bool JSLocation::customGetOwnPropertySlot(ExecState* exec, const Identifier& propertyName, PropertySlot& slot)
{
Frame* frame = impl()->frame();
if (!frame) {
slot.setUndefined();
return true;
}
// When accessing Location cross-domain, functions are always the native built-in ones.
// See JSDOMWindow::customGetOwnPropertySlot for additional details.
// Our custom code is only needed to implement the Window cross-domain scheme, so if access is
// allowed, return false so the normal lookup will take place.
String message;
if (allowsAccessFromFrame(exec, frame, message))
return false;
// Check for the few functions that we allow, even when called cross-domain.
const HashEntry* entry = JSLocationPrototype::s_info.propHashTable(exec)->entry(exec, propertyName);
if (entry && (entry->attributes & Function)
&& (entry->functionValue == jsLocationPrototypeFunctionReplace
|| entry->functionValue == jsLocationPrototypeFunctionReload
|| entry->functionValue == jsLocationPrototypeFunctionAssign)) {
slot.setStaticEntry(this, entry, nonCachingStaticFunctionGetter);
return true;
}
// FIXME: Other implementers of the Window cross-domain scheme (Window, History) allow toString,
// but for now we have decided not to, partly because it seems silly to return "[Object Location]" in
// such cases when normally the string form of Location would be the URL.
printErrorMessageForFrame(frame, message);
slot.setUndefined();
return true;
}
static bool canAccessDocument(BindingState* state, Document* targetDocument, SecurityReportingOption reportingOption = ReportSecurityError)
{
if (!targetDocument)
return false;
DOMWindow* active = activeDOMWindow(state);
if (!active)
return false;
if (active->document()->securityOrigin()->canAccess(targetDocument->securityOrigin()))
return true;
if (reportingOption == ReportSecurityError)
printErrorMessageForFrame(targetDocument->frame(), targetDocument->domWindow()->crossDomainAccessErrorMessage(active));
return false;
}
bool JSHistory::getOwnPropertySlotDelegate(ExecState* exec, PropertyName propertyName, PropertySlot& slot)
{
// When accessing History cross-domain, functions are always the native built-in ones.
// See JSDOMWindow::getOwnPropertySlotDelegate for additional details.
// Our custom code is only needed to implement the Window cross-domain scheme, so if access is
// allowed, return false so the normal lookup will take place.
String message;
if (shouldAllowAccessToFrame(exec, impl().frame(), message))
return false;
// Check for the few functions that we allow, even when called cross-domain.
// Make these read-only / non-configurable to prevent writes via defineProperty.
const HashEntry* entry = JSHistoryPrototype::info()->propHashTable(exec)->entry(exec, propertyName);
if (entry) {
// Allow access to back(), forward() and go() from any frame.
if (entry->attributes() & JSC::Function) {
if (entry->function() == jsHistoryPrototypeFunctionBack) {
slot.setCustom(this, ReadOnly | DontDelete | DontEnum, nonCachingStaticBackFunctionGetter);
return true;
} else if (entry->function() == jsHistoryPrototypeFunctionForward) {
slot.setCustom(this, ReadOnly | DontDelete | DontEnum, nonCachingStaticForwardFunctionGetter);
return true;
} else if (entry->function() == jsHistoryPrototypeFunctionGo) {
slot.setCustom(this, ReadOnly | DontDelete | DontEnum, nonCachingStaticGoFunctionGetter);
return true;
}
}
} else {
// Allow access to toString() cross-domain, but always Object.toString.
if (propertyName == exec->propertyNames().toString) {
slot.setCustom(this, ReadOnly | DontDelete | DontEnum, objectToStringFunctionGetter);
return true;
}
}
printErrorMessageForFrame(impl().frame(), message);
slot.setUndefined();
return true;
}
bool JSLocation::getOwnPropertySlotDelegate(ExecState* exec, PropertyName propertyName, PropertySlot& slot)
{
Frame* frame = impl().frame();
if (!frame) {
slot.setUndefined();
return true;
}
// When accessing Location cross-domain, functions are always the native built-in ones.
// See JSDOMWindow::getOwnPropertySlotDelegate for additional details.
// Our custom code is only needed to implement the Window cross-domain scheme, so if access is
// allowed, return false so the normal lookup will take place.
String message;
if (shouldAllowAccessToFrame(exec, frame, message))
return false;
// Check for the few functions that we allow, even when called cross-domain.
// Make these read-only / non-configurable to prevent writes via defineProperty.
if (propertyName == exec->propertyNames().replace) {
slot.setCustom(this, ReadOnly | DontDelete | DontEnum, nonCachingStaticFunctionGetter<jsLocationPrototypeFunctionReplace, 1>);
return true;
}
if (propertyName == exec->propertyNames().reload) {
slot.setCustom(this, ReadOnly | DontDelete | DontEnum, nonCachingStaticFunctionGetter<jsLocationPrototypeFunctionReload, 0>);
return true;
}
if (propertyName == exec->propertyNames().assign) {
slot.setCustom(this, ReadOnly | DontDelete | DontEnum, nonCachingStaticFunctionGetter<jsLocationPrototypeFunctionAssign, 1>);
return true;
}
// FIXME: Other implementers of the Window cross-domain scheme (Window, History) allow toString,
// but for now we have decided not to, partly because it seems silly to return "[Object Location]" in
// such cases when normally the string form of Location would be the URL.
printErrorMessageForFrame(frame, message);
slot.setUndefined();
return true;
}
bool JSHistory::customGetOwnPropertySlot(ExecState* exec, const Identifier& propertyName, PropertySlot& slot)
{
// When accessing History cross-domain, functions are always the native built-in ones.
// See JSDOMWindow::customGetOwnPropertySlot for additional details.
// Our custom code is only needed to implement the Window cross-domain scheme, so if access is
// allowed, return false so the normal lookup will take place.
String message;
if (allowsAccessFromFrame(exec, impl()->frame(), message))
return false;
// Check for the few functions that we allow, even when called cross-domain.
const HashEntry* entry = JSHistoryPrototype::s_info.propHashTable(exec)->entry(exec, propertyName);
if (entry) {
// Allow access to back(), forward() and go() from any frame.
if (entry->attributes() & Function) {
if (entry->function() == jsHistoryPrototypeFunctionBack) {
slot.setCustom(this, nonCachingStaticBackFunctionGetter);
return true;
} else if (entry->function() == jsHistoryPrototypeFunctionForward) {
slot.setCustom(this, nonCachingStaticForwardFunctionGetter);
return true;
} else if (entry->function() == jsHistoryPrototypeFunctionGo) {
slot.setCustom(this, nonCachingStaticGoFunctionGetter);
return true;
}
}
} else {
// Allow access to toString() cross-domain, but always Object.toString.
if (propertyName == exec->propertyNames().toString) {
slot.setCustom(this, objectToStringFunctionGetter);
return true;
}
}
printErrorMessageForFrame(impl()->frame(), message);
slot.setUndefined();
return true;
}
void JSDOMWindowBase::printErrorMessage(const String& message) const
{
printErrorMessageForFrame(impl()->frame(), message);
}
void JSDOMWindowBase::printErrorMessage(const String& message) const
{
printErrorMessageForFrame(wrapped().frame(), message);
}
