Home | History | Annotate | Download | only in generic 
      1 /*
      2  * Copyright (C) 2009 Google Inc. All rights reserved.
      3  *
      4  * Redistribution and use in source and binary forms, with or without
      5  * modification, are permitted provided that the following conditions are
      6  * met:
      7  *
      8  *     * Redistributions of source code must retain the above copyright
      9  * notice, this list of conditions and the following disclaimer.
     10  *     * Redistributions in binary form must reproduce the above
     11  * copyright notice, this list of conditions and the following disclaimer
     12  * in the documentation and/or other materials provided with the
     13  * distribution.
     14  *     * Neither the name of Google Inc. nor the names of its
     15  * contributors may be used to endorse or promote products derived from
     16  * this software without specific prior written permission.
     17  *
     18  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
     19  * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
     20  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
     21  * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
     22  * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
     23  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
     24  * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
     25  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
     26  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
     27  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
     28  * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
     29  */
     30 
     31 #ifndef BindingSecurity_h
     32 #define BindingSecurity_h
     33 
     34 #include "BindingSecurityBase.h"
     35 #include "CSSHelper.h"
     36 #include "Element.h"
     37 #include "GenericBinding.h"
     38 #include "HTMLFrameElementBase.h"
     39 
     40 namespace WebCore {
     41 
     42 class DOMWindow;
     43 class Frame;
     44 class Node;
     45 
     46 // Security functions shared by various language bindings.
     47 template <class Binding>
     48 class BindingSecurity : public BindingSecurityBase {
     49 public:
     50     // Check if the active execution context can access the target frame.
     51     static bool canAccessFrame(State<Binding>*, Frame*, bool reportError);
     52 
     53     // Check if it is safe to access the given node from the
     54     // current security context.
     55     static bool checkNodeSecurity(State<Binding>*, Node* target);
     56 
     57     static bool allowSettingFrameSrcToJavascriptUrl(State<Binding>*, HTMLFrameElementBase*, String value);
     58     static bool allowSettingSrcToJavascriptURL(State<Binding>*, Element*, String name, String value);
     59 
     60 private:
     61     explicit BindingSecurity() {}
     62     ~BindingSecurity();
     63 
     64     // Check if the current DOMWindow's security context can access the target
     65     // DOMWindow.  This function does not report errors, so most callers should
     66     // use canAccessFrame instead.
     67     static bool canAccessWindow(State<Binding>*, DOMWindow* target);
     68 };
     69 
     70 // Implementations of templated methods must be in this file.
     71 
     72 template <class Binding>
     73 bool BindingSecurity<Binding>::canAccessWindow(State<Binding>* state,
     74                                                DOMWindow* targetWindow)
     75 {
     76     DOMWindow* activeWindow = state->getActiveWindow();
     77     return canAccess(activeWindow, targetWindow);
     78 }
     79 
     80 template <class Binding>
     81 bool BindingSecurity<Binding>::canAccessFrame(State<Binding>* state,
     82                                               Frame* target,
     83                                               bool reportError)
     84 {
     85     // The subject is detached from a frame, deny accesses.
     86     if (!target)
     87         return false;
     88 
     89     if (!canAccessWindow(state, getDOMWindow(target))) {
     90         if (reportError)
     91             state->immediatelyReportUnsafeAccessTo(target);
     92         return false;
     93     }
     94     return true;
     95 }
     96 
     97 template <class Binding>
     98 bool BindingSecurity<Binding>::checkNodeSecurity(State<Binding>* state, Node* node)
     99 {
    100     if (!node)
    101         return false;
    102 
    103     Frame* target = getFrame(node);
    104 
    105     if (!target)
    106         return false;
    107 
    108     return canAccessFrame(state, target, true);
    109 }
    110 
    111 template <class Binding>
    112 bool BindingSecurity<Binding>::allowSettingFrameSrcToJavascriptUrl(State<Binding>* state, HTMLFrameElementBase* frame, String value)
    113 {
    114     if (protocolIsJavaScript(deprecatedParseURL(value))) {
    115         Node* contentDoc = frame->contentDocument();
    116         if (contentDoc && !checkNodeSecurity(state, contentDoc))
    117             return false;
    118     }
    119     return true;
    120 }
    121 
    122 template <class Binding>
    123 bool BindingSecurity<Binding>::allowSettingSrcToJavascriptURL(State<Binding>* state, Element* element, String name, String value)
    124 {
    125     if ((element->hasTagName(HTMLNames::iframeTag) || element->hasTagName(HTMLNames::frameTag)) && equalIgnoringCase(name, "src"))
    126         return allowSettingFrameSrcToJavascriptUrl(state, static_cast<HTMLFrameElementBase*>(element), value);
    127     return true;
    128 }
    129 
    130 }
    131 
    132 #endif // BindingSecurity_h
    133