Mirrors/servo
1
0
Fork 0
mirror of https://github.com/servo/servo.git synced 2025-08-06 14:10:11 +01:00
Code Issues Projects Releases Packages Wiki Activity

frames override is the worst

Browse source
This commit is contained in:
ddh 2017-05-17 23:13:39 +01:00
parent 0316a0def6
commit 0d9d5b33d5
3 changed files with 33 additions and 33 deletions
Download patch file Download diff file Expand all files Collapse all files

40
components/script/dom/bindings/utils.rs
View file

@ -45,6 +45,12 @@ use std::ptr;
use std::slice; use std::slice;
use std::str; use std::str;
use dom::bindings::codegen::Bindings::DOMExceptionBinding::DOMExceptionBinding::DOMExceptionMethods; use dom::bindings::codegen::Bindings::DOMExceptionBinding::DOMExceptionBinding::DOMExceptionMethods;
use js::glue::SetIsFrameIdCallback;
use js::jsapi::jsid;
use js::jsapi::RootedId;
use js::rust::is_window;
use dom::bindings::codegen::Bindings::WindowBinding::WindowBinding::WindowMethods;
use dom::bindings::codegen::Bindings::DissimilarOriginWindowBinding::DissimilarOriginWindowBinding::DissimilarOriginWindowMethods;
/// Proxy handler for a WindowProxy. /// Proxy handler for a WindowProxy.
pub struct WindowProxyHandler(pub *const libc::c_void); pub struct WindowProxyHandler(pub *const libc::c_void);
@ -91,14 +97,6 @@ unsafe fn identify_cross_origin_object(obj: HandleObject) -> CrossOriginObjectTy
let obj = UncheckedUnwrapObject(obj.get(), /* stopAtWindowProxy = */ 0); let obj = UncheckedUnwrapObject(obj.get(), /* stopAtWindowProxy = */ 0);
let obj_class = JS_GetClass(obj); let obj_class = JS_GetClass(obj);
let name = str::from_utf8(CStr::from_ptr((*obj_class).name).to_bytes()).unwrap().to_owned(); let name = str::from_utf8(CStr::from_ptr((*obj_class).name).to_bytes()).unwrap().to_owned();
println!("{}, {:?}", name, obj);
//FIXME eeeek
if &*name == "DOMException" {
let mut ptr = JS_GetReservedSlot(obj, 0).to_private() as *mut DOMException;
let exception = &*ptr;
println!("DOMException: {:?}", exception.Message());
return CrossOriginObjectType::CrossOriginLocation;
}
match &*name { match &*name {
"Location" => CrossOriginObjectType::CrossOriginLocation, "Location" => CrossOriginObjectType::CrossOriginLocation,
"Window" => CrossOriginObjectType::CrossOriginWindow, "Window" => CrossOriginObjectType::CrossOriginWindow,
@ -152,16 +150,13 @@ pub unsafe extern fn subsumes(obj: *mut JSPrincipals, other: *mut JSPrincipals)
unsafe fn select_wrapper(cx: *mut JSContext, obj: HandleObject) -> *const libc::c_void { unsafe fn select_wrapper(cx: *mut JSContext, obj: HandleObject) -> *const libc::c_void {
let security_wrapper = !target_subsumes_obj(cx, obj); let security_wrapper = !target_subsumes_obj(cx, obj);
if !security_wrapper { if !security_wrapper {
println!("CCW");
return GetCrossCompartmentWrapper() return GetCrossCompartmentWrapper()
}; };
if identify_cross_origin_object(obj) != CrossOriginObjectType::CrossOriginOpaque { if identify_cross_origin_object(obj) != CrossOriginObjectType::CrossOriginOpaque {
println!("XOW");
return get_cross_origin_wrapper(); return get_cross_origin_wrapper();
}; };
println!("opaque");
get_opaque_wrapper() get_opaque_wrapper()
} }
@ -500,16 +495,37 @@ unsafe extern "C" fn wrap(cx: *mut JSContext,
unsafe extern "C" fn throw_dom_exception_callback(cx: *mut JSContext) { unsafe extern "C" fn throw_dom_exception_callback(cx: *mut JSContext) {
//TODO it might not always be a SecurityError? //TODO it might not always be a SecurityError?
println!("throw dom exception callback");
throw_dom_exception(cx, &GlobalScope::from_context(cx), Error::Security); throw_dom_exception(cx, &GlobalScope::from_context(cx), Error::Security);
} }
unsafe extern "C" fn is_frame_id(cx: *mut JSContext, obj: *mut JSObject, id_arg: jsid) -> bool {
println!("is frame id");
/*if IsWrapper(obj) {
return false;
}
//let id = RootedId{_base: cx, ptr: idArg};
//will this work for window and dissimilaroriginwindow? probs not
if !is_window(obj) {
return false;
}
let win = obj as Window;
let col = win.Frames();
println!("{:?}", col);
//let clasp = get_object_class(obj);
//let name = str::from_utf8(CStr::from_ptr((*clasp).name).to_bytes()).unwrap().to_owned();
//println!("{:?}", name);*/
false
}
unsafe extern "C" fn pre_wrap(cx: *mut JSContext, unsafe extern "C" fn pre_wrap(cx: *mut JSContext,
_existing: HandleObject, _existing: HandleObject,
obj: HandleObject, obj: HandleObject,
_object_passed_to_wrap: HandleObject) _object_passed_to_wrap: HandleObject)
-> *mut JSObject { -> *mut JSObject {
SetThrowDOMExceptionCallback(Some(throw_dom_exception_callback)); SetThrowDOMExceptionCallback(Some(throw_dom_exception_callback));
SetIsFrameIdCallback(Some(is_frame_id));
let _ac = JSAutoCompartment::new(cx, obj.get()); let _ac = JSAutoCompartment::new(cx, obj.get());
let obj = ToWindowProxyIfWindow(obj.get()); let obj = ToWindowProxyIfWindow(obj.get());
assert!(!obj.is_null()); assert!(!obj.is_null());

2
components/script/dom/dissimilaroriginwindow.rs
View file

@ -84,7 +84,7 @@ impl DissimilarOriginWindowMethods for DissimilarOriginWindow {
// https://html.spec.whatwg.org/multipage/#dom-frames // https://html.spec.whatwg.org/multipage/#dom-frames
fn Frames(&self) -> Root<BrowsingContext> { fn Frames(&self) -> Root<BrowsingContext> {
println!("calling frames"); println!("calling cross origin frames");
Root::from_ref(&*self.browsing_context) Root::from_ref(&*self.browsing_context)
} }

24
tests/wpt/web-platform-tests/html/browsers/origin/cross-origin-objects/cross-origin-objects.html
View file

@ -57,30 +57,14 @@ addTest(function() {
assert_equals(location.hostname, host_info.ORIGINAL_HOST, 'Need to run the top-level test from domain ' + host_info.ORIGINAL_HOST); assert_equals(location.hostname, host_info.ORIGINAL_HOST, 'Need to run the top-level test from domain ' + host_info.ORIGINAL_HOST);
assert_equals(get_port(location), host_info.HTTP_PORT, 'Need to run the top-level test from port ' + host_info.HTTP_PORT); assert_equals(get_port(location), host_info.HTTP_PORT, 'Need to run the top-level test from port ' + host_info.HTTP_PORT);
assert_equals(B.parent, window, "window.parent works same-origin"); assert_equals(B.parent, window, "window.parent works same-origin");
//assert_equals(C.parent, window, "window.parent works cross-origin"); assert_equals(C.parent, window, "window.parent works cross-origin");
assert_equals(B.location.pathname, path, "location.href works same-origin"); assert_equals(B.location.pathname, path, "location.href works same-origin");
//TODO do document.write and console.log have same behavior? //TODO do document.write and console.log have same behavior?
try {
console.log("C.location.pathname should throw");
console.log(C.location.pathname); //permission denied to unwrap object
} catch(err) {
console.log(err); //ok it's getting that it's a security error, but not reading it right for the asssert
}
//console.log(C.location.pathname); //console.log(C.location.pathname);
//assert_throws("SecurityError", function() { C.location.pathname; }, "location.pathname throws cross-origin"); assert_throws("SecurityError", function() { C.location.pathname; }, "location.pathname throws cross-origin");
try {
console.log("B.frames: override");
console.log(B.frames);
} catch(err) {
console.log(err);
}
assert_equals(B.frames, 'override', "Overrides visible in the same-origin case"); assert_equals(B.frames, 'override', "Overrides visible in the same-origin case");
try { console.log("C.frames");
console.log("C.frames should throw"); console.log(C.frames);
console.log(C.frames);
} catch(err) {
console.log(err);
}
//assert_equals(C.frames, C, "Overrides invisible in the cross-origin case"); //assert_equals(C.frames, C, "Overrides invisible in the cross-origin case");
}, "Basic sanity-checking"); }, "Basic sanity-checking");