bool JSLocation::customGetOwnPropertySlot(ExecState* exec, const Identifier& propertyName, PropertySlot& slot) { Frame* frame = impl()->frame(); if (!frame) { slot.setUndefined(); return true; } // When accessing Location cross-domain, functions are always the native built-in ones. // See JSDOMWindow::customGetOwnPropertySlot for additional details. // Our custom code is only needed to implement the Window cross-domain scheme, so if access is // allowed, return false so the normal lookup will take place. String message; if (allowsAccessFromFrame(exec, frame, message)) return false; // Check for the few functions that we allow, even when called cross-domain. const HashEntry* entry = JSLocationPrototype::s_info.propHashTable(exec)->entry(exec, propertyName); if (entry && (entry->attributes & Function) && (entry->functionValue == jsLocationPrototypeFunctionReplace || entry->functionValue == jsLocationPrototypeFunctionReload || entry->functionValue == jsLocationPrototypeFunctionAssign)) { slot.setStaticEntry(this, entry, nonCachingStaticFunctionGetter); return true; } // FIXME: Other implementers of the Window cross-domain scheme (Window, History) allow toString, // but for now we have decided not to, partly because it seems silly to return "[Object Location]" in // such cases when normally the string form of Location would be the URL. printErrorMessageForFrame(frame, message); slot.setUndefined(); return true; }
static bool canAccessDocument(BindingState* state, Document* targetDocument, SecurityReportingOption reportingOption = ReportSecurityError) { if (!targetDocument) return false; DOMWindow* active = activeDOMWindow(state); if (!active) return false; if (active->document()->securityOrigin()->canAccess(targetDocument->securityOrigin())) return true; if (reportingOption == ReportSecurityError) printErrorMessageForFrame(targetDocument->frame(), targetDocument->domWindow()->crossDomainAccessErrorMessage(active)); return false; }
bool JSHistory::getOwnPropertySlotDelegate(ExecState* exec, PropertyName propertyName, PropertySlot& slot) { // When accessing History cross-domain, functions are always the native built-in ones. // See JSDOMWindow::getOwnPropertySlotDelegate for additional details. // Our custom code is only needed to implement the Window cross-domain scheme, so if access is // allowed, return false so the normal lookup will take place. String message; if (shouldAllowAccessToFrame(exec, impl().frame(), message)) return false; // Check for the few functions that we allow, even when called cross-domain. // Make these read-only / non-configurable to prevent writes via defineProperty. const HashEntry* entry = JSHistoryPrototype::info()->propHashTable(exec)->entry(exec, propertyName); if (entry) { // Allow access to back(), forward() and go() from any frame. if (entry->attributes() & JSC::Function) { if (entry->function() == jsHistoryPrototypeFunctionBack) { slot.setCustom(this, ReadOnly | DontDelete | DontEnum, nonCachingStaticBackFunctionGetter); return true; } else if (entry->function() == jsHistoryPrototypeFunctionForward) { slot.setCustom(this, ReadOnly | DontDelete | DontEnum, nonCachingStaticForwardFunctionGetter); return true; } else if (entry->function() == jsHistoryPrototypeFunctionGo) { slot.setCustom(this, ReadOnly | DontDelete | DontEnum, nonCachingStaticGoFunctionGetter); return true; } } } else { // Allow access to toString() cross-domain, but always Object.toString. if (propertyName == exec->propertyNames().toString) { slot.setCustom(this, ReadOnly | DontDelete | DontEnum, objectToStringFunctionGetter); return true; } } printErrorMessageForFrame(impl().frame(), message); slot.setUndefined(); return true; }
bool JSLocation::getOwnPropertySlotDelegate(ExecState* exec, PropertyName propertyName, PropertySlot& slot) { Frame* frame = impl().frame(); if (!frame) { slot.setUndefined(); return true; } // When accessing Location cross-domain, functions are always the native built-in ones. // See JSDOMWindow::getOwnPropertySlotDelegate for additional details. // Our custom code is only needed to implement the Window cross-domain scheme, so if access is // allowed, return false so the normal lookup will take place. String message; if (shouldAllowAccessToFrame(exec, frame, message)) return false; // Check for the few functions that we allow, even when called cross-domain. // Make these read-only / non-configurable to prevent writes via defineProperty. if (propertyName == exec->propertyNames().replace) { slot.setCustom(this, ReadOnly | DontDelete | DontEnum, nonCachingStaticFunctionGetter<jsLocationPrototypeFunctionReplace, 1>); return true; } if (propertyName == exec->propertyNames().reload) { slot.setCustom(this, ReadOnly | DontDelete | DontEnum, nonCachingStaticFunctionGetter<jsLocationPrototypeFunctionReload, 0>); return true; } if (propertyName == exec->propertyNames().assign) { slot.setCustom(this, ReadOnly | DontDelete | DontEnum, nonCachingStaticFunctionGetter<jsLocationPrototypeFunctionAssign, 1>); return true; } // FIXME: Other implementers of the Window cross-domain scheme (Window, History) allow toString, // but for now we have decided not to, partly because it seems silly to return "[Object Location]" in // such cases when normally the string form of Location would be the URL. printErrorMessageForFrame(frame, message); slot.setUndefined(); return true; }
bool JSHistory::customGetOwnPropertySlot(ExecState* exec, const Identifier& propertyName, PropertySlot& slot) { // When accessing History cross-domain, functions are always the native built-in ones. // See JSDOMWindow::customGetOwnPropertySlot for additional details. // Our custom code is only needed to implement the Window cross-domain scheme, so if access is // allowed, return false so the normal lookup will take place. String message; if (allowsAccessFromFrame(exec, impl()->frame(), message)) return false; // Check for the few functions that we allow, even when called cross-domain. const HashEntry* entry = JSHistoryPrototype::s_info.propHashTable(exec)->entry(exec, propertyName); if (entry) { // Allow access to back(), forward() and go() from any frame. if (entry->attributes() & Function) { if (entry->function() == jsHistoryPrototypeFunctionBack) { slot.setCustom(this, nonCachingStaticBackFunctionGetter); return true; } else if (entry->function() == jsHistoryPrototypeFunctionForward) { slot.setCustom(this, nonCachingStaticForwardFunctionGetter); return true; } else if (entry->function() == jsHistoryPrototypeFunctionGo) { slot.setCustom(this, nonCachingStaticGoFunctionGetter); return true; } } } else { // Allow access to toString() cross-domain, but always Object.toString. if (propertyName == exec->propertyNames().toString) { slot.setCustom(this, objectToStringFunctionGetter); return true; } } printErrorMessageForFrame(impl()->frame(), message); slot.setUndefined(); return true; }
void JSDOMWindowBase::printErrorMessage(const String& message) const { printErrorMessageForFrame(impl()->frame(), message); }
void JSDOMWindowBase::printErrorMessage(const String& message) const { printErrorMessageForFrame(wrapped().frame(), message); }