static EncodedJSValue namedItemGetter(ExecState* exec, JSObject* slotBase, EncodedJSValue, PropertyName propertyName)
{
JSDOMWindowBase* thisObj = jsCast<JSDOMWindow*>(slotBase);
Document* document = thisObj->impl().frame()->document();
ASSERT(BindingSecurity::shouldAllowAccessToDOMWindow(exec, thisObj->impl()));
ASSERT(document);
ASSERT(document->isHTMLDocument());
AtomicStringImpl* atomicPropertyName = findAtomicString(propertyName);
if (!atomicPropertyName || !toHTMLDocument(document)->hasWindowNamedItem(*atomicPropertyName))
return JSValue::encode(jsUndefined());
if (UNLIKELY(toHTMLDocument(document)->windowNamedItemContainsMultipleElements(*atomicPropertyName))) {
RefPtr<HTMLCollection> collection = document->windowNamedItems(atomicPropertyName);
ASSERT(collection->length() > 1);
return JSValue::encode(toJS(exec, thisObj->globalObject(), WTF::getPtr(collection)));
}
return JSValue::encode(toJS(exec, thisObj->globalObject(), toHTMLDocument(document)->windowNamedItem(*atomicPropertyName)));
}
bool JSDOMWindow::getOwnPropertyDescriptor(ExecState* exec, const Identifier& propertyName, PropertyDescriptor& descriptor)
{
// Never allow cross-domain getOwnPropertyDescriptor
if (!allowsAccessFrom(exec))
return false;
const HashEntry* entry;
// We don't want any properties other than "close" and "closed" on a closed window.
if (!impl()->frame()) {
// The following code is safe for cross-domain and same domain use.
// It ignores any custom properties that might be set on the DOMWindow (including a custom prototype).
entry = s_info.propHashTable(exec)->entry(exec, propertyName);
if (entry && !(entry->attributes() & Function) && entry->propertyGetter() == jsDOMWindowClosed) {
descriptor.setDescriptor(jsBoolean(true), ReadOnly | DontDelete | DontEnum);
return true;
}
entry = JSDOMWindowPrototype::s_info.propHashTable(exec)->entry(exec, propertyName);
if (entry && (entry->attributes() & Function) && entry->function() == jsDOMWindowPrototypeFunctionClose) {
PropertySlot slot;
slot.setCustom(this, nonCachingStaticFunctionGetter<jsDOMWindowPrototypeFunctionClose, 0>);
descriptor.setDescriptor(slot.getValue(exec, propertyName), ReadOnly | DontDelete | DontEnum);
return true;
}
descriptor.setUndefined();
return true;
}
entry = JSDOMWindow::s_info.propHashTable(exec)->entry(exec, propertyName);
if (entry) {
PropertySlot slot;
slot.setCustom(this, entry->propertyGetter());
descriptor.setDescriptor(slot.getValue(exec, propertyName), entry->attributes());
return true;
}
// Check for child frames by name before built-in properties to
// match Mozilla. This does not match IE, but some sites end up
// naming frames things that conflict with window properties that
// are in Moz but not IE. Since we have some of these, we have to do
// it the Moz way.
if (impl()->frame()->tree()->child(identifierToAtomicString(propertyName))) {
PropertySlot slot;
slot.setCustom(this, childFrameGetter);
descriptor.setDescriptor(slot.getValue(exec, propertyName), ReadOnly | DontDelete | DontEnum);
return true;
}
bool ok;
unsigned i = propertyName.toArrayIndex(ok);
if (ok && i < impl()->frame()->tree()->childCount()) {
PropertySlot slot;
slot.setCustomIndex(this, i, indexGetter);
descriptor.setDescriptor(slot.getValue(exec, propertyName), ReadOnly | DontDelete | DontEnum);
return true;
}
// Allow shortcuts like 'Image1' instead of document.images.Image1
Document* document = impl()->frame()->document();
if (document->isHTMLDocument()) {
AtomicStringImpl* atomicPropertyName = findAtomicString(propertyName);
if (atomicPropertyName && (static_cast<HTMLDocument*>(document)->hasNamedItem(atomicPropertyName) || document->hasElementWithId(atomicPropertyName))) {
PropertySlot slot;
slot.setCustom(this, namedItemGetter);
descriptor.setDescriptor(slot.getValue(exec, propertyName), ReadOnly | DontDelete | DontEnum);
return true;
}
}
return Base::getOwnPropertyDescriptor(exec, propertyName, descriptor);
}
bool JSDOMWindow::getOwnPropertySlot(ExecState* exec, const Identifier& propertyName, PropertySlot& slot)
{
// When accessing a Window cross-domain, functions are always the native built-in ones, and they
// are not affected by properties changed on the Window or anything in its prototype chain.
// This is consistent with the behavior of Firefox.
const HashEntry* entry;
// We don't want any properties other than "close" and "closed" on a closed window.
if (!impl()->frame()) {
// The following code is safe for cross-domain and same domain use.
// It ignores any custom properties that might be set on the DOMWindow (including a custom prototype).
entry = s_info.propHashTable(exec)->entry(exec, propertyName);
if (entry && !(entry->attributes() & Function) && entry->propertyGetter() == jsDOMWindowClosed) {
slot.setCustom(this, entry->propertyGetter());
return true;
}
entry = JSDOMWindowPrototype::s_info.propHashTable(exec)->entry(exec, propertyName);
if (entry && (entry->attributes() & Function) && entry->function() == jsDOMWindowPrototypeFunctionClose) {
slot.setCustom(this, nonCachingStaticFunctionGetter<jsDOMWindowPrototypeFunctionClose, 0>);
return true;
}
// FIXME: We should have a message here that explains why the property access/function call was
// not allowed.
slot.setUndefined();
return true;
}
// We need to check for cross-domain access here without printing the generic warning message
// because we always allow access to some function, just different ones depending whether access
// is allowed.
String errorMessage;
bool allowsAccess = allowsAccessFrom(exec, errorMessage);
// Look for overrides before looking at any of our own properties, but ignore overrides completely
// if this is cross-domain access.
if (allowsAccess && JSGlobalObject::getOwnPropertySlot(exec, propertyName, slot))
return true;
// We need this code here because otherwise JSDOMWindowBase will stop the search before we even get to the
// prototype due to the blanket same origin (allowsAccessFrom) check at the end of getOwnPropertySlot.
// Also, it's important to get the implementation straight out of the DOMWindow prototype regardless of
// what prototype is actually set on this object.
entry = JSDOMWindowPrototype::s_info.propHashTable(exec)->entry(exec, propertyName);
if (entry) {
if (entry->attributes() & Function) {
if (entry->function() == jsDOMWindowPrototypeFunctionBlur) {
if (!allowsAccess) {
slot.setCustom(this, nonCachingStaticFunctionGetter<jsDOMWindowPrototypeFunctionBlur, 0>);
return true;
}
} else if (entry->function() == jsDOMWindowPrototypeFunctionClose) {
if (!allowsAccess) {
slot.setCustom(this, nonCachingStaticFunctionGetter<jsDOMWindowPrototypeFunctionClose, 0>);
return true;
}
} else if (entry->function() == jsDOMWindowPrototypeFunctionFocus) {
if (!allowsAccess) {
slot.setCustom(this, nonCachingStaticFunctionGetter<jsDOMWindowPrototypeFunctionFocus, 0>);
return true;
}
} else if (entry->function() == jsDOMWindowPrototypeFunctionPostMessage) {
if (!allowsAccess) {
slot.setCustom(this, nonCachingStaticFunctionGetter<jsDOMWindowPrototypeFunctionPostMessage, 2>);
return true;
}
} else if (entry->function() == jsDOMWindowPrototypeFunctionShowModalDialog) {
if (!DOMWindow::canShowModalDialog(impl()->frame())) {
slot.setUndefined();
return true;
}
}
}
} else {
// Allow access to toString() cross-domain, but always Object.prototype.toString.
if (propertyName == exec->propertyNames().toString) {
if (!allowsAccess) {
slot.setCustom(this, objectToStringFunctionGetter);
return true;
}
}
}
entry = JSDOMWindow::s_info.propHashTable(exec)->entry(exec, propertyName);
if (entry) {
slot.setCustom(this, entry->propertyGetter());
return true;
}
// Check for child frames by name before built-in properties to
// match Mozilla. This does not match IE, but some sites end up
// naming frames things that conflict with window properties that
// are in Moz but not IE. Since we have some of these, we have to do
// it the Moz way.
if (impl()->frame()->tree()->child(identifierToAtomicString(propertyName))) {
slot.setCustom(this, childFrameGetter);
return true;
}
// Do prototype lookup early so that functions and attributes in the prototype can have
// precedence over the index and name getters.
JSValue proto = prototype();
if (proto.isObject()) {
if (asObject(proto)->getPropertySlot(exec, propertyName, slot)) {
if (!allowsAccess) {
printErrorMessage(errorMessage);
slot.setUndefined();
}
return true;
}
}
// FIXME: Search the whole frame hierarchy somewhere around here.
// We need to test the correct priority order.
// allow window[1] or parent[1] etc. (#56983)
bool ok;
unsigned i = propertyName.toArrayIndex(ok);
if (ok && i < impl()->frame()->tree()->childCount()) {
slot.setCustomIndex(this, i, indexGetter);
return true;
}
if (!allowsAccess) {
printErrorMessage(errorMessage);
slot.setUndefined();
return true;
}
// Allow shortcuts like 'Image1' instead of document.images.Image1
Document* document = impl()->frame()->document();
if (document->isHTMLDocument()) {
AtomicStringImpl* atomicPropertyName = findAtomicString(propertyName);
if (atomicPropertyName && (static_cast<HTMLDocument*>(document)->hasNamedItem(atomicPropertyName) || document->hasElementWithId(atomicPropertyName))) {
slot.setCustom(this, namedItemGetter);
return true;
}
}
return Base::getOwnPropertySlot(exec, propertyName, slot);
}
bool JSDOMWindow::getOwnPropertyDescriptor(JSObject* object, ExecState* exec, PropertyName propertyName, PropertyDescriptor& descriptor)
{
JSDOMWindow* thisObject = jsCast<JSDOMWindow*>(object);
// Never allow cross-domain getOwnPropertyDescriptor
if (!BindingSecurity::shouldAllowAccessToDOMWindow(exec, thisObject->impl()))
return false;
const HashEntry* entry;
// We don't want any properties other than "close" and "closed" on a closed window.
if (!thisObject->impl()->frame()) {
// The following code is safe for cross-domain and same domain use.
// It ignores any custom properties that might be set on the DOMWindow (including a custom prototype).
entry = s_info.propHashTable(exec)->entry(exec, propertyName);
if (entry && !(entry->attributes() & JSC::Function) && entry->propertyGetter() == jsDOMWindowClosed) {
descriptor.setDescriptor(jsBoolean(true), ReadOnly | DontDelete | DontEnum);
return true;
}
entry = JSDOMWindowPrototype::s_info.propHashTable(exec)->entry(exec, propertyName);
if (entry && (entry->attributes() & JSC::Function) && entry->function() == jsDOMWindowPrototypeFunctionClose) {
PropertySlot slot;
slot.setCustom(thisObject, nonCachingStaticFunctionGetter<jsDOMWindowPrototypeFunctionClose, 0>);
descriptor.setDescriptor(slot.getValue(exec, propertyName), ReadOnly | DontDelete | DontEnum);
return true;
}
descriptor.setUndefined();
return true;
}
entry = JSDOMWindow::s_info.propHashTable(exec)->entry(exec, propertyName);
if (entry) {
PropertySlot slot;
slot.setCustom(thisObject, entry->propertyGetter());
descriptor.setDescriptor(slot.getValue(exec, propertyName), entry->attributes());
return true;
}
// Check for child frames by name before built-in properties to
// match Mozilla. This does not match IE, but some sites end up
// naming frames things that conflict with window properties that
// are in Moz but not IE. Since we have some of these, we have to do
// it the Moz way.
if (thisObject->impl()->frame()->tree()->scopedChild(propertyNameToAtomicString(propertyName))) {
PropertySlot slot;
slot.setCustom(thisObject, childFrameGetter);
descriptor.setDescriptor(slot.getValue(exec, propertyName), ReadOnly | DontDelete | DontEnum);
return true;
}
unsigned i = propertyName.asIndex();
if (i < thisObject->impl()->frame()->tree()->scopedChildCount()) {
ASSERT(i != PropertyName::NotAnIndex);
PropertySlot slot;
slot.setCustomIndex(thisObject, i, indexGetter);
descriptor.setDescriptor(slot.getValue(exec, propertyName), ReadOnly | DontDelete | DontEnum);
return true;
}
// Allow shortcuts like 'Image1' instead of document.images.Image1
Document* document = thisObject->impl()->frame()->document();
if (document->isHTMLDocument()) {
AtomicStringImpl* atomicPropertyName = findAtomicString(propertyName);
if (atomicPropertyName && (toHTMLDocument(document)->hasNamedItem(atomicPropertyName) || document->hasElementWithId(atomicPropertyName))) {
PropertySlot slot;
slot.setCustom(thisObject, namedItemGetter);
descriptor.setDescriptor(slot.getValue(exec, propertyName), ReadOnly | DontDelete | DontEnum);
return true;
}
}
return Base::getOwnPropertyDescriptor(thisObject, exec, propertyName, descriptor);
}
bool JSDOMWindow::getOwnPropertySlotByIndex(JSCell* cell, ExecState* exec, unsigned index, PropertySlot& slot)
{
JSDOMWindow* thisObject = jsCast<JSDOMWindow*>(cell);
if (!thisObject->impl()->frame()) {
// FIXME: We should have a message here that explains why the property access/function call was
// not allowed.
slot.setUndefined();
return true;
}
// We need to check for cross-domain access here without printing the generic warning message
// because we always allow access to some function, just different ones depending whether access
// is allowed.
String errorMessage;
bool allowsAccess = shouldAllowAccessToDOMWindow(exec, thisObject->impl(), errorMessage);
// Look for overrides before looking at any of our own properties, but ignore overrides completely
// if this is cross-domain access.
if (allowsAccess && JSGlobalObject::getOwnPropertySlotByIndex(thisObject, exec, index, slot))
return true;
PropertyName propertyName = Identifier::from(exec, index);
// Check for child frames by name before built-in properties to
// match Mozilla. This does not match IE, but some sites end up
// naming frames things that conflict with window properties that
// are in Moz but not IE. Since we have some of these, we have to do
// it the Moz way.
if (thisObject->impl()->frame()->tree()->scopedChild(propertyNameToAtomicString(propertyName))) {
slot.setCustom(thisObject, childFrameGetter);
return true;
}
// Do prototype lookup early so that functions and attributes in the prototype can have
// precedence over the index and name getters.
JSValue proto = thisObject->prototype();
if (proto.isObject()) {
if (asObject(proto)->getPropertySlot(exec, index, slot)) {
if (!allowsAccess) {
thisObject->printErrorMessage(errorMessage);
slot.setUndefined();
}
return true;
}
}
// FIXME: Search the whole frame hierarchy somewhere around here.
// We need to test the correct priority order.
// allow window[1] or parent[1] etc. (#56983)
if (index < thisObject->impl()->frame()->tree()->scopedChildCount()) {
ASSERT(index != PropertyName::NotAnIndex);
slot.setCustomIndex(thisObject, index, indexGetter);
return true;
}
if (!allowsAccess) {
thisObject->printErrorMessage(errorMessage);
slot.setUndefined();
return true;
}
// Allow shortcuts like 'Image1' instead of document.images.Image1
Document* document = thisObject->impl()->frame()->document();
if (document->isHTMLDocument()) {
AtomicStringImpl* atomicPropertyName = findAtomicString(propertyName);
if (atomicPropertyName && (toHTMLDocument(document)->hasNamedItem(atomicPropertyName) || document->hasElementWithId(atomicPropertyName))) {
slot.setCustom(thisObject, namedItemGetter);
return true;
}
}
return Base::getOwnPropertySlotByIndex(thisObject, exec, index, slot);
}
bool JSDOMWindow::getOwnPropertySlot(JSObject* object, ExecState* exec, PropertyName propertyName, PropertySlot& slot)
{
JSDOMWindow* thisObject = jsCast<JSDOMWindow*>(object);
// When accessing a Window cross-domain, functions are always the native built-in ones, and they
// are not affected by properties changed on the Window or anything in its prototype chain.
// This is consistent with the behavior of Firefox.
// We don't want any properties other than "close" and "closed" on a frameless window (i.e. one whose page got closed,
// or whose iframe got removed).
// FIXME: This doesn't fully match Firefox, which allows at least toString in addition to those.
if (!thisObject->impl().frame()) {
// The following code is safe for cross-domain and same domain use.
// It ignores any custom properties that might be set on the DOMWindow (including a custom prototype).
if (propertyName == exec->propertyNames().closed) {
slot.setCustom(thisObject, ReadOnly | DontDelete | DontEnum, jsDOMWindowClosed);
return true;
}
if (propertyName == exec->propertyNames().close) {
slot.setCustom(thisObject, ReadOnly | DontDelete | DontEnum, nonCachingStaticFunctionGetter<jsDOMWindowPrototypeFunctionClose, 0>);
return true;
}
// FIXME: We should have a message here that explains why the property access/function call was
// not allowed.
slot.setUndefined();
return true;
} else
slot.setWatchpointSet(thisObject->m_windowCloseWatchpoints);
// We need to check for cross-domain access here without printing the generic warning message
// because we always allow access to some function, just different ones depending whether access
// is allowed.
String errorMessage;
bool allowsAccess = shouldAllowAccessToDOMWindow(exec, thisObject->impl(), errorMessage);
// Look for overrides before looking at any of our own properties, but ignore overrides completely
// if this is cross-domain access.
if (allowsAccess && JSGlobalObject::getOwnPropertySlot(thisObject, exec, propertyName, slot))
return true;
// We need this code here because otherwise JSDOMWindowBase will stop the search before we even get to the
// prototype due to the blanket same origin (shouldAllowAccessToDOMWindow) check at the end of getOwnPropertySlot.
// Also, it's important to get the implementation straight out of the DOMWindow prototype regardless of
// what prototype is actually set on this object.
if (propertyName == exec->propertyNames().blur) {
if (!allowsAccess) {
slot.setCustom(thisObject, ReadOnly | DontDelete | DontEnum, nonCachingStaticFunctionGetter<jsDOMWindowPrototypeFunctionBlur, 0>);
return true;
}
} else if (propertyName == exec->propertyNames().close) {
if (!allowsAccess) {
slot.setCustom(thisObject, ReadOnly | DontDelete | DontEnum, nonCachingStaticFunctionGetter<jsDOMWindowPrototypeFunctionClose, 0>);
return true;
}
} else if (propertyName == exec->propertyNames().focus) {
if (!allowsAccess) {
slot.setCustom(thisObject, ReadOnly | DontDelete | DontEnum, nonCachingStaticFunctionGetter<jsDOMWindowPrototypeFunctionFocus, 0>);
return true;
}
} else if (propertyName == exec->propertyNames().postMessage) {
if (!allowsAccess) {
slot.setCustom(thisObject, ReadOnly | DontDelete | DontEnum, nonCachingStaticFunctionGetter<jsDOMWindowPrototypeFunctionPostMessage, 2>);
return true;
}
} else if (propertyName == exec->propertyNames().showModalDialog) {
if (!DOMWindow::canShowModalDialog(thisObject->impl().frame())) {
slot.setUndefined();
return true;
}
} else if (propertyName == exec->propertyNames().toString) {
// Allow access to toString() cross-domain, but always Object.prototype.toString.
if (!allowsAccess) {
slot.setCustom(thisObject, ReadOnly | DontDelete | DontEnum, objectToStringFunctionGetter);
return true;
}
}
const HashTableValue* entry = JSDOMWindow::info()->propHashTable(exec)->entry(exec, propertyName);
if (entry) {
slot.setCacheableCustom(thisObject, allowsAccess ? entry->attributes() : ReadOnly | DontDelete | DontEnum, entry->propertyGetter());
return true;
}
#if ENABLE(USER_MESSAGE_HANDLERS)
if (propertyName == exec->propertyNames().webkit && thisObject->impl().shouldHaveWebKitNamespaceForWorld(thisObject->world())) {
slot.setCacheableCustom(thisObject, allowsAccess ? DontDelete | ReadOnly : ReadOnly | DontDelete | DontEnum, jsDOMWindowWebKit);
return true;
}
#endif
// Do prototype lookup early so that functions and attributes in the prototype can have
// precedence over the index and name getters.
JSValue proto = thisObject->prototype();
if (proto.isObject()) {
if (asObject(proto)->getPropertySlot(exec, propertyName, slot)) {
if (!allowsAccess) {
thisObject->printErrorMessage(errorMessage);
slot.setUndefined();
}
return true;
}
}
// After this point it is no longer valid to cache any results because of
// the impure nature of the property accesses which follow. We can move this
// statement further down when we add ways to mitigate these impurities with,
// for example, watchpoints.
slot.disableCaching();
// Check for child frames by name before built-in properties to
// match Mozilla. This does not match IE, but some sites end up
// naming frames things that conflict with window properties that
// are in Moz but not IE. Since we have some of these, we have to do
// it the Moz way.
if (thisObject->impl().frame()->tree().scopedChild(propertyNameToAtomicString(propertyName))) {
slot.setCustom(thisObject, ReadOnly | DontDelete | DontEnum, childFrameGetter);
return true;
}
// FIXME: Search the whole frame hierarchy somewhere around here.
// We need to test the correct priority order.
// allow window[1] or parent[1] etc. (#56983)
unsigned i = propertyName.asIndex();
if (i < thisObject->impl().frame()->tree().scopedChildCount()) {
ASSERT(i != PropertyName::NotAnIndex);
slot.setValue(thisObject, ReadOnly | DontDelete | DontEnum,
toJS(exec, thisObject->impl().frame()->tree().scopedChild(i)->document()->domWindow()));
return true;
}
if (!allowsAccess) {
thisObject->printErrorMessage(errorMessage);
slot.setUndefined();
return true;
}
// Allow shortcuts like 'Image1' instead of document.images.Image1
Document* document = thisObject->impl().frame()->document();
if (document->isHTMLDocument()) {
AtomicStringImpl* atomicPropertyName = findAtomicString(propertyName);
if (atomicPropertyName && toHTMLDocument(document)->hasWindowNamedItem(*atomicPropertyName)) {
slot.setCustom(thisObject, ReadOnly | DontDelete | DontEnum, namedItemGetter);
return true;
}
}
return Base::getOwnPropertySlot(thisObject, exec, propertyName, slot);
}
