[prev in list] [next in list] [prev in thread] [next in thread]
List: kde-commits
Subject: KDE/kdelibs/khtml
From: Maks Orlovich <maksim () kde ! org>
Date: 2010-11-12 6:19:28
Message-ID: 20101112061928.84110AC89E () svn ! kde ! org
[Download RAW message or body]
SVN commit 1195849 by orlovich:
Finish up postMessage:
- Do the actual event dispatch, now we can check its safety
- Actually activate the JS binding for MessageEvent
- Keep track of the source.
Used by disqus...
BUG: 247775
M +31 -7 ecma/kjs_data.cpp
M +6 -1 ecma/kjs_data.h
M +7 -1 ecma/kjs_events.cpp
M +1 -1 ecma/kjs_window.cpp
M +13 -1 xml/dom2_eventsimpl.cpp
M +5 -2 xml/dom2_eventsimpl.h
M +9 -2 xml/dom_nodeimpl.cpp
M +1 -0 xml/dom_nodeimpl.h
--- trunk/KDE/kdelibs/khtml/ecma/kjs_data.cpp #1195848:1195849
@@ -16,13 +16,16 @@
* License along with this library; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*/
+#include "khtml_part.h"
#include "kjs_data.h"
#include <dom/dom_exception.h>
-
#include <kjs/array_instance.h>
#include <QSet>
+using namespace DOM;
+using namespace khtml;
+
namespace KJS {
// HTML5 deep copy algorithm, as described in "2.7.5 Safe passing of structured \
data" @@ -127,10 +130,11 @@
}
//------------------------------------------------------------------------------
-DelayedPostMessage::DelayedPostMessage(const QString& _sourceOrigin,
+DelayedPostMessage::DelayedPostMessage(KHTMLPart* _source,
+ const QString& _sourceOrigin,
const QString& _targetOrigin,
JSValue* _payload):
- sourceOrigin(_sourceOrigin), targetOrigin(_targetOrigin), payload(_payload)
+ source(_source), sourceOrigin(_sourceOrigin), targetOrigin(_targetOrigin), \
payload(_payload) {}
void DelayedPostMessage::mark()
@@ -143,19 +147,39 @@
{
KHTMLPart* part = qobject_cast<KHTMLPart*>(w->part());
DOM::DocumentImpl* doc = part ? \
static_cast<DOM::DocumentImpl*>(part->document().handle()) : 0;
- kDebug(6070) << doc << targetOrigin;
- if (doc) {
+ KJSProxy* js = part ? KJSProxy::proxy(part) : 0;
+
+ kDebug(6070) << doc << js << sourceOrigin << targetOrigin;
+ if (doc && js) {
// Verify destination.
bool safe = false;
if (targetOrigin == QLatin1String("*")) {
safe = true;
} else {
- KUrl targetUrl(targetOrigin);
- kDebug(6070) << doc->origin()->toString();
+ RefPtr<SecurityOrigin> targetCtx =
+ SecurityOrigin::createFromString(targetOrigin);
+ safe = doc->origin()->isSameSchemeHostPort(targetCtx.get());
}
if (safe) {
+ RefPtr<MessageEventImpl> msg = new MessageEventImpl();
+ DOM::MessageEventImpl::Data* data =
+ encapsulateMessageEventData(js->interpreter()->globalExec(),
+ js->interpreter(), payload);
+
+ msg->initMessageEvent("message",
+ false, false, // doesn't bubble or cancel
+ data,
+ sourceOrigin,
+ DOMString(), // lastEventId -- not here
+ source.data());
+ doc->dispatchWindowEvent(msg.get());
+ } else {
+ kWarning(6070) << "PostMessage XSS check failed;"
+ << "target mask:" << targetOrigin
+ << "actual:" << doc->origin()->toString()
+ << "source:" << sourceOrigin;
}
}
--- trunk/KDE/kdelibs/khtml/ecma/kjs_data.h #1195848:1195849
@@ -22,6 +22,10 @@
#include "kjs_window.h"
#include "xml/dom2_eventsimpl.h"
+class KHTMLPart;
+
+#include <QWeakPointer>
+
namespace KJS {
/*
@@ -54,7 +58,7 @@
class DelayedPostMessage: public Window::DelayedAction
{
public:
- DelayedPostMessage(const QString& _sourceOrigin, const QString& _targetOrigin, \
JSValue* _payload); + DelayedPostMessage(KHTMLPart* source, const QString& \
_sourceOrigin, const QString& _targetOrigin, JSValue* _payload);
virtual void mark();
virtual bool execute(Window*);
@@ -62,6 +66,7 @@
QString sourceOrigin;
QString targetOrigin;
JSValue* payload;
+ QWeakPointer<KHTMLPart> source;
};
}
--- trunk/KDE/kdelibs/khtml/ecma/kjs_events.cpp #1195848:1195849
@@ -3,6 +3,7 @@
* This file is part of the KDE libraries
* Copyright (C) 2001 Peter Kelly (pmk@post.com)
* Copyright (C) 2003 Apple Computer, Inc.
+ * Copyright (C) 2006, 2009, 2010 Maksim Orlovich (maksim@kde.org)
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Library General Public
@@ -380,6 +381,8 @@
ret = new DOMUIEvent(exec, static_cast<DOM::UIEventImpl*>(ei));
else if (ei->isMutationEvent())
ret = new DOMMutationEvent(exec, static_cast<DOM::MutationEventImpl*>(ei));
+ else if (ei->isMessageEvent())
+ ret = new DOMMessageEvent(exec, static_cast<DOM::MessageEventImpl*>(ei));
else
ret = new DOMEvent(exec, ei);
@@ -1057,7 +1060,10 @@
case LastEventId:
return jsString(event.lastEventId());
case Source:
- return Window::retrieve(event.source());
+ if (KHTMLPart* p = event.source())
+ return Window::retrieve(p);
+ else
+ return jsNull();
default:
kDebug(6070) << "WARNING: Unhandled token in DOMMessageEvent::getValueProperty : \
" << token; return 0;
--- trunk/KDE/kdelibs/khtml/ecma/kjs_window.cpp #1195848:1195849
@@ -2065,7 +2065,7 @@
JSValue* payload = cloneData(exec, args[0]);
// Queue the actual action, for after script execution.
- window->m_delayed.append(new DelayedPostMessage(sourceOrigin, targetOrigin, \
payload)); + window->m_delayed.append(new DelayedPostMessage(part, \
sourceOrigin, targetOrigin, payload)); }
};
--- trunk/KDE/kdelibs/khtml/xml/dom2_eventsimpl.cpp #1195848:1195849
@@ -33,6 +33,7 @@
#include "misc/translator.h"
#include <rendering/render_layer.h>
#include <khtmlview.h>
+#include <khtml_part.h>
#include <QtGui/QActionEvent>
#include <kdebug.h>
@@ -404,6 +405,11 @@
return false;
}
+bool EventImpl::isMessageEvent() const
+{
+ return false;
+}
+
// -----------------------------------------------------------------------------
UIEventImpl::UIEventImpl(EventId _id, bool canBubbleArg, bool cancelableArg,
@@ -1046,9 +1052,15 @@
// -----------------------------------------------------------------------------
-MessageEventImpl::MessageEventImpl(): m_source(0)
+MessageEventImpl::MessageEventImpl()
{}
+
+bool MessageEventImpl::isMessageEvent() const
+{
+ return true;
+}
+
void MessageEventImpl::initMessageEvent(const DOMString& typeArg,
bool canBubbleArg,
bool cancelableArg,
--- trunk/KDE/kdelibs/khtml/xml/dom2_eventsimpl.h #1195848:1195849
@@ -30,6 +30,7 @@
#include "xml/dom2_viewsimpl.h"
#include "misc/idstring.h"
#include <QDateTime>
+#include <QWeakPointer>
#undef FOCUS_EVENT //for win32
@@ -222,6 +223,7 @@
virtual bool isMutationEvent() const;
virtual bool isTextInputEvent() const;
virtual bool isKeyboardEvent() const;
+ virtual bool isMessageEvent() const;
bool isKeyRelatedEvent() const { return isTextInputEvent() || isKeyboardEvent(); \
}
bool propagationStopped() const { return m_propagationStopped; }
@@ -592,7 +594,7 @@
RefPtr<Data> data() const { return m_data; }
DOMString origin() const { return m_origin; }
- KHTMLPart* source() const { return m_source; }
+ KHTMLPart* source() const { return m_source.data(); }
DOMString lastEventId() const { return m_lastEventId; }
MessageEventImpl();
@@ -604,11 +606,12 @@
const DOMString& originArg,
const DOMString& lastEventIdArg,
KHTMLPart* sourceArg); // no message ports yet.
+ virtual bool isMessageEvent() const;
private:
RefPtr<Data> m_data;
DOMString m_origin;
DOMString m_lastEventId;
- KHTMLPart* m_source;
+ QWeakPointer<KHTMLPart> m_source;
};
} //namespace
--- trunk/KDE/kdelibs/khtml/xml/dom_nodeimpl.cpp #1195848:1195849
@@ -523,18 +523,25 @@
return ret;
}
+
void NodeImpl::dispatchWindowEvent(int _id, bool canBubbleArg, bool cancelableArg)
{
+ EventImpl* const evt = new \
EventImpl(static_cast<EventImpl::EventId>(_id),canBubbleArg,cancelableArg); + \
dispatchWindowEvent(evt); +}
+
+void NodeImpl::dispatchWindowEvent(EventImpl* evt)
+{
DocumentImpl *doc = document();
doc->ref();
int exceptioncode = 0;
- EventImpl* const evt = new \
EventImpl(static_cast<EventImpl::EventId>(_id),canBubbleArg,cancelableArg); +
evt->setTarget( doc->windowEventTarget() );
evt->ref();
dispatchGenericEvent( evt, exceptioncode );
- if (_id == EventImpl::LOAD_EVENT) {
+ if (evt->id() == EventImpl::LOAD_EVENT) {
// Trigger Load Event on the enclosing frame if there is one
DOM::HTMLPartContainerElementImpl* elt = doc->ownerElement();
if (elt)
--- trunk/KDE/kdelibs/khtml/xml/dom_nodeimpl.h #1195848:1195849
@@ -303,6 +303,7 @@
// Window events are special in that they're only dispatched on Window, and not
// the current node.
void dispatchWindowEvent(int _id, bool canBubbleArg, bool cancelableArg);
+ void dispatchWindowEvent(EventImpl* evt);
void dispatchMouseEvent(QMouseEvent *e, int overrideId = 0, int overrideDetail = \
0); void dispatchUIEvent(int _id, int detail = 0);
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic