v8/custom/V8CustomBinding.cpp

/*
 * Copyright (C) 2007-2009 Google Inc. All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions are
 * met:
 *
 *     * Redistributions of source code must retain the above copyright
 * notice, this list of conditions and the following disclaimer.
 *     * Redistributions in binary form must reproduce the above
 * copyright notice, this list of conditions and the following disclaimer
 * in the documentation and/or other materials provided with the
 * distribution.
 *     * Neither the name of Google Inc. nor the names of its
 * contributors may be used to endorse or promote products derived from
 * this software without specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */

#include "config.h"
#include "V8CustomBinding.h"

#include "CSSHelper.h"
#include "Element.h"
#include "Document.h"
#include "DOMWindow.h"
#include "History.h"
#include "HTMLNames.h"
#include "HTMLFrameElementBase.h"
#include "Location.h"
#include "V8Proxy.h"

#if ENABLE(SVG)
#include "SVGPathSeg.h"
#endif

namespace WebCore {

bool allowSettingFrameSrcToJavascriptUrl(HTMLFrameElementBase* frame, String value)
{
    if (protocolIs(deprecatedParseURL(value), "javascript")) {
        Node* contentDoc = frame->contentDocument();
        if (contentDoc && !V8Proxy::checkNodeSecurity(contentDoc))
            return false;
    }
    return true;
}

bool allowSettingSrcToJavascriptURL(Element* element, String name, String value)
{
    if ((element->hasTagName(HTMLNames::iframeTag) || element->hasTagName(HTMLNames::frameTag)) && equalIgnoringCase(name, "src"))
        return allowSettingFrameSrcToJavascriptUrl(static_cast<HTMLFrameElementBase*>(element), value);
    return true;
}

// DOMImplementation is a singleton in WebCore. If we use our normal
// mapping from DOM objects to V8 wrappers, the same wrapper will be
// shared for all frames in the same process. This is a major
// security problem. Therefore, we generate a DOMImplementation
// wrapper per document and store it in an internal field of the
// document. Since the DOMImplementation object is a singleton, we do
// not have to do anything to keep the DOMImplementation object alive
// for the lifetime of the wrapper.
ACCESSOR_GETTER(DocumentImplementation)
{
    ASSERT(info.Holder()->InternalFieldCount() >= kDocumentMinimumInternalFieldCount);

    // Check if the internal field already contains a wrapper.
    v8::Local<v8::Value> implementation = info.Holder()->GetInternalField(kDocumentImplementationIndex);
    if (!implementation->IsUndefined())
        return implementation;

    // Generate a wrapper.
    Document* document = V8DOMWrapper::convertDOMWrapperToNative<Document>(info.Holder());
    v8::Handle<v8::Value> wrapper = V8DOMWrapper::convertDOMImplementationToV8Object(document->implementation());

    // Store the wrapper in the internal field.
    info.Holder()->SetInternalField(kDocumentImplementationIndex, wrapper);

    return wrapper;
}

// --------------- Security Checks -------------------------
INDEXED_ACCESS_CHECK(History)
{
    ASSERT(V8ClassIndex::FromInt(data->Int32Value()) == V8ClassIndex::HISTORY);
    // Only allow same origin access.
    History* history = V8DOMWrapper::convertToNativeObject<History>(V8ClassIndex::HISTORY, host);
    return V8Proxy::canAccessFrame(history->frame(), false);
}

NAMED_ACCESS_CHECK(History)
{
    ASSERT(V8ClassIndex::FromInt(data->Int32Value()) == V8ClassIndex::HISTORY);
    // Only allow same origin access.
    History* history = V8DOMWrapper::convertToNativeObject<History>(V8ClassIndex::HISTORY, host);
    return V8Proxy::canAccessFrame(history->frame(), false);
}

#undef INDEXED_ACCESS_CHECK
#undef NAMED_ACCESS_CHECK
#undef NAMED_PROPERTY_GETTER
#undef NAMED_PROPERTY_SETTER

Frame* V8Custom::GetTargetFrame(v8::Local<v8::Object> host, v8::Local<v8::Value> data)
{
    Frame* target = 0;
    switch (V8ClassIndex::FromInt(data->Int32Value())) {
    case V8ClassIndex::DOMWINDOW: {
        v8::Handle<v8::Object> window = V8DOMWrapper::lookupDOMWrapper(V8ClassIndex::DOMWINDOW, host);
        if (window.IsEmpty())
            return target;

        DOMWindow* targetWindow = V8DOMWrapper::convertToNativeObject<DOMWindow>(V8ClassIndex::DOMWINDOW, window);
        target = targetWindow->frame();
        break;
    }
    case V8ClassIndex::LOCATION: {
        History* history = V8DOMWrapper::convertToNativeObject<History>(V8ClassIndex::HISTORY, host);
        target = history->frame();
        break;
    }
    case V8ClassIndex::HISTORY: {
        Location* location = V8DOMWrapper::convertToNativeObject<Location>(V8ClassIndex::LOCATION, host);
        target = location->frame();
        break;
    }
    default:
        break;
    }
    return target;
}

#if ENABLE(SVG)
V8ClassIndex::V8WrapperType V8Custom::DowncastSVGPathSeg(void* pathSeg)
{
    WebCore::SVGPathSeg* realPathSeg = reinterpret_cast<WebCore::SVGPathSeg*>(pathSeg);

    switch (realPathSeg->pathSegType()) {
#define MAKE_CASE(svgValue, v8Value) case WebCore::SVGPathSeg::svgValue: return V8ClassIndex::v8Value

    MAKE_CASE(PATHSEG_CLOSEPATH,                    SVGPATHSEGCLOSEPATH);
    MAKE_CASE(PATHSEG_MOVETO_ABS,                   SVGPATHSEGMOVETOABS);
    MAKE_CASE(PATHSEG_MOVETO_REL,                   SVGPATHSEGMOVETOREL);
    MAKE_CASE(PATHSEG_LINETO_ABS,                   SVGPATHSEGLINETOABS);
    MAKE_CASE(PATHSEG_LINETO_REL,                   SVGPATHSEGLINETOREL);
    MAKE_CASE(PATHSEG_CURVETO_CUBIC_ABS,            SVGPATHSEGCURVETOCUBICABS);
    MAKE_CASE(PATHSEG_CURVETO_CUBIC_REL,            SVGPATHSEGCURVETOCUBICREL);
    MAKE_CASE(PATHSEG_CURVETO_QUADRATIC_ABS,        SVGPATHSEGCURVETOQUADRATICABS);
    MAKE_CASE(PATHSEG_CURVETO_QUADRATIC_REL,        SVGPATHSEGCURVETOQUADRATICREL);
    MAKE_CASE(PATHSEG_ARC_ABS,                      SVGPATHSEGARCABS);
    MAKE_CASE(PATHSEG_ARC_REL,                      SVGPATHSEGARCREL);
    MAKE_CASE(PATHSEG_LINETO_HORIZONTAL_ABS,        SVGPATHSEGLINETOHORIZONTALABS);
    MAKE_CASE(PATHSEG_LINETO_HORIZONTAL_REL,        SVGPATHSEGLINETOHORIZONTALREL);
    MAKE_CASE(PATHSEG_LINETO_VERTICAL_ABS,          SVGPATHSEGLINETOVERTICALABS);
    MAKE_CASE(PATHSEG_LINETO_VERTICAL_REL,          SVGPATHSEGLINETOVERTICALREL);
    MAKE_CASE(PATHSEG_CURVETO_CUBIC_SMOOTH_ABS,     SVGPATHSEGCURVETOCUBICSMOOTHABS);
    MAKE_CASE(PATHSEG_CURVETO_CUBIC_SMOOTH_REL,     SVGPATHSEGCURVETOCUBICSMOOTHREL);
    MAKE_CASE(PATHSEG_CURVETO_QUADRATIC_SMOOTH_ABS, SVGPATHSEGCURVETOQUADRATICSMOOTHABS);
    MAKE_CASE(PATHSEG_CURVETO_QUADRATIC_SMOOTH_REL, SVGPATHSEGCURVETOQUADRATICSMOOTHREL);

#undef MAKE_CASE

    default:
        return V8ClassIndex::INVALID_CLASS_INDEX;
    }
}

#endif // ENABLE(SVG)

} // namespace WebCore