bool JSHTMLDocument::getOwnPropertySlot(JSObject* object, ExecState* exec, PropertyName propertyName, PropertySlot& slot)
{
JSHTMLDocument* thisObject = jsCast<JSHTMLDocument*>(object);
ASSERT_GC_OBJECT_INHERITS(thisObject, info());
if (propertyName == "open") {
slot.setCustom(thisObject, ReadOnly | DontDelete | DontEnum, nonCachingStaticFunctionGetter<jsHTMLDocumentPrototypeFunctionOpen, 2>);
return true;
}
if (propertyName == "write") {
slot.setCustom(thisObject, ReadOnly | DontDelete | DontEnum, nonCachingStaticFunctionGetter<jsHTMLDocumentPrototypeFunctionWrite, 1>);
return true;
}
if (propertyName == "writeln") {
slot.setCustom(thisObject, ReadOnly | DontDelete | DontEnum, nonCachingStaticFunctionGetter<jsHTMLDocumentPrototypeFunctionWriteln, 1>);
return true;
}
if (canGetItemsForName(exec, &thisObject->impl(), propertyName)) {
slot.setCustom(thisObject, ReadOnly | DontDelete | DontEnum, thisObject->nameGetter);
return true;
}
if (const HashTableValue* entry = JSHTMLDocument::info()->staticPropHashTable->entry(propertyName)) {
slot.setCacheableCustom(thisObject, entry->attributes(), entry->propertyGetter());
return true;
}
return Base::getOwnPropertySlot(thisObject, exec, propertyName, slot);
}
EncodedJSValue JSC_HOST_CALL jsHTMLDocumentPrototypeFunctionWrite(ExecState* exec)
{
JSValue thisValue = exec->hostThisValue();
if (!thisValue.inherits(&JSHTMLDocument::s_info))
return throwVMTypeError(exec);
JSHTMLDocument* castedThis = static_cast<JSHTMLDocument*>(asObject(thisValue));
#ifdef JSC_TAINTED
/*
if we comment out the following code segement and move the detection to bindings/js/JSHTMLDocumentCustom.cpp
one of the test case like below cannot be detected anymore. need to investigate the reason behind.
document.write("hello"+document.location.href.substring(document.location.href.indexOf("default=")+8));\
the guess is the following code does not cover the primitive string.
*/
JSValue s = exec->argument(0);
if (s.isString() && s.isTainted()) {
HTMLDocument* d1 = static_cast<HTMLDocument*>(castedThis->impl());
d1->setTainted(s.isTainted());
TaintedStructure trace_struct;
trace_struct.taintedno = s.isTainted();
trace_struct.internalfunc = "jsHTMLDocumentPrototypeFunctionWrite";
trace_struct.jsfunc = "document.write";
trace_struct.action = "sink";
char msg[20];
stringstream msgss;
snprintf(msg, 20, "%s", s.toString(exec).utf8(true).data());
msgss << msg;
msgss >> trace_struct.value;
TaintedTrace* trace = TaintedTrace::getInstance();
trace->addTaintedTrace(trace_struct);
}
EncodedJSValue JSC_HOST_CALL jsHTMLDocumentPrototypeFunctionOpen(ExecState* exec)
{
JSValue thisValue = exec->hostThisValue();
if (!thisValue.inherits(&JSHTMLDocument::s_info))
return throwVMTypeError(exec);
JSHTMLDocument* castedThis = static_cast<JSHTMLDocument*>(asObject(thisValue));
return JSValue::encode(castedThis->open(exec));
}
JSValue jsHTMLDocumentVlinkColor(ExecState* exec, JSValue slotBase, const Identifier&)
{
JSHTMLDocument* castedThis = static_cast<JSHTMLDocument*>(asObject(slotBase));
UNUSED_PARAM(exec);
HTMLDocument* imp = static_cast<HTMLDocument*>(castedThis->impl());
JSValue result = jsString(exec, imp->vlinkColor());
return result;
}
JSValue jsHTMLDocumentActiveElement(ExecState* exec, JSValue slotBase, const Identifier&)
{
JSHTMLDocument* castedThis = static_cast<JSHTMLDocument*>(asObject(slotBase));
UNUSED_PARAM(exec);
HTMLDocument* imp = static_cast<HTMLDocument*>(castedThis->impl());
JSValue result = toJS(exec, castedThis->globalObject(), WTF::getPtr(imp->activeElement()));
return result;
}
JSValue jsHTMLDocumentHeight(ExecState* exec, JSValue slotBase, const Identifier&)
{
JSHTMLDocument* castedThis = static_cast<JSHTMLDocument*>(asObject(slotBase));
UNUSED_PARAM(exec);
HTMLDocument* imp = static_cast<HTMLDocument*>(castedThis->impl());
JSValue result = jsNumber(imp->height());
return result;
}
EncodedJSValue JSC_HOST_CALL jsHTMLDocumentPrototypeFunctionClose(ExecState* exec)
{
JSValue thisValue = exec->hostThisValue();
if (!thisValue.inherits(&JSHTMLDocument::s_info))
return throwVMTypeError(exec);
JSHTMLDocument* castedThis = static_cast<JSHTMLDocument*>(asObject(thisValue));
HTMLDocument* imp = static_cast<HTMLDocument*>(castedThis->impl());
imp->close();
return JSValue::encode(jsUndefined());
}
EncodedJSValue JSC_HOST_CALL jsHTMLDocumentPrototypeFunctionHasFocus(ExecState* exec)
{
JSValue thisValue = exec->hostThisValue();
if (!thisValue.inherits(&JSHTMLDocument::s_info))
return throwVMTypeError(exec);
JSHTMLDocument* castedThis = static_cast<JSHTMLDocument*>(asObject(thisValue));
HTMLDocument* imp = static_cast<HTMLDocument*>(castedThis->impl());
JSC::JSValue result = jsBoolean(imp->hasFocus());
return JSValue::encode(result);
}
EncodedJSValue JSC_HOST_CALL jsHTMLDocumentPrototypeFunctionWrite(ExecState* exec)
{
JSValue thisValue = exec->hostThisValue();
if (!thisValue.inherits(&JSHTMLDocument::s_info))
return throwVMTypeError(exec);
JSHTMLDocument* castedThis = static_cast<JSHTMLDocument*>(asObject(thisValue));
#if defined(JSC_TAINTED)
/*
if we comment out the following code segement and move the detection to bindings/js/JSHTMLDocumentCustom.cpp
one of the test case like below cannot be detected anymore. need to investigate the reason behind.
document.write("hello"+document.location.href.substring(document.location.href.indexOf("default=")+8));\
the guess is the following code does not cover the primitive string.
*/
JSValue s = exec->argument(0);
if (s.isString() && s.isTainted()) {
HTMLDocument* d1 = static_cast<HTMLDocument*>(castedThis->impl());
d1->setTainted(s.isTainted());
TaintedStructure trace_struct;
trace_struct.taintedno = s.isTainted();
trace_struct.internalfunc = "jsHTMLDocumentPrototypeFunctionWrite";
trace_struct.jsfunc = "document.write";
trace_struct.action = "sink";
trace_struct.value = TaintedUtils::UString2string(s.toString(exec));
TaintedTrace* trace = TaintedTrace::getInstance();
trace->addTaintedTrace(trace_struct);
}
if (s.inherits(&StringObject::s_info)) {
unsigned int tainted = asStringObject(s)->isTainted();
if (tainted) {
HTMLDocument* d2 = static_cast<HTMLDocument*>(castedThis->impl());
d2->setTainted(tainted);
TaintedStructure trace_struct;
trace_struct.taintedno = tainted;
trace_struct.internalfunc = "jsHTMLDocumentPrototypeFunctionWrite";
trace_struct.jsfunc = "document.write";
trace_struct.action = "sink";
trace_struct.value = TaintedUtils::UString2string(s.toString(exec));
TaintedTrace* trace = TaintedTrace::getInstance();
trace->addTaintedTrace(trace_struct);
}
}
#endif
return JSValue::encode(castedThis->write(exec));
}
EncodedJSValue JSC_HOST_CALL jsHTMLDocumentPrototypeFunctionWriteln(ExecState* exec)
{
JSValue thisValue = exec->hostThisValue();
if (!thisValue.inherits(&JSHTMLDocument::s_info))
return throwVMTypeError(exec);
JSHTMLDocument* castedThis = static_cast<JSHTMLDocument*>(asObject(thisValue));
#if defined(JSC_TAINTED)
JSValue s = exec->argument(0);
if (s.isString() && s.isTainted() > 0) {
HTMLDocument* d1 = static_cast<HTMLDocument*>(castedThis->impl());
d1->setTainted(s.isTainted());
TaintedStructure trace_struct;
trace_struct.taintedno = s.isTainted();
trace_struct.internalfunc = "jsHTMLDocumentPrototypeFunctionWriteln";
trace_struct.jsfunc = "document.writeln";
trace_struct.action = "sink";
trace_struct.value = TaintedUtils::UString2string(s.toString(exec));
TaintedTrace* trace = TaintedTrace::getInstance();
trace->addTaintedTrace(trace_struct);
}
if (s.inherits(&StringObject::s_info)) {
unsigned int tainted = asStringObject(s)->isTainted();
if (tainted) {
HTMLDocument* d2 = static_cast<HTMLDocument*>(castedThis->impl());
d2->setTainted(tainted);
TaintedStructure trace_struct;
trace_struct.taintedno = tainted;
trace_struct.internalfunc = "jsHTMLDocumentPrototypeFunctionWriteln";
trace_struct.jsfunc = "document.writeln";
trace_struct.action = "sink";
trace_struct.value = TaintedUtils::UString2string(s.toString(exec));
TaintedTrace* trace = TaintedTrace::getInstance();
trace->addTaintedTrace(trace_struct);
}
}
#endif
return JSValue::encode(castedThis->writeln(exec));
}
bool JSHTMLDocument::getOwnPropertySlot(JSObject* object, ExecState* exec, PropertyName propertyName, PropertySlot& slot)
{
JSHTMLDocument* thisObject = jsCast<JSHTMLDocument*>(object);
ASSERT_GC_OBJECT_INHERITS(thisObject, info());
if (propertyName == "open") {
if (Base::getOwnPropertySlot(thisObject, exec, propertyName, slot))
return true;
slot.setCustom(thisObject, ReadOnly | DontDelete | DontEnum, nonCachingStaticFunctionGetter<jsHTMLDocumentPrototypeFunctionOpen, 2>);
return true;
}
JSValue value;
if (thisObject->nameGetter(exec, propertyName, value)) {
slot.setValue(thisObject, ReadOnly | DontDelete | DontEnum, value);
return true;
}
return Base::getOwnPropertySlot(thisObject, exec, propertyName, slot);
}
EncodedJSValue JSHTMLDocument::nameGetter(ExecState* exec, JSObject* slotBase, EncodedJSValue, PropertyName propertyName)
{
JSHTMLDocument* thisObj = jsCast<JSHTMLDocument*>(slotBase);
HTMLDocument& document = thisObj->impl();
AtomicStringImpl* atomicPropertyName = propertyName.publicName();
if (!atomicPropertyName || !document.hasDocumentNamedItem(*atomicPropertyName))
return JSValue::encode(jsUndefined());
if (UNLIKELY(document.documentNamedItemContainsMultipleElements(*atomicPropertyName))) {
RefPtr<HTMLCollection> collection = document.documentNamedItems(atomicPropertyName);
ASSERT(collection->length() > 1);
return JSValue::encode(toJS(exec, thisObj->globalObject(), WTF::getPtr(collection)));
}
Element* element = document.documentNamedItem(*atomicPropertyName);
if (UNLIKELY(is<HTMLIFrameElement>(*element))) {
if (Frame* frame = downcast<HTMLIFrameElement>(*element).contentFrame())
return JSValue::encode(toJS(exec, frame));
}
return JSValue::encode(toJS(exec, thisObj->globalObject(), element));
}
JSValue JSHTMLDocument::nameGetter(ExecState* exec, JSValue slotBase, PropertyName propertyName)
{
JSHTMLDocument* thisObj = jsCast<JSHTMLDocument*>(asObject(slotBase));
HTMLDocument* document = toHTMLDocument(thisObj->impl());
AtomicStringImpl* atomicPropertyName = findAtomicString(propertyName);
if (!atomicPropertyName || !document->documentNamedItemMap().contains(atomicPropertyName))
return jsUndefined();
if (UNLIKELY(!document->documentNamedItemMap().containsSingle(atomicPropertyName))) {
RefPtr<HTMLCollection> collection = document->documentNamedItems(atomicPropertyName);
ASSERT(!collection->isEmpty());
ASSERT(!collection->hasExactlyOneItem());
return toJS(exec, thisObj->globalObject(), WTF::getPtr(collection));
}
Node* node = document->documentNamedItemMap().getElementByDocumentNamedItem(atomicPropertyName, document);
Frame* frame;
if (node->hasTagName(iframeTag) && (frame = static_cast<HTMLIFrameElement*>(node)->contentFrame()))
return toJS(exec, frame);
return toJS(exec, thisObj->globalObject(), node);
}
JSValue JSHTMLDocument::nameGetter(ExecState* exec, JSValue slotBase, const Identifier& propertyName)
{
JSHTMLDocument* thisObj = static_cast<JSHTMLDocument*>(asObject(slotBase));
HTMLDocument* document = static_cast<HTMLDocument*>(thisObj->impl());
String name = identifierToString(propertyName);
RefPtr<HTMLCollection> collection = document->documentNamedItems(name);
unsigned length = collection->length();
if (!length)
return jsUndefined();
if (length == 1) {
Node* node = collection->firstItem();
Frame* frame;
if (node->hasTagName(iframeTag) && (frame = static_cast<HTMLIFrameElement*>(node)->contentFrame()))
return toJS(exec, frame);
return toJS(exec, node);
}
return toJS(exec, collection.get());
}
JSValue* JSHTMLDocument::nameGetter(ExecState* exec, JSObject* originalObject, const Identifier& propertyName, const PropertySlot& slot)
{
JSHTMLDocument* thisObj = static_cast<JSHTMLDocument*>(slot.slotBase());
HTMLDocument* doc = static_cast<HTMLDocument*>(thisObj->impl());
String name = propertyName;
RefPtr<HTMLCollection> collection = doc->documentNamedItems(name);
unsigned length = collection->length();
if (!length)
return jsUndefined();
if (length == 1) {
Node* node = collection->firstItem();
Frame* frame;
if (node->hasTagName(iframeTag) && (frame = static_cast<HTMLIFrameElement*>(node)->contentFrame()))
return Window::retrieve(frame);
return toJS(exec, node);
}
return toJS(exec, collection.get());
}
void setJSHTMLDocumentVlinkColor(ExecState* exec, JSObject* thisObject, JSValue value)
{
JSHTMLDocument* castedThis = static_cast<JSHTMLDocument*>(thisObject);
HTMLDocument* imp = static_cast<HTMLDocument*>(castedThis->impl());
imp->setVlinkColor(valueToStringWithNullCheck(exec, value));
}
JSValue jsHTMLDocumentAll(ExecState* exec, JSValue slotBase, const Identifier&)
{
JSHTMLDocument* castedThis = static_cast<JSHTMLDocument*>(asObject(slotBase));
return castedThis->all(exec);
}
JSValue jsHTMLDocumentConstructor(ExecState* exec, JSValue slotBase, const Identifier&)
{
JSHTMLDocument* domObject = static_cast<JSHTMLDocument*>(asObject(slotBase));
return JSHTMLDocument::getConstructor(exec, domObject->globalObject());
}
