[SCM] WebKit Debian packaging branch, debian/unstable, updated. debian/1.1.15-1-40151-g37bb677
mjs
mjs at 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Sat Sep 26 07:40:38 UTC 2009
The following commit has been merged in the debian/unstable branch:
commit c078a671c59dac241148b3b35fdc345d7f698c5e
Author: mjs <mjs at 268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date: Tue May 6 17:50:45 2003 +0000
Reviewed by Darin.
- fixed 3245048 - "Block Pop-Up Windows" can easily be bypassed using javascript: URLs
Closed the loophole by tracking what client redirects were
triggered by user actions, and making sure the script interpreter
knows.
* khtml/ecma/kjs_window.cpp:
(Window::put):
(WindowFunc::tryCall):
(Location::put):
(LocationFunc::tryCall):
* khtml/khtml_part.cpp:
(KHTMLPart::executeScript):
(KHTMLPart::clear):
(KHTMLPart::scheduleRedirection):
(KHTMLPart::slotRedirect):
(KHTMLPart::urlSelected):
* khtml/khtml_part.h:
* khtml/khtmlpart_p.h:
* kwq/WebCoreBridge.mm:
(-[WebCoreBridge stringByEvaluatingJavaScriptFromString:]):
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@4289 268f45cc-cd09-0410-ab3c-d52691b4dbfc
diff --git a/WebCore/ChangeLog-2003-10-25 b/WebCore/ChangeLog-2003-10-25
index 176d3d8..14bad15 100644
--- a/WebCore/ChangeLog-2003-10-25
+++ b/WebCore/ChangeLog-2003-10-25
@@ -1,3 +1,29 @@
+2003-05-06 Maciej Stachowiak <mjs at apple.com>
+
+ Reviewed by Darin.
+
+ - fixed 3245048 - "Block Pop-Up Windows" can easily be bypassed using javascript: URLs
+
+ Closed the loophole by tracking what client redirects were
+ triggered by user actions, and making sure the script interpreter
+ knows.
+
+ * khtml/ecma/kjs_window.cpp:
+ (Window::put):
+ (WindowFunc::tryCall):
+ (Location::put):
+ (LocationFunc::tryCall):
+ * khtml/khtml_part.cpp:
+ (KHTMLPart::executeScript):
+ (KHTMLPart::clear):
+ (KHTMLPart::scheduleRedirection):
+ (KHTMLPart::slotRedirect):
+ (KHTMLPart::urlSelected):
+ * khtml/khtml_part.h:
+ * khtml/khtmlpart_p.h:
+ * kwq/WebCoreBridge.mm:
+ (-[WebCoreBridge stringByEvaluatingJavaScriptFromString:]):
+
2003-05-06 Darin Adler <darin at apple.com>
Reviewed by Ken.
diff --git a/WebCore/ChangeLog-2005-08-23 b/WebCore/ChangeLog-2005-08-23
index 176d3d8..14bad15 100644
--- a/WebCore/ChangeLog-2005-08-23
+++ b/WebCore/ChangeLog-2005-08-23
@@ -1,3 +1,29 @@
+2003-05-06 Maciej Stachowiak <mjs at apple.com>
+
+ Reviewed by Darin.
+
+ - fixed 3245048 - "Block Pop-Up Windows" can easily be bypassed using javascript: URLs
+
+ Closed the loophole by tracking what client redirects were
+ triggered by user actions, and making sure the script interpreter
+ knows.
+
+ * khtml/ecma/kjs_window.cpp:
+ (Window::put):
+ (WindowFunc::tryCall):
+ (Location::put):
+ (LocationFunc::tryCall):
+ * khtml/khtml_part.cpp:
+ (KHTMLPart::executeScript):
+ (KHTMLPart::clear):
+ (KHTMLPart::scheduleRedirection):
+ (KHTMLPart::slotRedirect):
+ (KHTMLPart::urlSelected):
+ * khtml/khtml_part.h:
+ * khtml/khtmlpart_p.h:
+ * kwq/WebCoreBridge.mm:
+ (-[WebCoreBridge stringByEvaluatingJavaScriptFromString:]):
+
2003-05-06 Darin Adler <darin at apple.com>
Reviewed by Ken.
diff --git a/WebCore/khtml/ecma/kjs_window.cpp b/WebCore/khtml/ecma/kjs_window.cpp
index aabaeb7..85936c3 100644
--- a/WebCore/khtml/ecma/kjs_window.cpp
+++ b/WebCore/khtml/ecma/kjs_window.cpp
@@ -760,17 +760,17 @@ void Window::put(ExecState* exec, const Identifier &propertyName, const Value &v
if (p) {
QString dstUrl = p->htmlDocument().completeURL(value.toString(exec).string()).string();
if (dstUrl.find("javascript:", 0, false) || isSafeScript(exec))
-#if APPLE_CHANGES
{
- // We want a new history item if this JS was called via a user gesture
bool userGesture = static_cast<ScriptInterpreter *>(exec->interpreter())->wasRunByUserGesture();
- m_part->scheduleRedirection(0, dstUrl, !userGesture);
- }
+#if APPLE_CHANGES
+ // We want a new history item if this JS was called via a user gesture
+ m_part->scheduleRedirection(0, dstUrl, !userGesture, userGesture);
#else
m_part->scheduleRedirection(0,
dstUrl,
- false /*don't lock history*/);
+ false /*don't lock history*/, userGesture);
#endif
+ }
}
return;
}
@@ -1246,7 +1246,8 @@ Value WindowFunc::tryCall(ExecState *exec, Object &thisObj, const List &args)
// FIXME: referrer?
while ( part->parentPart() )
part = part->parentPart();
- part->scheduleRedirection(0, url.url(), false/*don't lock history*/);
+ bool userGesture = static_cast<ScriptInterpreter *>(exec->interpreter())->wasRunByUserGesture();
+ part->scheduleRedirection(0, url.url(), false/*don't lock history*/, userGesture);
return Window::retrieve(part);
}
if ( uargs.frameName == "_parent" )
@@ -1254,7 +1255,8 @@ Value WindowFunc::tryCall(ExecState *exec, Object &thisObj, const List &args)
// FIXME: referrer?
if ( part->parentPart() )
part = part->parentPart();
- part->scheduleRedirection(0, url.url(), false/*don't lock history*/);
+ bool userGesture = static_cast<ScriptInterpreter *>(exec->interpreter())->wasRunByUserGesture();
+ part->scheduleRedirection(0, url.url(), false/*don't lock history*/, userGesture);
return Window::retrieve(part);
}
uargs.serviceType = "text/html";
@@ -1278,9 +1280,11 @@ Value WindowFunc::tryCall(ExecState *exec, Object &thisObj, const List &args)
}
}
#if APPLE_CHANGES
- if (!url.isEmpty())
+ if (!url.isEmpty()) {
+ bool userGesture = static_cast<ScriptInterpreter *>(exec->interpreter())->wasRunByUserGesture();
// FIXME: Need to pass referrer here.
- khtmlpart->scheduleRedirection(0, url.url(), false);
+ khtmlpart->scheduleRedirection(0, url.url(), false, userGesture);
+ }
#else
uargs.serviceType = QString::null;
if (uargs.frameName == "_blank")
@@ -1881,12 +1885,12 @@ void Location::put(ExecState *exec, const Identifier &p, const Value &v, int att
ObjectImp::put(exec, p, v, attr);
return;
}
+ bool userGesture = static_cast<ScriptInterpreter *>(exec->interpreter())->wasRunByUserGesture();
#if APPLE_CHANGES
// We want a new history item if this JS was called via a user gesture
- bool userGesture = static_cast<ScriptInterpreter *>(exec->interpreter())->wasRunByUserGesture();
- m_part->scheduleRedirection(0, url.url(), !userGesture);
+ m_part->scheduleRedirection(0, url.url(), !userGesture, userGesture);
#else
- m_part->scheduleRedirection(0, url.url(), false /*don't lock history*/);
+ m_part->scheduleRedirection(0, url.url(), false /*don't lock history*/, userGesture);
#endif
}
@@ -1918,13 +1922,18 @@ Value LocationFunc::tryCall(ExecState *exec, Object &thisObj, const List &args)
{
QString str = args[0].toString(exec).qstring();
KHTMLPart* p = Window::retrieveActive(exec)->part();
- if ( p )
- part->scheduleRedirection(0, p->htmlDocument().completeURL(str).string(), true /*lock history*/);
+ if ( p ) {
+ bool userGesture = static_cast<ScriptInterpreter *>(exec->interpreter())->wasRunByUserGesture();
+ part->scheduleRedirection(0, p->htmlDocument().completeURL(str).string(), true /*lock history*/, userGesture);
+ }
break;
}
case Location::Reload:
- part->scheduleRedirection(0, part->url().url(), true/*lock history*/);
+ {
+ bool userGesture = static_cast<ScriptInterpreter *>(exec->interpreter())->wasRunByUserGesture();
+ part->scheduleRedirection(0, part->url().url(), true/*lock history*/, userGesture);
break;
+ }
case Location::ToString:
return String(location->toString(exec));
}
diff --git a/WebCore/khtml/khtml_part.cpp b/WebCore/khtml/khtml_part.cpp
index b45dfac..77b2e01 100644
--- a/WebCore/khtml/khtml_part.cpp
+++ b/WebCore/khtml/khtml_part.cpp
@@ -677,15 +677,15 @@ KJSProxy *KHTMLPart::jScript()
return d->m_jscript;
}
-QVariant KHTMLPart::executeScript( const QString &script )
+QVariant KHTMLPart::executeScript( const QString &script, bool forceUserGesture )
{
- return executeScript( DOM::Node(), script );
+ return executeScript( DOM::Node(), script, forceUserGesture );
}
//Enable this to see all JS scripts being executed
//#define KJS_VERBOSE
-QVariant KHTMLPart::executeScript( const DOM::Node &n, const QString &script )
+QVariant KHTMLPart::executeScript( const DOM::Node &n, const QString &script, bool forceUserGesture )
{
#ifdef KJS_VERBOSE
kdDebug(6070) << "KHTMLPart::executeScript n=" << n.nodeName().string().latin1() << "(" << (n.isNull() ? 0 : n.nodeType()) << ") " << script << endl;
@@ -695,7 +695,10 @@ QVariant KHTMLPart::executeScript( const DOM::Node &n, const QString &script )
if (!proxy || proxy->paused())
return QVariant();
d->m_runningScripts++;
- QVariant ret = proxy->evaluate( QString::null, 0, script, n );
+ // If forceUserGesture is true, then make the script interpreter
+ // treat it as if triggered by a user gesture even if there is no
+ // current DOM event being processed.
+ QVariant ret = proxy->evaluate( forceUserGesture ? QString::null : m_url.url(), 0, script, n );
d->m_runningScripts--;
if (!d->m_runningScripts && d->m_doc && !d->m_doc->parsing() && d->m_submitForm )
submitFormAgain();
@@ -986,6 +989,7 @@ void KHTMLPart::clear()
d->m_delayRedirect = 0;
d->m_redirectURL = QString::null;
d->m_redirectLockHistory = true;
+ d->m_redirectUserGesture = false;
d->m_bHTTPRefresh = false;
d->m_bClearing = false;
d->m_frameNameId = 1;
@@ -1823,7 +1827,7 @@ KURL KHTMLPart::completeURL( const QString &url )
return KURL( d->m_doc->completeURL( url ) );
}
-void KHTMLPart::scheduleRedirection( double delay, const QString &url, bool doLockHistory )
+void KHTMLPart::scheduleRedirection( double delay, const QString &url, bool doLockHistory, bool userGesture )
{
kdDebug(6050) << "KHTMLPart::scheduleRedirection delay=" << delay << " url=" << url << endl;
if (delay < 0 || delay > INT_MAX / 1000)
@@ -1834,6 +1838,7 @@ void KHTMLPart::scheduleRedirection( double delay, const QString &url, bool doLo
d->m_delayRedirect = delay;
d->m_redirectURL = url;
d->m_redirectLockHistory = doLockHistory;
+ d->m_redirectUserGesture = userGesture;
if ( d->m_bComplete ) {
d->m_redirectionTimer.stop();
d->m_redirectionTimer.start( (int)(1000 * d->m_delayRedirect), true );
@@ -1882,7 +1887,7 @@ void KHTMLPart::slotRedirect()
{
QString script = KURL::decode_string( u.right( u.length() - 11 ) );
//kdDebug( 6050 ) << "KHTMLPart::slotRedirect script=" << script << endl;
- QVariant res = executeScript( script );
+ QVariant res = executeScript( script, d->m_redirectUserGesture );
if ( res.type() == QVariant::String ) {
begin( url() );
write( res.asString() );
@@ -2476,7 +2481,7 @@ void KHTMLPart::urlSelected( const QString &url, int button, int state, const QS
if ( url.find( QString::fromLatin1( "javascript:" ), 0, false ) == 0 )
{
- executeScript( KURL::decode_string( url.right( url.length() - 11) ) );
+ executeScript( KURL::decode_string( url.right( url.length() - 11) ), true );
return;
}
diff --git a/WebCore/khtml/khtml_part.h b/WebCore/khtml/khtml_part.h
index 2ecb226..18d2efa 100644
--- a/WebCore/khtml/khtml_part.h
+++ b/WebCore/khtml/khtml_part.h
@@ -270,11 +270,11 @@ public:
* and the code returned true itself or @p false otherwise.
* @deprecated, use the one below.
*/
- QVariant executeScript( const QString &script );
+ QVariant executeScript( const QString &script, bool forceUserGesture = false );
/**
* Same as above except the Node parameter specifying the 'this' value.
*/
- QVariant executeScript( const DOM::Node &n, const QString &script );
+ QVariant executeScript( const DOM::Node &n, const QString &script, bool forceUserGesture = false );
/**
* Enables or disables Drag'n'Drop support. A drag operation is started if
@@ -370,7 +370,7 @@ public:
* Schedules a redirection after @p delay seconds.
* Note that this is used for JavaScript-triggered location changes as well.
*/
- void scheduleRedirection( double delay, const QString &url, bool lockHistory = true );
+ void scheduleRedirection( double delay, const QString &url, bool lockHistory = true, bool userGesture = false );
/**
* Schedules a history navigation operation (go forward, go back, etc.).
diff --git a/WebCore/khtml/khtmlpart_p.h b/WebCore/khtml/khtmlpart_p.h
index e3c6a85..7e60bc8 100644
--- a/WebCore/khtml/khtmlpart_p.h
+++ b/WebCore/khtml/khtmlpart_p.h
@@ -272,7 +272,8 @@ public:
bool m_bHTTPRefresh:1;
bool m_onlyLocalReferences :1;
bool m_redirectLockHistory:1;
-
+ bool m_redirectUserGesture:1;
+
KURL m_workingURL;
KIO::CacheControl m_cachePolicy;
diff --git a/WebCore/kwq/WebCoreBridge.mm b/WebCore/kwq/WebCoreBridge.mm
index 75c0779..6becf03 100644
--- a/WebCore/kwq/WebCoreBridge.mm
+++ b/WebCore/kwq/WebCoreBridge.mm
@@ -764,7 +764,7 @@ static HTMLFormElementImpl *formElementFromDOMElement(id <WebDOMElement>element)
- (NSString *)stringByEvaluatingJavaScriptFromString:(NSString *)string
{
_part->createEmptyDocument();
- return _part->executeScript(QString::fromNSString(string)).asString().getNSString();
+ return _part->executeScript(QString::fromNSString(string), true).asString().getNSString();
}
- (id<WebDOMDocument>)DOMDocument
--
WebKit Debian packaging
More information about the Pkg-webkit-commits
mailing list