• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (C) 2009 Google Inc. All rights reserved.
3  *
4  * Redistribution and use in source and binary forms, with or without
5  * modification, are permitted provided that the following conditions are
6  * met:
7  *
8  *     * Redistributions of source code must retain the above copyright
9  * notice, this list of conditions and the following disclaimer.
10  *     * Redistributions in binary form must reproduce the above
11  * copyright notice, this list of conditions and the following disclaimer
12  * in the documentation and/or other materials provided with the
13  * distribution.
14  *     * Neither the name of Google Inc. nor the names of its
15  * contributors may be used to endorse or promote products derived from
16  * this software without specific prior written permission.
17  *
18  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
19  * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
20  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
21  * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
22  * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
23  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
24  * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
25  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
26  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
27  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
28  * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
29  */
30 
31 #ifndef BindingSecurity_h
32 #define BindingSecurity_h
33 
34 #include "BindingSecurityBase.h"
35 #include "CSSHelper.h"
36 #include "Element.h"
37 #include "GenericBinding.h"
38 #include "HTMLFrameElementBase.h"
39 
40 namespace WebCore {
41 
42 class DOMWindow;
43 class Frame;
44 class Node;
45 
46 // Security functions shared by various language bindings.
47 template <class Binding>
48 class BindingSecurity : public BindingSecurityBase {
49 public:
50     // Check if the active execution context can access the target frame.
51     static bool canAccessFrame(State<Binding>*, Frame*, bool reportError);
52 
53     // Check if it is safe to access the given node from the
54     // current security context.
55     static bool checkNodeSecurity(State<Binding>*, Node* target);
56 
57     static bool allowSettingFrameSrcToJavascriptUrl(State<Binding>*, HTMLFrameElementBase*, String value);
58     static bool allowSettingSrcToJavascriptURL(State<Binding>*, Element*, String name, String value);
59 
60 private:
BindingSecurity()61     explicit BindingSecurity() {}
62     ~BindingSecurity();
63 
64     // Check if the current DOMWindow's security context can access the target
65     // DOMWindow.  This function does not report errors, so most callers should
66     // use canAccessFrame instead.
67     static bool canAccessWindow(State<Binding>*, DOMWindow* target);
68 };
69 
70 // Implementations of templated methods must be in this file.
71 
72 template <class Binding>
canAccessWindow(State<Binding> * state,DOMWindow * targetWindow)73 bool BindingSecurity<Binding>::canAccessWindow(State<Binding>* state,
74                                                DOMWindow* targetWindow)
75 {
76     DOMWindow* activeWindow = state->getActiveWindow();
77     return canAccess(activeWindow, targetWindow);
78 }
79 
80 template <class Binding>
canAccessFrame(State<Binding> * state,Frame * target,bool reportError)81 bool BindingSecurity<Binding>::canAccessFrame(State<Binding>* state,
82                                               Frame* target,
83                                               bool reportError)
84 {
85     // The subject is detached from a frame, deny accesses.
86     if (!target)
87         return false;
88 
89     if (!canAccessWindow(state, getDOMWindow(target))) {
90         if (reportError)
91             state->immediatelyReportUnsafeAccessTo(target);
92         return false;
93     }
94     return true;
95 }
96 
97 template <class Binding>
checkNodeSecurity(State<Binding> * state,Node * node)98 bool BindingSecurity<Binding>::checkNodeSecurity(State<Binding>* state, Node* node)
99 {
100     if (!node)
101         return false;
102 
103     Frame* target = getFrame(node);
104 
105     if (!target)
106         return false;
107 
108     return canAccessFrame(state, target, true);
109 }
110 
111 template <class Binding>
allowSettingFrameSrcToJavascriptUrl(State<Binding> * state,HTMLFrameElementBase * frame,String value)112 bool BindingSecurity<Binding>::allowSettingFrameSrcToJavascriptUrl(State<Binding>* state, HTMLFrameElementBase* frame, String value)
113 {
114     if (protocolIsJavaScript(deprecatedParseURL(value))) {
115         Node* contentDoc = frame->contentDocument();
116         if (contentDoc && !checkNodeSecurity(state, contentDoc))
117             return false;
118     }
119     return true;
120 }
121 
122 template <class Binding>
allowSettingSrcToJavascriptURL(State<Binding> * state,Element * element,String name,String value)123 bool BindingSecurity<Binding>::allowSettingSrcToJavascriptURL(State<Binding>* state, Element* element, String name, String value)
124 {
125     if ((element->hasTagName(HTMLNames::iframeTag) || element->hasTagName(HTMLNames::frameTag)) && equalIgnoringCase(name, "src"))
126         return allowSettingFrameSrcToJavascriptUrl(state, static_cast<HTMLFrameElementBase*>(element), value);
127     return true;
128 }
129 
130 }
131 
132 #endif // BindingSecurity_h
133