- Revision
- 87309
- Author
- jap...@chromium.org
- Date
- 2011-05-25 11:51:27 -0700 (Wed, 25 May 2011)
Log Message
2011-05-25 Nate Chapin <jap...@chromium.org>
Reviewed by Adam Barth.
Put view-source documents in a unique origin and always allow them to run scripts. This ensures tools like
XMLViewer work even when scripts are disabled, while still providing the protections expected when scripts are disabled.
https://bugs.webkit.org/show_bug.cgi?id=59113
* bindings/ScriptControllerBase.cpp:
(WebCore::ScriptController::canExecuteScripts): Check whether the document is viewing source, and allow scripts in that case.
* css/CSSStyleSelector.cpp:
(WebCore::CSSStyleSelector::matchUARules):
* dom/Document.cpp:
(WebCore::Document::Document):
(WebCore::Document::setIsViewSource): Renamed from setUsesViewSourceStyles(), set's a unique security origin if we are viewing source.
* dom/Document.h:
(WebCore::Document::isViewSource): Renamed from usesViewSourceStyles().
* html/HTMLViewSourceDocument.cpp:
(WebCore::HTMLViewSourceDocument::HTMLViewSourceDocument):
* loader/FrameLoader.cpp:
(WebCore::FrameLoader::receivedFirstData):
* xml/XMLTreeViewer.cpp:
(WebCore::XMLTreeViewer::transformDocumentToTreeView):
Modified Paths
Diff
Modified: trunk/LayoutTests/ChangeLog (87308 => 87309)
--- trunk/LayoutTests/ChangeLog 2011-05-25 18:48:25 UTC (rev 87308)
+++ trunk/LayoutTests/ChangeLog 2011-05-25 18:51:27 UTC (rev 87309)
@@ -1,3 +1,11 @@
+2011-05-25 Nate Chapin <jap...@chromium.org>
+
+ Reviewed by Adam Barth.
+
+ Add new console output for https://bugs.webkit.org/show_bug.cgi?id=59113.
+
+ * http/tests/security/view-source-no-_javascript_-url-expected.txt:
+
2011-05-25 Julien Chaffraix <jchaffr...@codeaurora.org>
Reviewed by James Robinson.
Modified: trunk/LayoutTests/http/tests/security/view-source-no-_javascript_-url-expected.txt (87308 => 87309)
--- trunk/LayoutTests/http/tests/security/view-source-no-_javascript_-url-expected.txt 2011-05-25 18:48:25 UTC (rev 87308)
+++ trunk/LayoutTests/http/tests/security/view-source-no-_javascript_-url-expected.txt 2011-05-25 18:51:27 UTC (rev 87309)
@@ -1,3 +1,5 @@
+CONSOLE MESSAGE: line 1: Unsafe _javascript_ attempt to access frame with URL http://127.0.0.1:8000/security/resources/innocent-victim.html from frame with URL http://127.0.0.1:8000/security/view-source-no-_javascript_-url.html. Domains, protocols and ports must match.
+
This test passes if it does not alert FAIL.
Modified: trunk/Source/WebCore/ChangeLog (87308 => 87309)
--- trunk/Source/WebCore/ChangeLog 2011-05-25 18:48:25 UTC (rev 87308)
+++ trunk/Source/WebCore/ChangeLog 2011-05-25 18:51:27 UTC (rev 87309)
@@ -1,3 +1,27 @@
+2011-05-25 Nate Chapin <jap...@chromium.org>
+
+ Reviewed by Adam Barth.
+
+ Put view-source documents in a unique origin and always allow them to run scripts. This ensures tools like
+ XMLViewer work even when scripts are disabled, while still providing the protections expected when scripts are disabled.
+ https://bugs.webkit.org/show_bug.cgi?id=59113
+
+ * bindings/ScriptControllerBase.cpp:
+ (WebCore::ScriptController::canExecuteScripts): Check whether the document is viewing source, and allow scripts in that case.
+ * css/CSSStyleSelector.cpp:
+ (WebCore::CSSStyleSelector::matchUARules):
+ * dom/Document.cpp:
+ (WebCore::Document::Document):
+ (WebCore::Document::setIsViewSource): Renamed from setUsesViewSourceStyles(), set's a unique security origin if we are viewing source.
+ * dom/Document.h:
+ (WebCore::Document::isViewSource): Renamed from usesViewSourceStyles().
+ * html/HTMLViewSourceDocument.cpp:
+ (WebCore::HTMLViewSourceDocument::HTMLViewSourceDocument):
+ * loader/FrameLoader.cpp:
+ (WebCore::FrameLoader::receivedFirstData):
+ * xml/XMLTreeViewer.cpp:
+ (WebCore::XMLTreeViewer::transformDocumentToTreeView):
+
2011-05-25 Julien Chaffraix <jchaffr...@codeaurora.org>
Reviewed by James Robinson.
Modified: trunk/Source/WebCore/bindings/ScriptControllerBase.cpp (87308 => 87309)
--- trunk/Source/WebCore/bindings/ScriptControllerBase.cpp 2011-05-25 18:48:25 UTC (rev 87308)
+++ trunk/Source/WebCore/bindings/ScriptControllerBase.cpp 2011-05-25 18:51:27 UTC (rev 87309)
@@ -29,6 +29,7 @@
#include "Page.h"
#include "ScriptSourceCode.h"
#include "ScriptValue.h"
+#include "SecurityOrigin.h"
#include "Settings.h"
namespace WebCore {
@@ -39,6 +40,11 @@
if (m_frame->loader()->isSandboxed(SandboxScripts))
return false;
+ if (m_frame->document() && m_frame->document()->isViewSource()) {
+ ASSERT(m_frame->document()->securityOrigin()->isUnique());
+ return true;
+ }
+
Settings* settings = m_frame->settings();
const bool allowed = m_frame->loader()->client()->allowJavaScript(settings && settings->isJavaScriptEnabled());
if (!allowed && reason == AboutToExecuteScript)
Modified: trunk/Source/WebCore/css/CSSStyleSelector.cpp (87308 => 87309)
--- trunk/Source/WebCore/css/CSSStyleSelector.cpp 2011-05-25 18:48:25 UTC (rev 87308)
+++ trunk/Source/WebCore/css/CSSStyleSelector.cpp 2011-05-25 18:51:27 UTC (rev 87309)
@@ -1207,7 +1207,7 @@
matchRules(defaultQuirksStyle, firstUARule, lastUARule, false);
// If document uses view source styles (in view source mode or in xml viewer mode), then we match rules from the view source style sheet.
- if (m_checker.m_document->usesViewSourceStyles()) {
+ if (m_checker.m_document->isViewSource()) {
if (!defaultViewSourceStyle)
loadViewSourceStyle();
matchRules(defaultViewSourceStyle, firstUARule, lastUARule, false);
Modified: trunk/Source/WebCore/dom/Document.cpp (87308 => 87309)
--- trunk/Source/WebCore/dom/Document.cpp 2011-05-25 18:48:25 UTC (rev 87308)
+++ trunk/Source/WebCore/dom/Document.cpp 2011-05-25 18:51:27 UTC (rev 87309)
@@ -405,7 +405,7 @@
, m_useSecureKeyboardEntryWhenActive(false)
, m_isXHTML(isXHTML)
, m_isHTML(isHTML)
- , m_usesViewSourceStyles(false)
+ , m_isViewSource(false)
, m_sawElementsInKnownNamespaces(false)
, m_usingGeolocation(false)
, m_eventQueue(EventQueue::create(this))
@@ -1718,6 +1718,15 @@
return m_cssPrimitiveValueCache;
}
+void Document::setIsViewSource(bool isViewSource)
+{
+ m_isViewSource = isViewSource;
+ if (!m_isViewSource)
+ return;
+
+ ScriptExecutionContext::setSecurityOrigin(SecurityOrigin::create(url(), SandboxOrigin));
+}
+
void Document::createStyleSelector()
{
bool matchAuthorAndUserStyles = true;
Modified: trunk/Source/WebCore/dom/Document.h (87308 => 87309)
--- trunk/Source/WebCore/dom/Document.h 2011-05-25 18:48:25 UTC (rev 87308)
+++ trunk/Source/WebCore/dom/Document.h 2011-05-25 18:51:27 UTC (rev 87309)
@@ -443,8 +443,8 @@
CSSStyleSelector* styleSelectorIfExists() const { return m_styleSelector.get(); }
- bool usesViewSourceStyles() const { return m_usesViewSourceStyles; }
- void setUsesViewSourceStyles(bool usesViewSourceStyles) { m_usesViewSourceStyles = usesViewSourceStyles; }
+ bool isViewSource() const { return m_isViewSource; }
+ void setIsViewSource(bool);
bool sawElementsInKnownNamespaces() const { return m_sawElementsInKnownNamespaces; }
@@ -1371,7 +1371,7 @@
bool m_isXHTML;
bool m_isHTML;
- bool m_usesViewSourceStyles;
+ bool m_isViewSource;
bool m_sawElementsInKnownNamespaces;
bool m_usingGeolocation;
Modified: trunk/Source/WebCore/html/HTMLViewSourceDocument.cpp (87308 => 87309)
--- trunk/Source/WebCore/html/HTMLViewSourceDocument.cpp 2011-05-25 18:48:25 UTC (rev 87308)
+++ trunk/Source/WebCore/html/HTMLViewSourceDocument.cpp 2011-05-25 18:51:27 UTC (rev 87309)
@@ -52,7 +52,7 @@
, m_type(mimeType)
{
setUsesBeforeAfterRules(true);
- setUsesViewSourceStyles(true);
+ setIsViewSource(true);
setCompatibilityMode(QuirksMode);
lockCompatibilityMode();
Modified: trunk/Source/WebCore/loader/FrameLoader.cpp (87308 => 87309)
--- trunk/Source/WebCore/loader/FrameLoader.cpp 2011-05-25 18:48:25 UTC (rev 87308)
+++ trunk/Source/WebCore/loader/FrameLoader.cpp 2011-05-25 18:51:27 UTC (rev 87309)
@@ -675,7 +675,7 @@
String url;
if (!m_documentLoader)
return;
- if (m_frame->inViewSourceMode())
+ if (m_frame->document()->isViewSource())
return;
if (!parseHTTPRefresh(m_documentLoader->response().httpHeaderField("Refresh"), false, delay, url))
return;
Modified: trunk/Source/WebCore/xml/XMLTreeViewer.cpp (87308 => 87309)
--- trunk/Source/WebCore/xml/XMLTreeViewer.cpp 2011-05-25 18:48:25 UTC (rev 87308)
+++ trunk/Source/WebCore/xml/XMLTreeViewer.cpp 2011-05-25 18:51:27 UTC (rev 87309)
@@ -70,12 +70,7 @@
void XMLTreeViewer::transformDocumentToTreeView()
{
- // FIXME: Temporary hack to ensure that we still display some of the document (and don't crash)
- // when script is disabled. See https://bugs.webkit.org/show_bug.cgi?id=59113 for work on a
- // better solution.
- if (!m_document->frame()->script()->canExecuteScripts(NotAboutToExecuteScript))
- return;
-
+ m_document->setIsViewSource(true);
String scriptString(reinterpret_cast<const char*>(XMLViewer_js), sizeof(XMLViewer_js));
m_document->frame()->script()->evaluate(ScriptSourceCode(scriptString));
String noStyleMessage("This XML file does not appear to have any style information associated with it. The document tree is shown below.");
@@ -85,8 +80,6 @@
RefPtr<Text> text = m_document->createTextNode(cssString);
ExceptionCode exceptionCode;
m_document->getElementById("xml-viewer-style")->appendChild(text, exceptionCode);
-
- m_document->setUsesViewSourceStyles(true);
m_document->styleSelectorChanged(RecalcStyleImmediately);
}
