1 /* 2 * Copyright (C) 2009 Google Inc. All rights reserved. 3 * 4 * Redistribution and use in source and binary forms, with or without 5 * modification, are permitted provided that the following conditions are 6 * met: 7 * 8 * * Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * * Redistributions in binary form must reproduce the above 11 * copyright notice, this list of conditions and the following disclaimer 12 * in the documentation and/or other materials provided with the 13 * distribution. 14 * * Neither the name of Google Inc. nor the names of its 15 * contributors may be used to endorse or promote products derived from 16 * this software without specific prior written permission. 17 * 18 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 19 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 20 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 21 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 22 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 23 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 24 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 25 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 26 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 27 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 28 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 29 */ 30 31 #ifndef BindingSecurity_h 32 #define BindingSecurity_h 33 34 #include "BindingSecurityBase.h" 35 #include "CSSHelper.h" 36 #include "Element.h" 37 #include "GenericBinding.h" 38 #include "HTMLFrameElementBase.h" 39 40 namespace WebCore { 41 42 class DOMWindow; 43 class Frame; 44 class Node; 45 46 // Security functions shared by various language bindings. 47 template <class Binding> 48 class BindingSecurity : public BindingSecurityBase { 49 public: 50 // Check if the active execution context can access the target frame. 51 static bool canAccessFrame(State<Binding>*, Frame*, bool reportError); 52 53 // Check if it is safe to access the given node from the 54 // current security context. 55 static bool checkNodeSecurity(State<Binding>*, Node* target); 56 57 static bool allowSettingFrameSrcToJavascriptUrl(State<Binding>*, HTMLFrameElementBase*, String value); 58 static bool allowSettingSrcToJavascriptURL(State<Binding>*, Element*, String name, String value); 59 60 private: 61 explicit BindingSecurity() {} 62 ~BindingSecurity(); 63 64 // Check if the current DOMWindow's security context can access the target 65 // DOMWindow. This function does not report errors, so most callers should 66 // use canAccessFrame instead. 67 static bool canAccessWindow(State<Binding>*, DOMWindow* target); 68 }; 69 70 // Implementations of templated methods must be in this file. 71 72 template <class Binding> 73 bool BindingSecurity<Binding>::canAccessWindow(State<Binding>* state, 74 DOMWindow* targetWindow) 75 { 76 DOMWindow* activeWindow = state->getActiveWindow(); 77 return canAccess(activeWindow, targetWindow); 78 } 79 80 template <class Binding> 81 bool BindingSecurity<Binding>::canAccessFrame(State<Binding>* state, 82 Frame* target, 83 bool reportError) 84 { 85 // The subject is detached from a frame, deny accesses. 86 if (!target) 87 return false; 88 89 if (!canAccessWindow(state, getDOMWindow(target))) { 90 if (reportError) 91 state->immediatelyReportUnsafeAccessTo(target); 92 return false; 93 } 94 return true; 95 } 96 97 template <class Binding> 98 bool BindingSecurity<Binding>::checkNodeSecurity(State<Binding>* state, Node* node) 99 { 100 if (!node) 101 return false; 102 103 Frame* target = getFrame(node); 104 105 if (!target) 106 return false; 107 108 return canAccessFrame(state, target, true); 109 } 110 111 template <class Binding> 112 bool BindingSecurity<Binding>::allowSettingFrameSrcToJavascriptUrl(State<Binding>* state, HTMLFrameElementBase* frame, String value) 113 { 114 if (protocolIsJavaScript(deprecatedParseURL(value))) { 115 Node* contentDoc = frame->contentDocument(); 116 if (contentDoc && !checkNodeSecurity(state, contentDoc)) 117 return false; 118 } 119 return true; 120 } 121 122 template <class Binding> 123 bool BindingSecurity<Binding>::allowSettingSrcToJavascriptURL(State<Binding>* state, Element* element, String name, String value) 124 { 125 if ((element->hasTagName(HTMLNames::iframeTag) || element->hasTagName(HTMLNames::frameTag)) && equalIgnoringCase(name, "src")) 126 return allowSettingFrameSrcToJavascriptUrl(state, static_cast<HTMLFrameElementBase*>(element), value); 127 return true; 128 } 129 130 } 131 132 #endif // BindingSecurity_h 133