• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (C) 2009 Google Inc. All rights reserved.
3  *
4  * Redistribution and use in source and binary forms, with or without
5  * modification, are permitted provided that the following conditions are
6  * met:
7  *
8  *     * Redistributions of source code must retain the above copyright
9  * notice, this list of conditions and the following disclaimer.
10  *     * Redistributions in binary form must reproduce the above
11  * copyright notice, this list of conditions and the following disclaimer
12  * in the documentation and/or other materials provided with the
13  * distribution.
14  *     * Neither the name of Google Inc. nor the names of its
15  * contributors may be used to endorse or promote products derived from
16  * this software without specific prior written permission.
17  *
18  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
19  * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
20  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
21  * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
22  * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
23  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
24  * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
25  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
26  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
27  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
28  * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
29  */
30 
31 #include "config.h"
32 #include "BindingSecurityBase.h"
33 
34 #include "DOMWindow.h"
35 #include "Frame.h"
36 #include "SecurityOrigin.h"
37 
38 namespace WebCore {
39 
getDOMWindow(Frame * frame)40 DOMWindow* BindingSecurityBase::getDOMWindow(Frame* frame)
41 {
42     return frame->domWindow();
43 }
44 
getFrame(Node * node)45 Frame* BindingSecurityBase::getFrame(Node* node)
46 {
47     return node->document()->frame();
48 }
49 
50 // Same origin policy implementation:
51 //
52 // Same origin policy prevents JS code from domain A from accessing JS & DOM
53 // objects in a different domain B. There are exceptions and several objects
54 // are accessible by cross-domain code. For example, the window.frames object
55 // is accessible by code from a different domain, but window.document is not.
56 //
57 // The JS binding code sets security check callbacks on a function template,
58 // and accessing instances of the template calls the callback function.
59 // The callback function enforces the same origin policy.
60 //
61 // Callback functions are expensive. Binding code should use a security token
62 // string to do fast access checks for the common case where source and target
63 // are in the same domain. A security token is a string object that represents
64 // the protocol/url/port of a domain.
65 //
66 // There are special cases where security token matching is not enough.
67 // For example, JS can set its domain to a super domain by calling
68 // document.setDomain(...). In these cases, the binding code can reset
69 // a context's security token to its global object so that the fast access
70 // check will always fail.
71 
72 // Helper to check if the current execution context can access a target frame.
73 // First it checks same domain policy using the lexical context.
74 //
75 // This is equivalent to KJS::Window::allowsAccessFrom(ExecState*).
canAccess(DOMWindow * activeWindow,DOMWindow * targetWindow)76 bool BindingSecurityBase::canAccess(DOMWindow* activeWindow,
77                                     DOMWindow* targetWindow)
78 {
79     ASSERT(targetWindow);
80 
81     String message;
82 
83     if (activeWindow == targetWindow)
84         return true;
85 
86     if (!activeWindow)
87         return false;
88 
89     const SecurityOrigin* activeSecurityOrigin = activeWindow->securityOrigin();
90     const SecurityOrigin* targetSecurityOrigin = targetWindow->securityOrigin();
91 
92     // We have seen crashes were the security origin of the target has not been
93     // initialized. Defend against that.
94     if (!targetSecurityOrigin)
95         return false;
96 
97     if (activeSecurityOrigin->canAccess(targetSecurityOrigin))
98         return true;
99 
100     // Allow access to a "about:blank" page if the dynamic context is a
101     // detached context of the same frame as the blank page.
102     if (targetSecurityOrigin->isEmpty() && activeWindow->frame() == targetWindow->frame())
103         return true;
104 
105     return false;
106 }
107 
108 } // namespace WebCore
109