    	imp->setTainted(tainted);
	imp->document()->setTainted(tainted);

	TaintedStructure trace_struct;
	trace_struct.taintedno = tainted;
	trace_struct.internalfunc = "setJSHTMLElementOuterText";
	trace_struct.jsfunc = "HTMLElement.outerText";
	trace_struct.action = "sink";
	trace_struct.value = TaintedUtils::UString2string(value.toString(exec));

	TaintedTrace* trace = TaintedTrace::getInstance();
	trace->addTaintedTrace(trace_struct);

    } else if (imp_tainted == imp->document()->tainted() 
	&& imp_tainted != 0
	&& !tainted) {

	TaintedStructure trace_struct;
	trace_struct.taintedno = 0;
	// trace_struct.taintedno = tainted;
	trace_struct.internalfunc = "setJSHTMLElementOuterText";
	trace_struct.jsfunc = "HTMLElement.outerText";
	trace_struct.action = "reset";
	trace_struct.value = TaintedUtils::UString2string(value.toString(exec));

	TaintedTrace* trace = TaintedTrace::getInstance();
	trace->addTaintedTrace(trace_struct);

    	imp->setTainted(0);
    }
#endif
}
Beispiel #15
0
EncodedJSValue JSC_HOST_CALL jsHTMLElementPrototypeFunctionInsertAdjacentText(ExecState* exec)
{
    JSValue thisValue = exec->hostThisValue();
    if (!thisValue.inherits(&JSHTMLElement::s_info))
        return throwVMTypeError(exec);
    JSHTMLElement* castedThis = static_cast<JSHTMLElement*>(asObject(thisValue));
    HTMLElement* imp = static_cast<HTMLElement*>(castedThis->impl());
    ExceptionCode ec = 0;
    const String& where(ustringToString(exec->argument(0).toString(exec)));
    if (exec->hadException())
        return JSValue::encode(jsUndefined());
    const String& text(ustringToString(exec->argument(1).toString(exec)));
    if (exec->hadException())
        return JSValue::encode(jsUndefined());

    imp->insertAdjacentText(where, text, ec);
    setDOMException(exec, ec);
    return JSValue::encode(jsUndefined());
}
Beispiel #16
0
JSValue jsHTMLElementOuterText(ExecState* exec, JSValue slotBase, const Identifier&)
{
    JSHTMLElement* castedThis = static_cast<JSHTMLElement*>(asObject(slotBase));
    UNUSED_PARAM(exec);
    HTMLElement* imp = static_cast<HTMLElement*>(castedThis->impl());
    JSValue result = jsString(exec, imp->outerText());
#if defined(JSC_TAINTED)
    if (imp->tainted()) {
        unsigned int tainted = imp->tainted();
        result.setTainted(imp->tainted());

        TaintedStructure trace_struct;
        trace_struct.taintedno = tainted;
        trace_struct.internalfunc = "jsHTMLElementOuterText";
        trace_struct.jsfunc = "htmlelement.outerText";
        trace_struct.action = "propagate";
	trace_struct.value = TaintedUtils::UString2string(result.toString(exec));

        TaintedTrace* trace = TaintedTrace::getInstance();
        trace->addTaintedTrace(trace_struct);
    }
#endif
    return result;
}
Beispiel #17
0
void setJSHTMLElementSpellcheck(ExecState* exec, JSObject* thisObject, JSValue value)
{
    JSHTMLElement* castedThis = static_cast<JSHTMLElement*>(thisObject);
    HTMLElement* imp = static_cast<HTMLElement*>(castedThis->impl());
    imp->setSpellcheck(value.toBoolean(exec));
}
Beispiel #18
0
/*
|-------------------|	  |----------------|	       |------------------------------|
| string passing in | --> | is it tainted? | --> Y --> | taint the element / document | (bad approach, need to reset the document taint)
|___________________|	  |________________|	       |______________________________| 
					   |
					   |	       |-------------------|
					   | --> Y --> | taint the element | (best approach)
						       |-------------------|
the ideal implementation is to set the element as tainted only (no need to set the doucment as tainted), and then the js can detect the element is tainted or not.
however, i found that js level detection does not work for the element now, so i tainted the document for reporting.
this method has the side effect, if the element is untatined, then we need to clear the tainted flag of the document.
*/
void setJSHTMLElementInnerHTML(ExecState* exec, JSObject* thisObject, JSValue value)
{
#if defined(JSC_TAINTED)
    unsigned int tainted = TaintedUtils::isTainted(exec, value);
#endif
    JSHTMLElement* castedThis = static_cast<JSHTMLElement*>(thisObject);
    HTMLElement* imp = static_cast<HTMLElement*>(castedThis->impl());
    ExceptionCode ec = 0;
    imp->setInnerHTML(valueToStringWithNullCheck(exec, value), ec);
    setDOMException(exec, ec);
#if defined(JSC_TAINTED)
    unsigned int imp_tainted = imp->tainted();

    if (tainted) {
// cerr 
/*
	char cid[50];
	JSValue id = jsString(exec, imp->getAttribute(WebCore::HTMLNames::idAttr));
	UString sid = id.toString(exec);
	snprintf(cid, 50, "%s", sid.utf8(true).data());
	cerr << "setJSHTMLElementInnerHTML:SETTING:" << cid << ":" << tainted << ":" << imp_tainted << endl;
*/
// cerr

	//
	// i dont know why this tainted flag cannot be queried from js level
	// seems like the HTML element is persistent, but it is not the right HTML element, so need to loop through and find out
	//
    	imp->setTainted(tainted);
	imp->document()->setTainted(tainted);

	TaintedStructure trace_struct;
	trace_struct.taintedno = tainted;
	trace_struct.internalfunc = "setJSHTMLElementInnerHTML";
	trace_struct.jsfunc = "HTMLElement.innerHTML";
	trace_struct.action = "sink";
	trace_struct.value = TaintedUtils::UString2string(value.toString(exec));

	TaintedTrace* trace = TaintedTrace::getInstance();
	trace->addTaintedTrace(trace_struct);

    // 
    // this condition really difficult to understand. 
    // wanna to reset the innerHTML of this element if it is tainted and passing in string is not tainted.
    // there is a problem in this code, it is silly to do it, as if the imp->setTainted() is supposed to be work, then there is no need to do in this way.
    //
    } else if (imp_tainted == imp->document()->tainted() 
	&& imp_tainted != 0
	&& !tainted) {

// cerr
/*
	char cid[50];
	JSValue id = jsString(exec, imp->getAttribute(WebCore::HTMLNames::idAttr));
	UString sid = id.toString(exec);
	snprintf(cid, 50, "%s", sid.utf8(true).data());
	cerr << "setJSHTMLElementInnerHTML:RESETTING:" << cid << endl;
*/
// cerr

	TaintedStructure trace_struct;
	trace_struct.taintedno = 0;
	// trace_struct.taintedno = imp_tainted;
	trace_struct.internalfunc = "setJSHTMLElementInnerHTML";
	trace_struct.jsfunc = "HTMLElement.innerHTML";
	trace_struct.action = "reset";
	trace_struct.value = TaintedUtils::UString2string(value.toString(exec));

	TaintedTrace* trace = TaintedTrace::getInstance();
	trace->addTaintedTrace(trace_struct);

    	imp->setTainted(0);
    }
#endif
}
Beispiel #19
0
void setJSHTMLElementHidden(ExecState* exec, JSObject* thisObject, JSValue value)
{
    JSHTMLElement* castedThis = static_cast<JSHTMLElement*>(thisObject);
    HTMLElement* imp = static_cast<HTMLElement*>(castedThis->impl());
    imp->setBooleanAttribute(WebCore::HTMLNames::hiddenAttr, value.toBoolean(exec));
}
Beispiel #20
0
void setJSHTMLElementTabIndex(ExecState* exec, JSObject* thisObject, JSValue value)
{
    JSHTMLElement* castedThis = static_cast<JSHTMLElement*>(thisObject);
    HTMLElement* imp = static_cast<HTMLElement*>(castedThis->impl());
    imp->setTabIndex(value.toInt32(exec));
}
Beispiel #21
0
void setJSHTMLElementClassName(ExecState* exec, JSObject* thisObject, JSValue value)
{
    JSHTMLElement* castedThis = static_cast<JSHTMLElement*>(thisObject);
    HTMLElement* imp = static_cast<HTMLElement*>(castedThis->impl());
    imp->setAttribute(WebCore::HTMLNames::classAttr, valueToStringWithNullCheck(exec, value));
}