Google Git
Sign in
webkit / WebKit / 0941e88434d84b221b296b216655e449c04052eb
commit0941e88434d84b221b296b216655e449c04052eb[log] [tgz]
authorcommit-queue@webkit.org <commit-queue@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>Fri Nov 16 23:30:31 2012 +0000
committercommit-queue@webkit.org <commit-queue@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>Fri Nov 16 23:30:31 2012 +0000
tree5278c8e8624bdfa4c09c726a699d0639d07e5781
parent3f8a8886ebc679c0730ed966b5ff91adb8155691 [diff]
[JSC] Don't sanitize window.onerror information on crossorigin-enabled scripts
https://bugs.webkit.org/show_bug.cgi?id=70574

Patch by Pablo Flouret <pablof@motorola.com> on 2012-11-16
Reviewed by Geoffrey Garen.

Source/WebCore:

For scripts that use CORS (via the crossorigin attribute in this case),
don't sanitize the information passed to the window's onerror handler (i.e.
message, url, and line number). Useful for scripts hosted on CDNs.

Tests: http/tests/security/script-crossorigin-onerror-information.html
       http/tests/security/script-no-crossorigin-onerror-should-be-sanitized.html

* WebCore.exp.in:
* WebCore.order:

* bindings/js/JSDOMBinding.cpp:
(WebCore::reportException):
* bindings/js/JSDOMBinding.h:
(WebCore):
* bindings/js/ScriptController.cpp:
(WebCore::ScriptController::evaluateInWorld):
* bindings/js/ScriptSourceCode.h:
(WebCore::ScriptSourceCode::ScriptSourceCode):
(WebCore::ScriptSourceCode::cachedScript):
(ScriptSourceCode):
* bindings/js/WorkerScriptController.cpp:
(WebCore::WorkerScriptController::evaluate):
    Keep a reference to the cached script in the ScriptSourceCode, so
    that it can be passed around and be available when reporting the
    exception.

* dom/ScriptExecutionContext.cpp:
(WebCore::ScriptExecutionContext::sanitizeScriptError):
(WebCore::ScriptExecutionContext::reportException):
(WebCore::ScriptExecutionContext::dispatchErrorEvent):
* dom/ScriptExecutionContext.h:
(WebCore):
(ScriptExecutionContext):
    Check if the script passes the access control checks, and if so,
    don't sanitize the error information.

* html/parser/HTMLPreloadScanner.cpp:
(WebCore::PreloadTask::processAttributes):
(WebCore::PreloadTask::preload):
(PreloadTask):
(WebCore::PreloadTask::crossOriginModeAllowsCookies):
    When preloading script elements, check for the crossorigin attribute
    and adjust the request's allowCookies value accordingly. Otherwise
    when the script is loaded from the cache later on, the cross origin mode
    (anonymous/use-credentials) will be effectively ignored.

LayoutTests:

* http/tests/security/resources/cors-script.php:
* http/tests/security/script-crossorigin-onerror-information-expected.txt: Added.
* http/tests/security/script-crossorigin-onerror-information.html: Added.
* http/tests/security/script-no-crossorigin-onerror-should-be-sanitized-expected.txt: Added.
* http/tests/security/script-no-crossorigin-onerror-should-be-sanitized.html: Added.

* platform/chromium/TestExpectations:
    This patch only deals with JSC right now, skip the new tests.

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@135009 268f45cc-cd09-0410-ab3c-d52691b4dbfc
18 files changed
tree: 5278c8e8624bdfa4c09c726a699d0639d07e5781
  1. Examples/
  2. LayoutTests/
  3. ManualTests/
  4. PerformanceTests/
  5. Source/
  6. Tools/
  7. WebKit.xcworkspace/
  8. WebKitLibraries/
  9. Websites/
  10. .dir-locals.el
  11. .gitattributes
  12. .gitignore
  13. .qmake.conf
  14. autogen.sh
  15. ChangeLog
  16. ChangeLog-2012-05-22
  17. CMakeLists.txt
  18. configure.ac
  19. GNUmakefile.am
  20. Makefile
  21. Makefile.shared
  22. WebKit.pro
  23. wscript