Пример #1
0
RefPtr<JSLazyEventListener> JSLazyEventListener::create(DOMWindow& window, const QualifiedName& attributeName, const AtomicString& attributeValue)
{
    ASSERT(window.document());
    auto& document = *window.document();
    ASSERT(document.frame());
    return create({ attributeName, attributeValue, document, nullptr, toJSDOMWindow(document.frame(), mainThreadNormalWorld()), document.isSVGDocument() });
}
static void messageHandlerInMainThread(v8::Handle<v8::Message> message, v8::Handle<v8::Value> data)
{
    DOMWindow* firstWindow = firstDOMWindow();
    if (!firstWindow->isCurrentlyDisplayedInFrame())
        return;

    String errorMessage = toWebCoreString(message->Get());

    v8::Handle<v8::StackTrace> stackTrace = message->GetStackTrace();
    RefPtr<ScriptCallStack> callStack;
    // Currently stack trace is only collected when inspector is open.
    if (!stackTrace.IsEmpty() && stackTrace->GetFrameCount() > 0)
        callStack = createScriptCallStack(stackTrace, ScriptCallStack::maxCallStackSizeToCapture);

    v8::Handle<v8::Value> resourceName = message->GetScriptResourceName();
    bool shouldUseDocumentURL = resourceName.IsEmpty() || !resourceName->IsString();
    String resource = shouldUseDocumentURL ? firstWindow->document()->url() : toWebCoreString(resourceName);
    RefPtr<ErrorEvent> event = ErrorEvent::create(errorMessage, resource, message->GetLineNumber(), message->GetStartColumn());

    // messageHandlerInMainThread can be called while we're creating a new context.
    // Since we cannot create a wrapper in the intermediate timing, we need to skip
    // creating a wrapper for |event|.
    DOMWrapperWorld* world = DOMWrapperWorld::current();
    Frame* frame = firstWindow->document()->frame();
    if (world && frame && frame->script()->existingWindowShell(world)) {
        v8::Local<v8::Value> wrappedEvent = toV8(event.get(), v8::Handle<v8::Object>(), v8::Isolate::GetCurrent());
        if (!wrappedEvent.IsEmpty()) {
            ASSERT(wrappedEvent->IsObject());
            v8::Local<v8::Object>::Cast(wrappedEvent)->SetHiddenValue(V8HiddenPropertyName::error(), data);
        }
    }
    AccessControlStatus corsStatus = message->IsSharedCrossOrigin() ? SharableCrossOrigin : NotSharableCrossOrigin;
    firstWindow->document()->reportException(event.release(), callStack, corsStatus);
}
Пример #3
0
EncodedJSValue JSC_HOST_CALL JSSharedWorkerConstructor::constructJSSharedWorker(ExecState* exec)
{
    JSSharedWorkerConstructor* jsConstructor = jsCast<JSSharedWorkerConstructor*>(exec->callee());

    if (exec->argumentCount() < 1)
        return throwVMError(exec, createNotEnoughArgumentsError(exec));

    UString scriptURL = exec->argument(0).toString(exec)->value(exec);
    UString name;
    if (exec->argumentCount() > 1)
        name = exec->argument(1).toString(exec)->value(exec);

    if (exec->hadException())
        return JSValue::encode(JSValue());

    // FIXME: We need to use both the dynamic scope and the lexical scope (dynamic scope for resolving the worker URL)
    DOMWindow* window = asJSDOMWindow(exec->lexicalGlobalObject())->impl();
    ExceptionCode ec = 0;
    RefPtr<SharedWorker> worker = SharedWorker::create(window->document(), ustringToString(scriptURL), ustringToString(name), ec);
    if (ec) {
        setDOMException(exec, ec);
        return JSValue::encode(JSValue());
    }

    return JSValue::encode(asObject(toJS(exec, jsConstructor->globalObject(), worker.release())));
}
Пример #4
0
void Location::reload(DOMWindow& activeWindow)
{
    if (!m_frame)
        return;
    // FIXME: It's not clear this cross-origin security check is valuable.
    // We allow one page to change the location of another. Why block attempts to reload?
    // Other location operations simply block use of JavaScript URLs cross origin.
    DOMWindow* targetWindow = m_frame->document()->domWindow();
    if (!activeWindow.document()->securityOrigin()->canAccess(m_frame->document()->securityOrigin())) {
        targetWindow->printErrorMessage(targetWindow->crossDomainAccessErrorMessage(activeWindow));
        return;
    }
    if (protocolIsJavaScript(m_frame->document()->url()))
        return;
    m_frame->navigationScheduler().scheduleRefresh(activeWindow.document());
}
Пример #5
0
v8::Handle<v8::Value> V8DOMWindow::removeEventListenerCallback(const v8::Arguments& args)
{
    INC_STATS("DOM.DOMWindow.removeEventListener()");

    String eventType = toWebCoreString(args[0]);
    bool useCapture = args[2]->BooleanValue();

    DOMWindow* imp = V8DOMWindow::toNative(args.Holder());

    if (!V8BindingSecurity::canAccessFrame(V8BindingState::Only(), imp->frame(), true))
        return v8::Undefined();

    Document* doc = imp->document();

    if (!doc)
        return v8::Undefined();

    V8Proxy* proxy = V8Proxy::retrieve(imp->frame());
    if (!proxy)
        return v8::Undefined();

    RefPtr<EventListener> listener = V8DOMWrapper::getEventListener(args[1], false, ListenerFindOnly);

    if (listener) {
        imp->removeEventListener(eventType, listener.get(), useCapture);
        removeHiddenDependency(args.Holder(), args[1], eventListenerCacheIndex);
    }

    return v8::Undefined();
}
Пример #6
0
RefPtr<Database> DOMWindowWebDatabase::openDatabase(DOMWindow& window, const String& name, const String& version, const String& displayName, unsigned long estimatedSize, PassRefPtr<DatabaseCallback> creationCallback, ExceptionCode& ec)
{
    if (!window.isCurrentlyDisplayedInFrame())
        return nullptr;

    RefPtr<Database> database = nullptr;
    DatabaseManager& dbManager = DatabaseManager::singleton();
    DatabaseError error = DatabaseError::None;
    if (dbManager.isAvailable() && window.document()->securityOrigin()->canAccessDatabase(window.document()->topOrigin())) {
        database = dbManager.openDatabase(window.document(), name, version, displayName, estimatedSize, creationCallback, error);
        ASSERT(database || error != DatabaseError::None);
        ec = DatabaseManager::exceptionCodeForDatabaseError(error);
    } else
        ec = SECURITY_ERR;

    return database;
}
Пример #7
0
void Location::setLocation(DOMWindow& activeWindow, DOMWindow& firstWindow, const String& url)
{
    ASSERT(m_frame);
    Frame* frame = m_frame->loader().findFrameForNavigation(String(), activeWindow.document());
    if (!frame)
        return;
    frame->document()->domWindow()->setLocation(activeWindow, firstWindow, url);
}
Пример #8
0
static void reportUncaughtException(v8::Handle<v8::Message> message, v8::Handle<v8::Value> data)
{
    DOMWindow* firstWindow = firstDOMWindow(BindingState::instance());
    if (!firstWindow->isCurrentlyDisplayedInFrame())
        return;

    String errorMessage = toWebCoreString(message->Get());

    v8::Handle<v8::StackTrace> stackTrace = message->GetStackTrace();
    RefPtr<ScriptCallStack> callStack;
    // Currently stack trace is only collected when inspector is open.
    if (!stackTrace.IsEmpty() && stackTrace->GetFrameCount() > 0)
        callStack = createScriptCallStack(stackTrace, ScriptCallStack::maxCallStackSizeToCapture);

    v8::Handle<v8::Value> resourceName = message->GetScriptResourceName();
    bool shouldUseDocumentURL = resourceName.IsEmpty() || !resourceName->IsString();
    String resource = shouldUseDocumentURL ? firstWindow->document()->url() : toWebCoreString(resourceName);
    firstWindow->document()->reportException(errorMessage, message->GetLineNumber(), resource, callStack);
}
Пример #9
0
PassRefPtr<Database> DOMWindowWebDatabase::openDatabase(DOMWindow& window, const String& name, const String& version, const String& displayName, unsigned long estimatedSize, PassOwnPtr<DatabaseCallback> creationCallback, ExceptionState& exceptionState)
{
    if (!window.isCurrentlyDisplayedInFrame())
        return nullptr;

    RefPtr<Database> database = nullptr;
    DatabaseManager& dbManager = DatabaseManager::manager();
    DatabaseError error = DatabaseError::None;
    if (RuntimeEnabledFeatures::databaseEnabled() && window.document()->securityOrigin()->canAccessDatabase()) {
        String errorMessage;
        database = dbManager.openDatabase(window.document(), name, version, displayName, estimatedSize, creationCallback, error, errorMessage);
        ASSERT(database || error != DatabaseError::None);
        if (error != DatabaseError::None)
            DatabaseManager::throwExceptionForDatabaseError(error, errorMessage, exceptionState);
    } else {
        exceptionState.throwSecurityError("Access to the WebDatabase API is denied in this context.");
    }

    return database;
}
Пример #10
0
void WebDOMMessageEvent::initMessageEvent(const WebString& type, bool canBubble, bool cancelable, const WebSerializedScriptValue& messageData, const WebString& origin, const WebFrame* sourceFrame, const WebString& lastEventId, const WebMessagePortChannelArray& webChannels)
{
    ASSERT(m_private.get());
    ASSERT(isMessageEvent());
    DOMWindow* window = 0;
    if (sourceFrame)
        window = toWebFrameImpl(sourceFrame)->frame()->domWindow();
    OwnPtr<MessagePortArray> ports;
    if (sourceFrame)
        ports = MessagePort::toMessagePortArray(window->document(), webChannels);
    unwrap<MessageEvent>()->initMessageEvent(type, canBubble, cancelable, messageData, origin, lastEventId, window, ports.release());
}
ExceptionOr<RefPtr<Database>> DOMWindowWebDatabase::openDatabase(DOMWindow& window, const String& name, const String& version, const String& displayName, unsigned estimatedSize, RefPtr<DatabaseCallback>&& creationCallback)
{
    if (!window.isCurrentlyDisplayedInFrame())
        return RefPtr<Database> { nullptr };
    auto& manager = DatabaseManager::singleton();
    if (!manager.isAvailable())
        return Exception { SecurityError };
    auto* document = window.document();
    if (!document)
        return Exception { SecurityError };
    document->addConsoleMessage(MessageSource::Storage, MessageLevel::Warning, "Web SQL is deprecated. Please use IndexedDB instead.");

    auto& securityOrigin = document->securityOrigin();
    if (!securityOrigin.canAccessDatabase(document->topOrigin()))
        return Exception { SecurityError };
    auto result = manager.openDatabase(*window.document(), name, version, displayName, estimatedSize, WTFMove(creationCallback));
    if (result.hasException()) {
        // FIXME: To preserve our past behavior, this discards the error string in the exception.
        // At a later time we may decide that we want to use the error strings, and if so we can just return the exception as is.
        return Exception { result.releaseException().code() };
    }
    return RefPtr<Database> { result.releaseReturnValue() };
}
Пример #12
0
static bool canAccessDocument(BindingState* state, Document* targetDocument, SecurityReportingOption reportingOption = ReportSecurityError)
{
    if (!targetDocument)
        return false;

    DOMWindow* active = activeDOMWindow(state);
    if (!active)
        return false;

    if (active->document()->securityOrigin()->canAccess(targetDocument->securityOrigin()))
        return true;

    if (reportingOption == ReportSecurityError)
        printErrorMessageForFrame(targetDocument->frame(), targetDocument->domWindow()->crossDomainAccessErrorMessage(active));

    return false;
}
Пример #13
0
EncodedJSValue JSC_HOST_CALL JSWorkerConstructor::constructJSWorker(ExecState* exec)
{
    JSWorkerConstructor* jsConstructor = static_cast<JSWorkerConstructor*>(exec->callee());

    if (!exec->argumentCount())
        return throwVMError(exec, createTypeError(exec, "Not enough arguments"));

    UString scriptURL = exec->argument(0).toString(exec);
    if (exec->hadException())
        return JSValue::encode(JSValue());

    // See section 4.8.2 step 14 of WebWorkers for why this is the lexicalGlobalObject. 
    DOMWindow* window = asJSDOMWindow(exec->lexicalGlobalObject())->impl();

    ExceptionCode ec = 0;
    RefPtr<Worker> worker = Worker::create(ustringToString(scriptURL), window->document(), ec);
    if (ec) {
        setDOMException(exec, ec);
        return JSValue::encode(JSValue());
    }

    return JSValue::encode(asObject(toJS(exec, jsConstructor->globalObject(), worker.release())));
}
static JSObject* constructSharedWorker(ExecState* exec, JSObject* constructor, const ArgList& args)
{
    JSSharedWorkerConstructor* jsConstructor = static_cast<JSSharedWorkerConstructor*>(constructor);

    if (args.size() < 1)
        return throwError(exec, SyntaxError, "Not enough arguments");

    UString scriptURL = args.at(0).toString(exec);
    UString name;
    if (args.size() > 1)
        name = args.at(1).toString(exec);

    if (exec->hadException())
        return 0;

    // FIXME: We need to use both the dynamic scope and the lexical scope (dynamic scope for resolving the worker URL)
    DOMWindow* window = asJSDOMWindow(exec->lexicalGlobalObject())->impl();
    ExceptionCode ec = 0;
    RefPtr<SharedWorker> worker = SharedWorker::create(scriptURL, name, window->document(), ec);
    setDOMException(exec, ec);

    return asObject(toJS(exec, jsConstructor->globalObject(), worker.release()));
}
Пример #15
0
static JSObject* constructWorker(ExecState* exec, JSObject* constructor, const ArgList& args)
{
    JSWorkerConstructor* jsConstructor = static_cast<JSWorkerConstructor*>(constructor);

    if (args.size() == 0)
        return throwError(exec, SyntaxError, "Not enough arguments");

    UString scriptURL = args.at(0).toString(exec);
    if (exec->hadException())
        return 0;

    // See section 4.8.2 step 14 of WebWorkers for why this is the lexicalGlobalObject.
    DOMWindow* window = asJSDOMWindow(exec->lexicalGlobalObject())->impl();

    ExceptionCode ec = 0;
    RefPtr<Worker> worker = Worker::create(scriptURL, window->document(), ec);
    if (ec) {
        setDOMException(exec, ec);
        return 0;
    }

    return asObject(toJS(exec, jsConstructor->globalObject(), worker.release()));
}
Пример #16
0
bool BindingSecurity::shouldAllowAccessToDOMWindow(JSC::ExecState* state, DOMWindow& target, SecurityReportingOption reportingOption)
{
    return canAccessDocument(state, target.document(), reportingOption);
}
// FIXME: There is a lot of duplication with SetTimeoutOrInterval() in V8WorkerGlobalScopeCustom.cpp.
// We should refactor this.
void WindowSetTimeoutImpl(const v8::FunctionCallbackInfo<v8::Value>& args, bool singleShot)
{
    int argumentCount = args.Length();

    if (argumentCount < 1)
        return;

    DOMWindow* imp = V8Window::toNative(args.Holder());
    ScriptExecutionContext* scriptContext = static_cast<ScriptExecutionContext*>(imp->document());

    if (!scriptContext) {
        setDOMException(InvalidAccessError, args.GetIsolate());
        return;
    }

    v8::Handle<v8::Value> function = args[0];
    String functionString;
    if (!function->IsFunction()) {
        if (function->IsString()) {
            functionString = toWebCoreString(function);
        } else {
            v8::Handle<v8::Value> v8String = function->ToString();

            // Bail out if string conversion failed.
            if (v8String.IsEmpty())
                return;

            functionString = toWebCoreString(v8String);
        }

        // Don't allow setting timeouts to run empty functions!
        // (Bug 1009597)
        if (!functionString.length())
            return;
    }

    if (!BindingSecurity::shouldAllowAccessToFrame(imp->frame()))
        return;

    OwnPtr<ScheduledAction> action;
    if (function->IsFunction()) {
        int paramCount = argumentCount >= 2 ? argumentCount - 2 : 0;
        OwnArrayPtr<v8::Local<v8::Value> > params;
        if (paramCount > 0) {
            params = adoptArrayPtr(new v8::Local<v8::Value>[paramCount]);
            for (int i = 0; i < paramCount; i++) {
                // parameters must be globalized
                params[i] = args[i+2];
            }
        }

        // params is passed to action, and released in action's destructor
        ASSERT(imp->frame());
        action = adoptPtr(new ScheduledAction(imp->frame()->script()->currentWorldContext(), v8::Handle<v8::Function>::Cast(function), paramCount, params.get(), args.GetIsolate()));
    } else {
        if (imp->document() && !imp->document()->contentSecurityPolicy()->allowEval()) {
            v8SetReturnValue(args, 0);
            return;
        }
        ASSERT(imp->frame());
        action = adoptPtr(new ScheduledAction(imp->frame()->script()->currentWorldContext(), functionString, KURL(), args.GetIsolate()));
    }

    int32_t timeout = argumentCount >= 2 ? args[1]->Int32Value() : 0;
    int timerId;
    if (singleShot)
        timerId = DOMWindowTimers::setTimeout(imp, action.release(), timeout);
    else
        timerId = DOMWindowTimers::setInterval(imp, action.release(), timeout);

    // Try to do the idle notification before the timeout expires to get better
    // use of any idle time. Aim for the middle of the interval for simplicity.
    if (timeout >= 0) {
        double maximumFireInterval = static_cast<double>(timeout) / 1000 / 2;
        V8GCForContextDispose::instance().notifyIdleSooner(maximumFireInterval);
    }

    v8SetReturnValue(args, timerId);
}
Пример #18
0
v8::Handle<v8::Value> WindowSetTimeoutImpl(const v8::Arguments& args, bool singleShot)
{
    int argumentCount = args.Length();

    if (argumentCount < 1)
        return v8::Undefined();

    DOMWindow* imp = V8DOMWindow::toNative(args.Holder());
    ScriptExecutionContext* scriptContext = static_cast<ScriptExecutionContext*>(imp->document());

    if (!scriptContext) {
        V8Proxy::setDOMException(INVALID_ACCESS_ERR);
        return v8::Undefined();
    }

    v8::Handle<v8::Value> function = args[0];
    WTF::String functionString;
    if (!function->IsFunction()) {
        if (function->IsString())
            functionString = toWebCoreString(function);
        else {
            v8::Handle<v8::Value> v8String = function->ToString();

            // Bail out if string conversion failed.
            if (v8String.IsEmpty())
                return v8::Undefined();

            functionString = toWebCoreString(v8String);
        }

        // Don't allow setting timeouts to run empty functions!
        // (Bug 1009597)
        if (functionString.length() == 0)
            return v8::Undefined();
    }

    int32_t timeout = 0;
    if (argumentCount >= 2)
        timeout = args[1]->Int32Value();

    if (!V8BindingSecurity::canAccessFrame(V8BindingState::Only(), imp->frame(), true))
        return v8::Undefined();

    int id;
    if (function->IsFunction()) {
        int paramCount = argumentCount >= 2 ? argumentCount - 2 : 0;
        v8::Local<v8::Value>* params = 0;
        if (paramCount > 0) {
            params = new v8::Local<v8::Value>[paramCount];
            for (int i = 0; i < paramCount; i++)
                // parameters must be globalized
                params[i] = args[i+2];
        }

        // params is passed to action, and released in action's destructor
        OwnPtr<ScheduledAction> action = adoptPtr(new ScheduledAction(V8Proxy::context(imp->frame()), v8::Handle<v8::Function>::Cast(function), paramCount, params));

        // FIXME: We should use OwnArrayPtr for params.
        delete[] params;

        id = DOMTimer::install(scriptContext, action.release(), timeout, singleShot);
    } else {
        if (imp->document() && !imp->document()->contentSecurityPolicy()->allowEval())
            return v8::Integer::New(0);
        id = DOMTimer::install(scriptContext, adoptPtr(new ScheduledAction(V8Proxy::context(imp->frame()), functionString)), timeout, singleShot);
    }

    // Try to do the idle notification before the timeout expires to get better
    // use of any idle time. Aim for the middle of the interval for simplicity.
    if (timeout > 0) {
        double maximumFireInterval = static_cast<double>(timeout) / 1000 / 2;
        V8GCForContextDispose::instance().notifyIdleSooner(maximumFireInterval);
    }

    return v8::Integer::New(id);
}