Quelle WindowNamedPropertiesHandler.cpp
Sprache: C
/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ /* vim: set ts=8 sts=2 et sw=2 tw=80: */ /* This Source Code Form is subject to the terms of the Mozilla Public * License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
staticbool ShouldExposeChildWindow(const nsString& aNameBeingResolved,
BrowsingContext* aChild) {
Element* e = aChild->GetEmbedderElement(); if (e && e->IsInShadowTree()) { returnfalse;
}
// If we're same-origin with the child, go ahead and expose it.
nsPIDOMWindowOuter* child = aChild->GetDOMWindow();
nsCOMPtr<nsIScriptObjectPrincipal> sop = do_QueryInterface(child); if (sop && nsContentUtils::SubjectPrincipal()->Equals(sop->GetPrincipal())) { returntrue;
}
// If we're not same-origin, expose it _only_ if the name of the browsing // context matches the 'name' attribute of the frame element in the parent. // The motivations behind this heuristic are worth explaining here. // // Historically, all UAs supported global named access to any child browsing // context (that is to say, window.dolske returns a child frame where either // the "name" attribute on the frame element was set to "dolske", or where // the child explicitly set window.name = "dolske"). // // This is problematic because it allows possibly-malicious and unrelated // cross-origin subframes to pollute the global namespace of their parent in // unpredictable ways (see bug 860494). This is also problematic for browser // engines like Servo that want to run cross-origin script on different // threads. // // The naive solution here would be to filter out any cross-origin subframes // obtained when doing named lookup in global scope. But that is unlikely to // be web-compatible, since it will break named access for consumers that do // <iframe name="dolske" src="http://cross-origin.com/sadtrombone.html"> and // expect to be able to access the cross-origin subframe via named lookup on // the global. // // The optimal behavior would be to do the following: // (a) Look for any child browsing context with name="dolske". // (b) If the result is cross-origin, null it out. // (c) If we have null, look for a frame element whose 'name' attribute is // "dolske". // // Unfortunately, (c) would require some engineering effort to be performant // in Gecko, and probably in other UAs as well. So we go with a simpler // approximation of the above. This approximation will only break sites that // rely on their cross-origin subframes setting window.name to a known value, // which is unlikely to be very common. And while it does introduce a // dependency on cross-origin state when doing global lookups, it doesn't // allow the child to arbitrarily pollute the parent namespace, and requires // cross-origin communication only in a limited set of cases that can be // computed independently by the parent. return e && e->AttrValueIs(kNameSpaceID_None, nsGkAtoms::name,
aNameBeingResolved, eCaseMatters);
}
// Nothing to do if we're resolving another symbol property. returntrue;
}
bool hasOnPrototype; if (!HasPropertyOnPrototype(aCx, aProxy, aId, &hasOnPrototype)) { returnfalse;
} if (hasOnPrototype) { returntrue;
}
nsAutoJSString str; if (!str.init(aCx, aId)) { returnfalse;
}
if (str.IsEmpty()) { returntrue;
}
// Grab the DOM window.
nsGlobalWindowInner* win = xpc::WindowGlobalOrNull(aProxy); if (win->Length() > 0) {
RefPtr<BrowsingContext> child = win->GetChildWindow(str); if (child && ShouldExposeChildWindow(str, child)) { // We found a subframe of the right name. Shadowing via |var foo| in // global scope is still allowed, since |var| only looks up |own| // properties. But unqualified shadowing will fail, per-spec.
JS::Rooted<JS::Value> v(aCx); if (!ToJSValue(aCx, WindowProxyHolder(std::move(child)), &v)) { returnfalse;
}
aDesc.set(mozilla::Some(
JS::PropertyDescriptor::Data(v, {JS::PropertyAttribute::Configurable,
JS::PropertyAttribute::Writable}))); returntrue;
}
}
// The rest of this function is for HTML documents only.
Document* doc = win->GetExtantDoc(); if (!doc || !doc->IsHTMLOrXHTML()) { returntrue;
}
nsHTMLDocument* document = doc->AsHTMLDocument();
JS::Rooted<JS::Value> v(aCx);
Element* element = document->GetElementById(str); if (element) { if (!ToJSValue(aCx, element, &v)) { returnfalse;
}
aDesc.set(mozilla::Some(
JS::PropertyDescriptor::Data(v, {JS::PropertyAttribute::Configurable,
JS::PropertyAttribute::Writable}))); returntrue;
}
ErrorResult rv; bool found = document->ResolveName(aCx, str, &v, rv); if (rv.MaybeSetPendingException(aCx)) { returnfalse;
}
if (found) {
aDesc.set(mozilla::Some(
JS::PropertyDescriptor::Data(v, {JS::PropertyAttribute::Configurable,
JS::PropertyAttribute::Writable})));
} returntrue;
}
bool WindowNamedPropertiesHandler::ownPropNames(
JSContext* aCx, JS::Handle<JSObject*> aProxy, unsigned flags,
JS::MutableHandleVector<jsid> aProps) const { if (!(flags & JSITER_HIDDEN)) { // None of our named properties are enumerable. returntrue;
}
// Grab the DOM window.
nsGlobalWindowInner* win = xpc::WindowGlobalOrNull(aProxy);
nsTArray<nsString> names; // The names live on the outer window, which might be null
nsGlobalWindowOuter* outer = win->GetOuterWindowInternal(); if (outer) { if (BrowsingContext* bc = outer->GetBrowsingContext()) { for (constauto& child : bc->Children()) { const nsString& name = child->Name(); if (!name.IsEmpty() && !names.Contains(name)) { // Make sure we really would expose it from getOwnPropDescriptor. if (ShouldExposeChildWindow(name, child)) {
names.AppendElement(name);
}
}
}
}
} if (!AppendNamedPropertyIds(aCx, aProxy, names, false, aProps)) { returnfalse;
}
names.Clear();
Document* doc = win->GetExtantDoc(); if (!doc || !doc->IsHTMLOrXHTML()) { // Define to @@toStringTag on this object to keep Object.prototype.toString // backwards compatible.
JS::Rooted<jsid> toStringTagId(
aCx, JS::GetWellKnownSymbolKey(aCx, JS::SymbolCode::toStringTag)); return aProps.append(toStringTagId);
}
nsHTMLDocument* document = doc->AsHTMLDocument(); // Document names are enumerable, so we want to get them no matter what flags // is.
document->GetSupportedNames(names);
// Note that this class doesn't need any reserved slots, but SpiderMonkey // asserts all proxy classes have at least one reserved slot. staticconst DOMIfaceAndProtoJSClass WindowNamedPropertiesClass = {
PROXY_CLASS_DEF("WindowProperties", JSCLASS_IS_DOMIFACEANDPROTOJSCLASS |
JSCLASS_HAS_RESERVED_SLOTS(1)),
eNamedPropertiesObject,
prototypes::id::_ID_Count,
0,
&sEmptyNativePropertyHooks,
EventTarget_Binding::GetProtoObject};
bool succeeded; if (!JS_SetImmutablePrototype(aCx, gsp, &succeeded)) { return nullptr;
}
MOZ_ASSERT(succeeded, "errors making the [[Prototype]] of the named properties object " "immutable should have been JSAPI failures, not !succeeded");
return gsp;
}
} // namespace mozilla::dom
¤ Dauer der Verarbeitung: 0.30 Sekunden
(vorverarbeitet)
¤
Die Informationen auf dieser Webseite wurden
nach bestem Wissen sorgfältig zusammengestellt. Es wird jedoch weder Vollständigkeit, noch Richtigkeit,
noch Qualität der bereit gestellten Informationen zugesichert.
Bemerkung:
Die farbliche Syntaxdarstellung ist noch experimentell.
