Home | History | Annotate | Download | only in generic 
      1 /*
      2  * Copyright (C) 2009 Google Inc. All rights reserved.
      3  *
      4  * Redistribution and use in source and binary forms, with or without
      5  * modification, are permitted provided that the following conditions are
      6  * met:
      7  *
      8  *     * Redistributions of source code must retain the above copyright
      9  * notice, this list of conditions and the following disclaimer.
     10  *     * Redistributions in binary form must reproduce the above
     11  * copyright notice, this list of conditions and the following disclaimer
     12  * in the documentation and/or other materials provided with the
     13  * distribution.
     14  *     * Neither the name of Google Inc. nor the names of its
     15  * contributors may be used to endorse or promote products derived from
     16  * this software without specific prior written permission.
     17  *
     18  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
     19  * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
     20  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
     21  * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
     22  * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
     23  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
     24  * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
     25  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
     26  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
     27  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
     28  * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
     29  */
     30 
     31 #include "config.h"
     32 #include "BindingSecurityBase.h"
     33 
     34 #include "DOMWindow.h"
     35 #include "Frame.h"
     36 #include "SecurityOrigin.h"
     37 
     38 namespace WebCore {
     39 
     40 DOMWindow* BindingSecurityBase::getDOMWindow(Frame* frame)
     41 {
     42     return frame->domWindow();
     43 }
     44 
     45 Frame* BindingSecurityBase::getFrame(Node* node)
     46 {
     47     return node->document()->frame();
     48 }
     49 
     50 // Same origin policy implementation:
     51 //
     52 // Same origin policy prevents JS code from domain A from accessing JS & DOM
     53 // objects in a different domain B. There are exceptions and several objects
     54 // are accessible by cross-domain code. For example, the window.frames object
     55 // is accessible by code from a different domain, but window.document is not.
     56 //
     57 // The JS binding code sets security check callbacks on a function template,
     58 // and accessing instances of the template calls the callback function.
     59 // The callback function enforces the same origin policy.
     60 //
     61 // Callback functions are expensive. Binding code should use a security token
     62 // string to do fast access checks for the common case where source and target
     63 // are in the same domain. A security token is a string object that represents
     64 // the protocol/url/port of a domain.
     65 //
     66 // There are special cases where security token matching is not enough.
     67 // For example, JS can set its domain to a super domain by calling
     68 // document.setDomain(...). In these cases, the binding code can reset
     69 // a context's security token to its global object so that the fast access
     70 // check will always fail.
     71 
     72 // Helper to check if the current execution context can access a target frame.
     73 // First it checks same domain policy using the lexical context.
     74 //
     75 // This is equivalent to KJS::Window::allowsAccessFrom(ExecState*).
     76 bool BindingSecurityBase::canAccess(DOMWindow* activeWindow,
     77                                     DOMWindow* targetWindow)
     78 {
     79     ASSERT(targetWindow);
     80 
     81     String message;
     82 
     83     if (activeWindow == targetWindow)
     84         return true;
     85 
     86     if (!activeWindow)
     87         return false;
     88 
     89     const SecurityOrigin* activeSecurityOrigin = activeWindow->securityOrigin();
     90     const SecurityOrigin* targetSecurityOrigin = targetWindow->securityOrigin();
     91 
     92     // We have seen crashes were the security origin of the target has not been
     93     // initialized. Defend against that.
     94     if (!targetSecurityOrigin)
     95         return false;
     96 
     97     if (activeSecurityOrigin->canAccess(targetSecurityOrigin))
     98         return true;
     99 
    100     // Allow access to a "about:blank" page if the dynamic context is a
    101     // detached context of the same frame as the blank page.
    102     if (targetSecurityOrigin->isEmpty() && activeWindow->frame() == targetWindow->frame())
    103         return true;
    104 
    105     return false;
    106 }
    107 
    108 } // namespace WebCore
    109