1 /*

     2  * Copyright (C) 2009 Google Inc. All rights reserved.

     3  * 

     4  * Redistribution and use in source and binary forms, with or without

     5  * modification, are permitted provided that the following conditions are

     6  * met:

     7  * 

     8  *     * Redistributions of source code must retain the above copyright

     9  * notice, this list of conditions and the following disclaimer.

    10  *     * Redistributions in binary form must reproduce the above

    11  * copyright notice, this list of conditions and the following disclaimer

    12  * in the documentation and/or other materials provided with the

    13  * distribution.

    14  *     * Neither the name of Google Inc. nor the names of its

    15  * contributors may be used to endorse or promote products derived from

    16  * this software without specific prior written permission.

    17  * 

    18  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS

    19  * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT

    20  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR

    21  * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT

    22  * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

    23  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT

    24  * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,

    25  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY

    26  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT

    27  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE

    28  * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

    29  */

    30 

    31 #include "config.h"

    32 #include "BindingSecurityBase.h"

    33 

    34 #include "DOMWindow.h"

    35 #include "Frame.h"

    36 #include "SecurityOrigin.h"

    37 

    38 namespace WebCore {

    39 

    40 DOMWindow* BindingSecurityBase::getDOMWindow(Frame* frame)

    41 {

    42     return frame->domWindow();

    43 }

    44 

    45 Frame* BindingSecurityBase::getFrame(Node* node)

    46 {

    47     return node->document()->frame();

    48 }

    49 

    50 // Same origin policy implementation:

    51 //

    52 // Same origin policy prevents JS code from domain A from accessing JS & DOM

    53 // objects in a different domain B. There are exceptions and several objects

    54 // are accessible by cross-domain code. For example, the window.frames object

    55 // is accessible by code from a different domain, but window.document is not.

    56 //

    57 // The JS binding code sets security check callbacks on a function template,

    58 // and accessing instances of the template calls the callback function.

    59 // The callback function enforces the same origin policy.

    60 //

    61 // Callback functions are expensive. Binding code should use a security token

    62 // string to do fast access checks for the common case where source and target

    63 // are in the same domain. A security token is a string object that represents

    64 // the protocol/url/port of a domain.

    65 //

    66 // There are special cases where security token matching is not enough.

    67 // For example, JS can set its domain to a super domain by calling

    68 // document.setDomain(...). In these cases, the binding code can reset

    69 // a context's security token to its global object so that the fast access

    70 // check will always fail.

    71 

    72 // Helper to check if the current execution context can access a target frame.

    73 // First it checks same domain policy using the lexical context.

    74 //

    75 // This is equivalent to KJS::Window::allowsAccessFrom(ExecState*).

    76 bool BindingSecurityBase::canAccess(DOMWindow* activeWindow,

    77                                     DOMWindow* targetWindow)

    78 {

    79     ASSERT(targetWindow);

    80 

    81     String message;

    82 

    83     if (activeWindow == targetWindow)

    84         return true;

    85 

    86     if (!activeWindow)

    87         return false;

    88 

    89     const SecurityOrigin* activeSecurityOrigin = activeWindow->securityOrigin();

    90     const SecurityOrigin* targetSecurityOrigin = targetWindow->securityOrigin();

    91 

    92     // We have seen crashes were the security origin of the target has not been

    93     // initialized. Defend against that.

    94     if (!targetSecurityOrigin)

    95         return false;

    96 

    97     if (activeSecurityOrigin->canAccess(targetSecurityOrigin))

    98         return true;

    99 

   100     // Allow access to a "about:blank" page if the dynamic context is a

   101     // detached context of the same frame as the blank page.

   102     if (targetSecurityOrigin->isEmpty() && activeWindow->frame() == targetWindow->frame())

   103         return true;

   104 

   105     return false;

   106 }

   107 

   108 } // namespace WebCore