| OLD | NEW |
|---|
| 1 /* | 1 /* |
| 2 * Copyright (C) 1999 Lars Knoll (knoll@kde.org) | 2 * Copyright (C) 1999 Lars Knoll (knoll@kde.org) |
| 3 * (C) 1999 Antti Koivisto (koivisto@kde.org) | 3 * (C) 1999 Antti Koivisto (koivisto@kde.org) |
| 4 * (C) 2001 Dirk Mueller (mueller@kde.org) | 4 * (C) 2001 Dirk Mueller (mueller@kde.org) |
| 5 * (C) 2006 Alexey Proskuryakov (ap@webkit.org) | 5 * (C) 2006 Alexey Proskuryakov (ap@webkit.org) |
| 6 * Copyright (C) 2004, 2005, 2006, 2007, 2008, 2009, 2011, 2012 Apple Inc. All r
ights reserved. | 6 * Copyright (C) 2004, 2005, 2006, 2007, 2008, 2009, 2011, 2012 Apple Inc. All r
ights reserved. |
| 7 * Copyright (C) 2008, 2009 Torch Mobile Inc. All rights reserved. (http://www.t
orchmobile.com/) | 7 * Copyright (C) 2008, 2009 Torch Mobile Inc. All rights reserved. (http://www.t
orchmobile.com/) |
| 8 * Copyright (C) 2008, 2009, 2011, 2012 Google Inc. All rights reserved. | 8 * Copyright (C) 2008, 2009, 2011, 2012 Google Inc. All rights reserved. |
| 9 * Copyright (C) 2010 Nokia Corporation and/or its subsidiary(-ies) | 9 * Copyright (C) 2010 Nokia Corporation and/or its subsidiary(-ies) |
| 10 * Copyright (C) Research In Motion Limited 2010-2011. All rights reserved. | 10 * Copyright (C) Research In Motion Limited 2010-2011. All rights reserved. |
| (...skipping 293 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 304 return toRenderWidget(renderer)->widget(); | 304 return toRenderWidget(renderer)->widget(); |
| 305 } | 305 } |
| 306 | 306 |
| 307 static bool acceptsEditingFocus(const Element& element) | 307 static bool acceptsEditingFocus(const Element& element) |
| 308 { | 308 { |
| 309 ASSERT(element.rendererIsEditable()); | 309 ASSERT(element.rendererIsEditable()); |
| 310 | 310 |
| 311 return element.document().frame() && element.rootEditableElement(); | 311 return element.document().frame() && element.rootEditableElement(); |
| 312 } | 312 } |
| 313 | 313 |
| 314 static bool canAccessAncestor(const SecurityOrigin& activeSecurityOrigin, Frame*
targetFrame) | 314 static bool canAccessAncestor(const SecurityOrigin& activeSecurityOrigin, const
Frame* targetFrame) |
| 315 { | 315 { |
| 316 // targetFrame can be 0 when we're trying to navigate a top-level frame | 316 // targetFrame can be 0 when we're trying to navigate a top-level frame |
| 317 // that has a 0 opener. | 317 // that has a 0 opener. |
| 318 if (!targetFrame) | 318 if (!targetFrame) |
| 319 return false; | 319 return false; |
| 320 | 320 |
| 321 const bool isLocalActiveOrigin = activeSecurityOrigin.isLocal(); | 321 const bool isLocalActiveOrigin = activeSecurityOrigin.isLocal(); |
| 322 for (Frame* ancestorFrame = targetFrame; ancestorFrame; ancestorFrame = ance
storFrame->tree().parent()) { | 322 for (const Frame* ancestorFrame = targetFrame; ancestorFrame; ancestorFrame
= ancestorFrame->tree().parent()) { |
| 323 // FIXME: SecurityOrigins need to be refactored to work with out-of-proc
ess iframes. | 323 // FIXME: SecurityOrigins need to be refactored to work with out-of-proc
ess iframes. |
| 324 // For now we prevent navigation between cross-process frames. | 324 // For now we prevent navigation between cross-process frames. |
| 325 if (!ancestorFrame->isLocalFrame()) | 325 if (!ancestorFrame->isLocalFrame()) |
| 326 return false; | 326 return false; |
| 327 | 327 |
| 328 Document* ancestorDocument = toLocalFrame(ancestorFrame)->document(); | 328 Document* ancestorDocument = toLocalFrame(ancestorFrame)->document(); |
| 329 // FIXME: Should be an ASSERT? Frames should alway have documents. | 329 // FIXME: Should be an ASSERT? Frames should alway have documents. |
| 330 if (!ancestorDocument) | 330 if (!ancestorDocument) |
| 331 return true; | 331 return true; |
| 332 | 332 |
| (...skipping 2588 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2921 } | 2921 } |
| 2922 | 2922 |
| 2923 void Document::disableEval(const String& errorMessage) | 2923 void Document::disableEval(const String& errorMessage) |
| 2924 { | 2924 { |
| 2925 if (!frame()) | 2925 if (!frame()) |
| 2926 return; | 2926 return; |
| 2927 | 2927 |
| 2928 frame()->script().disableEval(errorMessage); | 2928 frame()->script().disableEval(errorMessage); |
| 2929 } | 2929 } |
| 2930 | 2930 |
| 2931 bool Document::canNavigate(Frame* targetFrame) | 2931 bool Document::canNavigate(const Frame& targetFrame) |
| 2932 { | 2932 { |
| 2933 if (!m_frame) | 2933 if (!m_frame) |
| 2934 return false; | 2934 return false; |
| 2935 | 2935 |
| 2936 // FIXME: We shouldn't call this function without a target frame, but | |
| 2937 // fast/forms/submit-to-blank-multiple-times.html depends on this function | |
| 2938 // returning true when supplied with a 0 targetFrame. | |
| 2939 if (!targetFrame) | |
| 2940 return true; | |
| 2941 | |
| 2942 // Frame-busting is generally allowed, but blocked for sandboxed frames lack
ing the 'allow-top-navigation' flag. | 2936 // Frame-busting is generally allowed, but blocked for sandboxed frames lack
ing the 'allow-top-navigation' flag. |
| 2943 if (!isSandboxed(SandboxTopNavigation) && targetFrame == m_frame->tree().top
()) | 2937 if (!isSandboxed(SandboxTopNavigation) && targetFrame == m_frame->tree().top
()) |
| 2944 return true; | 2938 return true; |
| 2945 | 2939 |
| 2946 if (isSandboxed(SandboxNavigation)) { | 2940 if (isSandboxed(SandboxNavigation)) { |
| 2947 if (targetFrame->tree().isDescendantOf(m_frame)) | 2941 if (targetFrame.tree().isDescendantOf(m_frame)) |
| 2948 return true; | 2942 return true; |
| 2949 | 2943 |
| 2950 const char* reason = "The frame attempting navigation is sandboxed, and
is therefore disallowed from navigating its ancestors."; | 2944 const char* reason = "The frame attempting navigation is sandboxed, and
is therefore disallowed from navigating its ancestors."; |
| 2951 if (isSandboxed(SandboxTopNavigation) && targetFrame == m_frame->tree().
top()) | 2945 if (isSandboxed(SandboxTopNavigation) && targetFrame == m_frame->tree().
top()) |
| 2952 reason = "The frame attempting navigation of the top-level window is
sandboxed, but the 'allow-top-navigation' flag is not set."; | 2946 reason = "The frame attempting navigation of the top-level window is
sandboxed, but the 'allow-top-navigation' flag is not set."; |
| 2953 | 2947 |
| 2954 printNavigationErrorMessage(*toLocalFrameTemporary(targetFrame), url(),
reason); | 2948 printNavigationErrorMessage(toLocalFrameTemporary(targetFrame), url(), r
eason); |
| 2955 return false; | 2949 return false; |
| 2956 } | 2950 } |
| 2957 | 2951 |
| 2958 ASSERT(securityOrigin()); | 2952 ASSERT(securityOrigin()); |
| 2959 SecurityOrigin& origin = *securityOrigin(); | 2953 SecurityOrigin& origin = *securityOrigin(); |
| 2960 | 2954 |
| 2961 // This is the normal case. A document can navigate its decendant frames, | 2955 // This is the normal case. A document can navigate its decendant frames, |
| 2962 // or, more generally, a document can navigate a frame if the document is | 2956 // or, more generally, a document can navigate a frame if the document is |
| 2963 // in the same origin as any of that frame's ancestors (in the frame | 2957 // in the same origin as any of that frame's ancestors (in the frame |
| 2964 // hierarchy). | 2958 // hierarchy). |
| 2965 // | 2959 // |
| 2966 // See http://www.adambarth.com/papers/2008/barth-jackson-mitchell.pdf for | 2960 // See http://www.adambarth.com/papers/2008/barth-jackson-mitchell.pdf for |
| 2967 // historical information about this security check. | 2961 // historical information about this security check. |
| 2968 if (canAccessAncestor(origin, targetFrame)) | 2962 if (canAccessAncestor(origin, &targetFrame)) |
| 2969 return true; | 2963 return true; |
| 2970 | 2964 |
| 2971 // Top-level frames are easier to navigate than other frames because they | 2965 // Top-level frames are easier to navigate than other frames because they |
| 2972 // display their URLs in the address bar (in most browsers). However, there | 2966 // display their URLs in the address bar (in most browsers). However, there |
| 2973 // are still some restrictions on navigation to avoid nuisance attacks. | 2967 // are still some restrictions on navigation to avoid nuisance attacks. |
| 2974 // Specifically, a document can navigate a top-level frame if that frame | 2968 // Specifically, a document can navigate a top-level frame if that frame |
| 2975 // opened the document or if the document is the same-origin with any of | 2969 // opened the document or if the document is the same-origin with any of |
| 2976 // the top-level frame's opener's ancestors (in the frame hierarchy). | 2970 // the top-level frame's opener's ancestors (in the frame hierarchy). |
| 2977 // | 2971 // |
| 2978 // In both of these cases, the document performing the navigation is in | 2972 // In both of these cases, the document performing the navigation is in |
| 2979 // some way related to the frame being navigate (e.g., by the "opener" | 2973 // some way related to the frame being navigate (e.g., by the "opener" |
| 2980 // and/or "parent" relation). Requiring some sort of relation prevents a | 2974 // and/or "parent" relation). Requiring some sort of relation prevents a |
| 2981 // document from navigating arbitrary, unrelated top-level frames. | 2975 // document from navigating arbitrary, unrelated top-level frames. |
| 2982 if (!targetFrame->tree().parent()) { | 2976 if (!targetFrame.tree().parent()) { |
| 2983 if (targetFrame == m_frame->loader().opener()) | 2977 if (targetFrame == m_frame->loader().opener()) |
| 2984 return true; | 2978 return true; |
| 2985 | 2979 |
| 2986 // FIXME: We don't have access to RemoteFrame's opener yet. | 2980 // FIXME: We don't have access to RemoteFrame's opener yet. |
| 2987 if (targetFrame->isLocalFrame() && canAccessAncestor(origin, toLocalFram
e(targetFrame)->loader().opener())) | 2981 if (targetFrame.isLocalFrame() && canAccessAncestor(origin, toLocalFrame
(targetFrame).loader().opener())) |
| 2988 return true; | 2982 return true; |
| 2989 } | 2983 } |
| 2990 | 2984 |
| 2991 printNavigationErrorMessage(*toLocalFrameTemporary(targetFrame), url(), "The
frame attempting navigation is neither same-origin with the target, nor is it t
he target's parent or opener."); | 2985 printNavigationErrorMessage(toLocalFrameTemporary(targetFrame), url(), "The
frame attempting navigation is neither same-origin with the target, nor is it th
e target's parent or opener."); |
| 2992 return false; | 2986 return false; |
| 2993 } | 2987 } |
| 2994 | 2988 |
| 2995 LocalFrame* Document::findUnsafeParentScrollPropagationBoundary() | 2989 LocalFrame* Document::findUnsafeParentScrollPropagationBoundary() |
| 2996 { | 2990 { |
| 2997 LocalFrame* currentFrame = m_frame; | 2991 LocalFrame* currentFrame = m_frame; |
| 2998 Frame* ancestorFrame = currentFrame->tree().parent(); | 2992 Frame* ancestorFrame = currentFrame->tree().parent(); |
| 2999 | 2993 |
| 3000 while (ancestorFrame) { | 2994 while (ancestorFrame) { |
| 3001 // FIXME: We don't yet have access to a RemoteFrame's security origin. | 2995 // FIXME: We don't yet have access to a RemoteFrame's security origin. |
| (...skipping 2800 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 5802 visitor->trace(m_timeline); | 5796 visitor->trace(m_timeline); |
| 5803 visitor->trace(m_compositorPendingAnimations); | 5797 visitor->trace(m_compositorPendingAnimations); |
| 5804 visitor->registerWeakMembers<Document, &Document::clearWeakMembers>(this); | 5798 visitor->registerWeakMembers<Document, &Document::clearWeakMembers>(this); |
| 5805 DocumentSupplementable::trace(visitor); | 5799 DocumentSupplementable::trace(visitor); |
| 5806 TreeScope::trace(visitor); | 5800 TreeScope::trace(visitor); |
| 5807 ContainerNode::trace(visitor); | 5801 ContainerNode::trace(visitor); |
| 5808 ExecutionContext::trace(visitor); | 5802 ExecutionContext::trace(visitor); |
| 5809 } | 5803 } |
| 5810 | 5804 |
| 5811 } // namespace WebCore | 5805 } // namespace WebCore |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 307223002:
Make sure we never pass a null Frame to Document::canNavigate() (Closed)
Base URL: svn://svn.chromium.org/blink/trunk