void JSLocation::getOwnPropertyNames(ExecState* exec, PropertyNameArray& propertyNames, EnumerationMode mode)
{
// Only allow the location object to enumerated by frames in the same origin.
if (!allowsAccessFromFrame(exec, impl()->frame()))
return;
Base::getOwnPropertyNames(exec, propertyNames, mode);
}
bool JSLocation::deleteProperty(ExecState* exec, const Identifier& propertyName)
{
// Only allow deleting by frames in the same origin.
if (!allowsAccessFromFrame(exec, impl()->frame()))
return false;
return Base::deleteProperty(exec, propertyName);
}
bool JSLocation::putDelegate(ExecState* exec, const Identifier& propertyName, JSValue value, PutPropertySlot& slot)
{
Frame* frame = impl()->frame();
if (!frame)
return true;
if (propertyName == exec->propertyNames().toString || propertyName == exec->propertyNames().valueOf)
return true;
bool sameDomainAccess = allowsAccessFromFrame(exec, frame);
const HashEntry* entry = JSLocation::s_info.propHashTable(exec)->entry(exec, propertyName);
if (!entry) {
if (sameDomainAccess)
JSObject::put(exec, propertyName, value, slot);
return true;
}
// Cross-domain access to the location is allowed when assigning the whole location,
// but not when assigning the individual pieces, since that might inadvertently
// disclose other parts of the original location.
if (entry->propertyPutter() != setJSLocationHref && !sameDomainAccess)
return true;
return false;
}
JSValue JSLocation::toStringFunction(ExecState* exec)
{
Frame* frame = impl()->frame();
if (!frame || !allowsAccessFromFrame(exec, frame))
return jsUndefined();
#if defined(JSC_TAINTED)
JSValue s = jsString(exec, impl()->toString());
TaintedCounter* counter = TaintedCounter::getInstance();
unsigned int tainted = counter->getCount();
s.setTainted(tainted);
TaintedStructure trace_struct;
trace_struct.taintedno = tainted;
trace_struct.internalfunc = "JSLocation::toStringFunction";
trace_struct.jsfunc = "";
trace_struct.action = "source";
trace_struct.value = TaintedUtils::UString2string(s.toString(exec));
TaintedTrace* trace = TaintedTrace::getInstance();
trace->addTaintedTrace(trace_struct);
return s;
#else
return jsString(exec, impl()->toString());
#endif
}
bool JSHistory::putDelegate(ExecState* exec, const Identifier&, JSValue, PutPropertySlot&)
{
// Only allow putting by frames in the same origin.
if (!allowsAccessFromFrame(exec, impl()->frame()))
return true;
return false;
}
JSValue JSLocation::toString(ExecState* exec, const ArgList&)
{
Frame* frame = impl()->frame();
if (!frame || !allowsAccessFromFrame(exec, frame))
return jsUndefined();
return jsString(exec, impl()->toString());
}
static void navigateIfAllowed(ExecState* exec, Frame* frame, const KURL& url, bool lockHistory, bool lockBackForwardList)
{
Frame* activeFrame = asJSDOMWindow(exec->dynamicGlobalObject())->impl()->frame();
if (!url.protocolIs("javascript") || allowsAccessFromFrame(exec, frame)) {
bool userGesture = activeFrame->script()->processingUserGesture();
frame->loader()->scheduleLocationChange(url.string(), activeFrame->loader()->outgoingReferrer(), lockHistory, lockBackForwardList, userGesture);
}
}
bool JSHistory::deleteProperty(JSCell* cell, ExecState* exec, const Identifier& propertyName)
{
JSHistory* thisObject = static_cast<JSHistory*>(cell);
// Only allow deleting by frames in the same origin.
if (!allowsAccessFromFrame(exec, thisObject->impl()->frame()))
return false;
return Base::deleteProperty(thisObject, exec, propertyName);
}
static void navigateIfAllowed(ExecState* exec, Frame* frame, const KURL& url, bool lockHistory, bool lockBackForwardList)
{
Frame* lexicalFrame = toLexicalFrame(exec);
if (!lexicalFrame)
return;
if (!protocolIsJavaScript(url) || allowsAccessFromFrame(exec, frame))
frame->redirectScheduler()->scheduleLocationChange(url.string(), lexicalFrame->loader()->outgoingReferrer(), lockHistory, lockBackForwardList, processingUserGesture(exec));
}
bool ScriptController::canAccessFromCurrentOrigin(Frame *frame)
{
ExecState* exec = JSMainThreadExecState::currentState();
if (exec)
return allowsAccessFromFrame(exec, frame);
// If the current state is 0 we're in a call path where the DOM security
// check doesn't apply (eg. parser).
return true;
}
JSValue JSLocation::reload(ExecState* exec, const ArgList&)
{
Frame* frame = impl()->frame();
if (!frame || !allowsAccessFromFrame(exec, frame))
return jsUndefined();
if (!protocolIsJavaScript(frame->loader()->url()))
frame->redirectScheduler()->scheduleRefresh(processingUserGesture(exec));
return jsUndefined();
}
bool JSHistory::getOwnPropertyDescriptorDelegate(ExecState* exec, const Identifier& propertyName, PropertyDescriptor& descriptor)
{
if (!impl()->frame()) {
descriptor.setUndefined();
return true;
}
// Throw out all cross domain access
if (!allowsAccessFromFrame(exec, impl()->frame()))
return true;
// Check for the few functions that we allow, even when called cross-domain.
const HashEntry* entry = JSHistoryPrototype::s_info.propHashTable(exec)->entry(exec, propertyName);
if (entry) {
PropertySlot slot;
// Allow access to back(), forward() and go() from any frame.
if (entry->attributes() & Function) {
if (entry->function() == jsHistoryPrototypeFunctionBack) {
slot.setCustom(this, nonCachingStaticBackFunctionGetter);
descriptor.setDescriptor(slot.getValue(exec, propertyName), entry->attributes());
return true;
} else if (entry->function() == jsHistoryPrototypeFunctionForward) {
slot.setCustom(this, nonCachingStaticForwardFunctionGetter);
descriptor.setDescriptor(slot.getValue(exec, propertyName), entry->attributes());
return true;
} else if (entry->function() == jsHistoryPrototypeFunctionGo) {
slot.setCustom(this, nonCachingStaticGoFunctionGetter);
descriptor.setDescriptor(slot.getValue(exec, propertyName), entry->attributes());
return true;
}
}
} else {
// Allow access to toString() cross-domain, but always Object.toString.
if (propertyName == exec->propertyNames().toString) {
PropertySlot slot;
slot.setCustom(this, objectToStringFunctionGetter);
descriptor.setDescriptor(slot.getValue(exec, propertyName), entry->attributes());
return true;
}
}
descriptor.setUndefined();
return true;
}
bool JSLocation::getOwnPropertySlotDelegate(ExecState* exec, const Identifier& propertyName, PropertySlot& slot)
{
Frame* frame = impl()->frame();
if (!frame) {
slot.setUndefined();
return true;
}
// When accessing Location cross-domain, functions are always the native built-in ones.
// See JSDOMWindow::getOwnPropertySlotDelegate for additional details.
// Our custom code is only needed to implement the Window cross-domain scheme, so if access is
// allowed, return false so the normal lookup will take place.
String message;
if (allowsAccessFromFrame(exec, frame, message))
return false;
// Check for the few functions that we allow, even when called cross-domain.
const HashEntry* entry = JSLocationPrototype::s_info.propHashTable(exec)->entry(exec, propertyName);
if (entry && (entry->attributes() & Function)) {
if (entry->function() == jsLocationPrototypeFunctionReplace) {
slot.setCustom(this, nonCachingStaticReplaceFunctionGetter);
return true;
} else if (entry->function() == jsLocationPrototypeFunctionReload) {
slot.setCustom(this, nonCachingStaticReloadFunctionGetter);
return true;
} else if (entry->function() == jsLocationPrototypeFunctionAssign) {
slot.setCustom(this, nonCachingStaticAssignFunctionGetter);
return true;
}
}
// FIXME: Other implementers of the Window cross-domain scheme (Window, History) allow toString,
// but for now we have decided not to, partly because it seems silly to return "[Object Location]" in
// such cases when normally the string form of Location would be the URL.
printErrorMessageForFrame(frame, message);
slot.setUndefined();
return true;
}
bool JSHistory::customGetOwnPropertySlot(ExecState* exec, const Identifier& propertyName, PropertySlot& slot)
{
// When accessing History cross-domain, functions are always the native built-in ones.
// See JSDOMWindow::customGetOwnPropertySlot for additional details.
// Our custom code is only needed to implement the Window cross-domain scheme, so if access is
// allowed, return false so the normal lookup will take place.
String message;
if (allowsAccessFromFrame(exec, impl()->frame(), message))
return false;
// Check for the few functions that we allow, even when called cross-domain.
const HashEntry* entry = JSHistoryPrototype::s_info.propHashTable(exec)->entry(exec, propertyName);
if (entry) {
// Allow access to back(), forward() and go() from any frame.
if (entry->attributes() & Function) {
if (entry->function() == jsHistoryPrototypeFunctionBack) {
slot.setCustom(this, nonCachingStaticBackFunctionGetter);
return true;
} else if (entry->function() == jsHistoryPrototypeFunctionForward) {
slot.setCustom(this, nonCachingStaticForwardFunctionGetter);
return true;
} else if (entry->function() == jsHistoryPrototypeFunctionGo) {
slot.setCustom(this, nonCachingStaticGoFunctionGetter);
return true;
}
}
} else {
// Allow access to toString() cross-domain, but always Object.toString.
if (propertyName == exec->propertyNames().toString) {
slot.setCustom(this, objectToStringFunctionGetter);
return true;
}
}
printErrorMessageForFrame(impl()->frame(), message);
slot.setUndefined();
return true;
}
bool JSLocation::getOwnPropertyDescriptorDelegate(ExecState* exec, const Identifier& propertyName, PropertyDescriptor& descriptor)
{
Frame* frame = impl()->frame();
if (!frame) {
descriptor.setUndefined();
return true;
}
// throw out all cross domain access
if (!allowsAccessFromFrame(exec, frame))
return true;
// Check for the few functions that we allow, even when called cross-domain.
const HashEntry* entry = JSLocationPrototype::s_info.propHashTable(exec)->entry(exec, propertyName);
PropertySlot slot;
if (entry && (entry->attributes() & Function)) {
if (entry->function() == jsLocationPrototypeFunctionReplace) {
slot.setCustom(this, nonCachingStaticReplaceFunctionGetter);
descriptor.setDescriptor(slot.getValue(exec, propertyName), entry->attributes());
return true;
} else if (entry->function() == jsLocationPrototypeFunctionReload) {
slot.setCustom(this, nonCachingStaticReloadFunctionGetter);
descriptor.setDescriptor(slot.getValue(exec, propertyName), entry->attributes());
return true;
} else if (entry->function() == jsLocationPrototypeFunctionAssign) {
slot.setCustom(this, nonCachingStaticAssignFunctionGetter);
descriptor.setDescriptor(slot.getValue(exec, propertyName), entry->attributes());
return true;
}
}
// FIXME: Other implementers of the Window cross-domain scheme (Window, History) allow toString,
// but for now we have decided not to, partly because it seems silly to return "[Object Location]" in
// such cases when normally the string form of Location would be the URL.
descriptor.setUndefined();
return true;
}
bool checkNodeSecurity(ExecState* exec, Node* node)
{
return node && allowsAccessFromFrame(exec, node->document()->frame());
}
