JS security and enumerating a Window
Koos Vriezen
koos.vriezen at xs4all.nl
Fri Oct 25 16:44:27 BST 2002
On Fri, 25 Oct 2002, David Faure wrote:
> On Friday 25 October 2002 16:35, Koos Vriezen wrote:
> >
> > diff -u -3 -p -r1.282 kjs_window.cpp
> > --- ecma/kjs_window.cpp 2002/10/24 17:05:01 1.282
> > +++ ecma/kjs_window.cpp 2002/10/25 14:31:23
> > @@ -1531,6 +1531,9 @@ Value FrameArray::get(ExecState *exec, c
> > // Therefore we have to be a bit careful with memory managment.
> > if (frame && frame->inherits("KHTMLPart")) {
> > KHTMLPart *khtml = static_cast<KHTMLPart*>(frame);
> > + Window* window = Window::retrieveWindow( khtml );
> > + if (!window->isSafeScript(exec))
> > + return Undefined();
> > return Window::retrieve(khtml);
> > }
> > does reject enumerating this frame.
>
> Looks good, although I'd use window for speed reasons.
> So that would be simply "return window" (implicitly: return Value(window)).
GCC 3.2 doesn't like this implicitly conversion:
In file included from kjs_html_la.all_cpp.cpp:5:
kjs_window.cpp: In member function `virtual KJS::Value
KJS::FrameArray::get(KJS::ExecState*, const KJS::UString&) const':
kjs_window.cpp:1539: conversion from `KJS::Window*' to non-scalar type `
KJS::Value' requested
> > > In my attempt to add something like this in Window::isSafeScript before
> > > returning false (there is no SecurityError in kjs/object.h)
> > > Object err = Error::create(exec, GeneralError);
> > > exec->setException(err);
> >
> > Shouldn't JS throw a security exception like above (adding a SecurityError
> > in kjs/object.h as well).
>
> Sounds good to me. Big change to kjs_window.cpp, but should be rather safe.
Made two patches, either we go for the jssecurity.diff and don't introduce
a SecurityError in kjs or apply kjssecurity.diff and change the
jssecurity.diff to make a SecurityError instead.
Koos
-------------- next part --------------
Index: ecma/kjs_window.cpp
===================================================================
RCS file: /home/kde/kdelibs/khtml/ecma/kjs_window.cpp,v
retrieving revision 1.282
diff -u -3 -p -r1.282 kjs_window.cpp
--- ecma/kjs_window.cpp 2002/10/24 17:05:01 1.282
+++ ecma/kjs_window.cpp 2002/10/25 15:35:45
@@ -906,6 +906,8 @@ bool Window::isSafeScript(ExecState *exe
return true;
kdWarning(6070) << "Javascript: access denied for current frame '" << actDomain.string() << "' to frame '" << thisDomain.string() << "'" << endl;
+ Object err = Error::create(exec, GeneralError, "Access denied");
+ exec->setException(err);
return false;
}
@@ -1531,7 +1533,10 @@ Value FrameArray::get(ExecState *exec, c
// Therefore we have to be a bit careful with memory managment.
if (frame && frame->inherits("KHTMLPart")) {
KHTMLPart *khtml = static_cast<KHTMLPart*>(frame);
- return Window::retrieve(khtml);
+ Window* window = Window::retrieveWindow( khtml );
+ if (window && !window->isSafeScript(exec))
+ return Undefined();
+ return Value(window);
}
return ObjectImp::get(exec, p);
-------------- next part --------------
Index: object.cpp
===================================================================
RCS file: /home/kde/kdelibs/kjs/object.cpp,v
retrieving revision 1.102
diff -u -3 -p -r1.102 object.cpp
--- object.cpp 2002/09/24 21:21:48 1.102
+++ object.cpp 2002/10/25 15:37:30
@@ -630,6 +630,7 @@ const char * const errorNamesArr[] = {
I18N_NOOP("Syntax error"), // SyntaxError
I18N_NOOP("Type error"), // TypeError
I18N_NOOP("URI error"), // URIError
+ I18N_NOOP("Security error"), // SecurityError
};
const char * const * const Error::errorNames = errorNamesArr;
Index: object.h
===================================================================
RCS file: /home/kde/kdelibs/kjs/object.h,v
retrieving revision 1.76
diff -u -3 -p -r1.76 object.h
--- object.h 2002/08/01 14:54:22 1.76
+++ object.h 2002/10/25 15:37:30
@@ -582,7 +582,8 @@ namespace KJS {
ReferenceError = 3,
SyntaxError = 4,
TypeError = 5,
- URIError = 6};
+ URIError = 6,
+ SecurityError = 7};
/**
* @short Factory methods for error objects.
More information about the kfm-devel
mailing list