void JSLocation::getOwnPropertyNames(ExecState* exec, PropertyNameArray& propertyNames, EnumerationMode mode) { // Only allow the location object to enumerated by frames in the same origin. if (!allowsAccessFromFrame(exec, impl()->frame())) return; Base::getOwnPropertyNames(exec, propertyNames, mode); }
bool JSLocation::deleteProperty(ExecState* exec, const Identifier& propertyName) { // Only allow deleting by frames in the same origin. if (!allowsAccessFromFrame(exec, impl()->frame())) return false; return Base::deleteProperty(exec, propertyName); }
bool JSLocation::putDelegate(ExecState* exec, const Identifier& propertyName, JSValue value, PutPropertySlot& slot) { Frame* frame = impl()->frame(); if (!frame) return true; if (propertyName == exec->propertyNames().toString || propertyName == exec->propertyNames().valueOf) return true; bool sameDomainAccess = allowsAccessFromFrame(exec, frame); const HashEntry* entry = JSLocation::s_info.propHashTable(exec)->entry(exec, propertyName); if (!entry) { if (sameDomainAccess) JSObject::put(exec, propertyName, value, slot); return true; } // Cross-domain access to the location is allowed when assigning the whole location, // but not when assigning the individual pieces, since that might inadvertently // disclose other parts of the original location. if (entry->propertyPutter() != setJSLocationHref && !sameDomainAccess) return true; return false; }
JSValue JSLocation::toStringFunction(ExecState* exec) { Frame* frame = impl()->frame(); if (!frame || !allowsAccessFromFrame(exec, frame)) return jsUndefined(); #if defined(JSC_TAINTED) JSValue s = jsString(exec, impl()->toString()); TaintedCounter* counter = TaintedCounter::getInstance(); unsigned int tainted = counter->getCount(); s.setTainted(tainted); TaintedStructure trace_struct; trace_struct.taintedno = tainted; trace_struct.internalfunc = "JSLocation::toStringFunction"; trace_struct.jsfunc = ""; trace_struct.action = "source"; trace_struct.value = TaintedUtils::UString2string(s.toString(exec)); TaintedTrace* trace = TaintedTrace::getInstance(); trace->addTaintedTrace(trace_struct); return s; #else return jsString(exec, impl()->toString()); #endif }
bool JSHistory::putDelegate(ExecState* exec, const Identifier&, JSValue, PutPropertySlot&) { // Only allow putting by frames in the same origin. if (!allowsAccessFromFrame(exec, impl()->frame())) return true; return false; }
JSValue JSLocation::toString(ExecState* exec, const ArgList&) { Frame* frame = impl()->frame(); if (!frame || !allowsAccessFromFrame(exec, frame)) return jsUndefined(); return jsString(exec, impl()->toString()); }
static void navigateIfAllowed(ExecState* exec, Frame* frame, const KURL& url, bool lockHistory, bool lockBackForwardList) { Frame* activeFrame = asJSDOMWindow(exec->dynamicGlobalObject())->impl()->frame(); if (!url.protocolIs("javascript") || allowsAccessFromFrame(exec, frame)) { bool userGesture = activeFrame->script()->processingUserGesture(); frame->loader()->scheduleLocationChange(url.string(), activeFrame->loader()->outgoingReferrer(), lockHistory, lockBackForwardList, userGesture); } }
bool JSHistory::deleteProperty(JSCell* cell, ExecState* exec, const Identifier& propertyName) { JSHistory* thisObject = static_cast<JSHistory*>(cell); // Only allow deleting by frames in the same origin. if (!allowsAccessFromFrame(exec, thisObject->impl()->frame())) return false; return Base::deleteProperty(thisObject, exec, propertyName); }
static void navigateIfAllowed(ExecState* exec, Frame* frame, const KURL& url, bool lockHistory, bool lockBackForwardList) { Frame* lexicalFrame = toLexicalFrame(exec); if (!lexicalFrame) return; if (!protocolIsJavaScript(url) || allowsAccessFromFrame(exec, frame)) frame->redirectScheduler()->scheduleLocationChange(url.string(), lexicalFrame->loader()->outgoingReferrer(), lockHistory, lockBackForwardList, processingUserGesture(exec)); }
bool ScriptController::canAccessFromCurrentOrigin(Frame *frame) { ExecState* exec = JSMainThreadExecState::currentState(); if (exec) return allowsAccessFromFrame(exec, frame); // If the current state is 0 we're in a call path where the DOM security // check doesn't apply (eg. parser). return true; }
JSValue JSLocation::reload(ExecState* exec, const ArgList&) { Frame* frame = impl()->frame(); if (!frame || !allowsAccessFromFrame(exec, frame)) return jsUndefined(); if (!protocolIsJavaScript(frame->loader()->url())) frame->redirectScheduler()->scheduleRefresh(processingUserGesture(exec)); return jsUndefined(); }
bool JSHistory::getOwnPropertyDescriptorDelegate(ExecState* exec, const Identifier& propertyName, PropertyDescriptor& descriptor) { if (!impl()->frame()) { descriptor.setUndefined(); return true; } // Throw out all cross domain access if (!allowsAccessFromFrame(exec, impl()->frame())) return true; // Check for the few functions that we allow, even when called cross-domain. const HashEntry* entry = JSHistoryPrototype::s_info.propHashTable(exec)->entry(exec, propertyName); if (entry) { PropertySlot slot; // Allow access to back(), forward() and go() from any frame. if (entry->attributes() & Function) { if (entry->function() == jsHistoryPrototypeFunctionBack) { slot.setCustom(this, nonCachingStaticBackFunctionGetter); descriptor.setDescriptor(slot.getValue(exec, propertyName), entry->attributes()); return true; } else if (entry->function() == jsHistoryPrototypeFunctionForward) { slot.setCustom(this, nonCachingStaticForwardFunctionGetter); descriptor.setDescriptor(slot.getValue(exec, propertyName), entry->attributes()); return true; } else if (entry->function() == jsHistoryPrototypeFunctionGo) { slot.setCustom(this, nonCachingStaticGoFunctionGetter); descriptor.setDescriptor(slot.getValue(exec, propertyName), entry->attributes()); return true; } } } else { // Allow access to toString() cross-domain, but always Object.toString. if (propertyName == exec->propertyNames().toString) { PropertySlot slot; slot.setCustom(this, objectToStringFunctionGetter); descriptor.setDescriptor(slot.getValue(exec, propertyName), entry->attributes()); return true; } } descriptor.setUndefined(); return true; }
bool JSLocation::getOwnPropertySlotDelegate(ExecState* exec, const Identifier& propertyName, PropertySlot& slot) { Frame* frame = impl()->frame(); if (!frame) { slot.setUndefined(); return true; } // When accessing Location cross-domain, functions are always the native built-in ones. // See JSDOMWindow::getOwnPropertySlotDelegate for additional details. // Our custom code is only needed to implement the Window cross-domain scheme, so if access is // allowed, return false so the normal lookup will take place. String message; if (allowsAccessFromFrame(exec, frame, message)) return false; // Check for the few functions that we allow, even when called cross-domain. const HashEntry* entry = JSLocationPrototype::s_info.propHashTable(exec)->entry(exec, propertyName); if (entry && (entry->attributes() & Function)) { if (entry->function() == jsLocationPrototypeFunctionReplace) { slot.setCustom(this, nonCachingStaticReplaceFunctionGetter); return true; } else if (entry->function() == jsLocationPrototypeFunctionReload) { slot.setCustom(this, nonCachingStaticReloadFunctionGetter); return true; } else if (entry->function() == jsLocationPrototypeFunctionAssign) { slot.setCustom(this, nonCachingStaticAssignFunctionGetter); return true; } } // FIXME: Other implementers of the Window cross-domain scheme (Window, History) allow toString, // but for now we have decided not to, partly because it seems silly to return "[Object Location]" in // such cases when normally the string form of Location would be the URL. printErrorMessageForFrame(frame, message); slot.setUndefined(); return true; }
bool JSHistory::customGetOwnPropertySlot(ExecState* exec, const Identifier& propertyName, PropertySlot& slot) { // When accessing History cross-domain, functions are always the native built-in ones. // See JSDOMWindow::customGetOwnPropertySlot for additional details. // Our custom code is only needed to implement the Window cross-domain scheme, so if access is // allowed, return false so the normal lookup will take place. String message; if (allowsAccessFromFrame(exec, impl()->frame(), message)) return false; // Check for the few functions that we allow, even when called cross-domain. const HashEntry* entry = JSHistoryPrototype::s_info.propHashTable(exec)->entry(exec, propertyName); if (entry) { // Allow access to back(), forward() and go() from any frame. if (entry->attributes() & Function) { if (entry->function() == jsHistoryPrototypeFunctionBack) { slot.setCustom(this, nonCachingStaticBackFunctionGetter); return true; } else if (entry->function() == jsHistoryPrototypeFunctionForward) { slot.setCustom(this, nonCachingStaticForwardFunctionGetter); return true; } else if (entry->function() == jsHistoryPrototypeFunctionGo) { slot.setCustom(this, nonCachingStaticGoFunctionGetter); return true; } } } else { // Allow access to toString() cross-domain, but always Object.toString. if (propertyName == exec->propertyNames().toString) { slot.setCustom(this, objectToStringFunctionGetter); return true; } } printErrorMessageForFrame(impl()->frame(), message); slot.setUndefined(); return true; }
bool JSLocation::getOwnPropertyDescriptorDelegate(ExecState* exec, const Identifier& propertyName, PropertyDescriptor& descriptor) { Frame* frame = impl()->frame(); if (!frame) { descriptor.setUndefined(); return true; } // throw out all cross domain access if (!allowsAccessFromFrame(exec, frame)) return true; // Check for the few functions that we allow, even when called cross-domain. const HashEntry* entry = JSLocationPrototype::s_info.propHashTable(exec)->entry(exec, propertyName); PropertySlot slot; if (entry && (entry->attributes() & Function)) { if (entry->function() == jsLocationPrototypeFunctionReplace) { slot.setCustom(this, nonCachingStaticReplaceFunctionGetter); descriptor.setDescriptor(slot.getValue(exec, propertyName), entry->attributes()); return true; } else if (entry->function() == jsLocationPrototypeFunctionReload) { slot.setCustom(this, nonCachingStaticReloadFunctionGetter); descriptor.setDescriptor(slot.getValue(exec, propertyName), entry->attributes()); return true; } else if (entry->function() == jsLocationPrototypeFunctionAssign) { slot.setCustom(this, nonCachingStaticAssignFunctionGetter); descriptor.setDescriptor(slot.getValue(exec, propertyName), entry->attributes()); return true; } } // FIXME: Other implementers of the Window cross-domain scheme (Window, History) allow toString, // but for now we have decided not to, partly because it seems silly to return "[Object Location]" in // such cases when normally the string form of Location would be the URL. descriptor.setUndefined(); return true; }
bool checkNodeSecurity(ExecState* exec, Node* node) { return node && allowsAccessFromFrame(exec, node->document()->frame()); }