Merge "apply essential security patches"

author: Cary Clark <cary@android.com> 2011-02-16 07:56:22 -0800
committer: Android (Google) Code Review <android-gerrit@google.com> 2011-02-16 07:56:22 -0800
commit: ab420739ed8c917b526cbe0823415288df13baf8 (patch)
tree: 7cbd1d85cb1600567c3d412ce63e86a03bd75523
parent: 944d70ebdb065af6f4c2438f418c7defb18a3aee (diff)
parent: 35d2bd6c7e3a089eb4a8d6e074f53a13f471289e (diff)
download: external_webkit-ab420739ed8c917b526cbe0823415288df13baf8.zip
external_webkit-ab420739ed8c917b526cbe0823415288df13baf8.tar.gz
external_webkit-ab420739ed8c917b526cbe0823415288df13baf8.tar.bz2
6 files changed, 49 insertions, 11 deletions
diff --git a/WebCore/page/DOMWindow.cpp b/WebCore/page/DOMWindow.cpp
index 22e1355..17b4c3d 100644
--- a/WebCore/page/DOMWindow.cpp
+++ b/WebCore/page/DOMWindow.cpp
@@ -867,7 +867,7 @@ void DOMWindow::blur()
     page->chrome()->unfocus();
 }
 
-void DOMWindow::close()
+void DOMWindow::close(ScriptExecutionContext* context)
 {
     if (!m_frame)
         return;
@@ -879,6 +879,16 @@ void DOMWindow::close()
     if (m_frame != page->mainFrame())
         return;
 
+    if (context) {
+        ASSERT(WTF::isMainThread());
+        Frame* activeFrame = static_cast<Document*>(context)->frame();
+        if (!activeFrame)
+            return;
+
+        if (!activeFrame->loader()->shouldAllowNavigation(m_frame))
+            return;
+    }
+
     Settings* settings = m_frame->settings();
     bool allowScriptsToCloseWindows = settings && settings->allowScriptsToCloseWindows();
 
diff --git a/WebCore/page/DOMWindow.h b/WebCore/page/DOMWindow.h
index 68b21ff..d0a6cce 100644
--- a/WebCore/page/DOMWindow.h
+++ b/WebCore/page/DOMWindow.h
@@ -147,7 +147,7 @@ namespace WebCore {
 
         void focus();
         void blur();
-        void close();
+        void close(ScriptExecutionContext* = 0);
         void print();
         void stop();
 
diff --git a/WebCore/page/DOMWindow.idl b/WebCore/page/DOMWindow.idl
index 602289b..fe12287 100644
--- a/WebCore/page/DOMWindow.idl
+++ b/WebCore/page/DOMWindow.idl
@@ -65,7 +65,7 @@ module window {
 
         [DoNotCheckDomainSecurity] void focus();
         [DoNotCheckDomainSecurity] void blur();
-        [DoNotCheckDomainSecurity] void close();
+        [DoNotCheckDomainSecurity, CallWith=ScriptExecutionContext] void close();
 
         void print();
         void stop();
diff --git a/WebCore/page/History.cpp b/WebCore/page/History.cpp
index 95b1350..f0a75fe 100644
--- a/WebCore/page/History.cpp
+++ b/WebCore/page/History.cpp
@@ -27,6 +27,7 @@
 #include "History.h"
 
 #include "BackForwardController.h"
+#include "Document.h"
 #include "ExceptionCode.h"
 #include "Frame.h"
 #include "FrameLoader.h"
@@ -62,22 +63,44 @@ unsigned History::length() const
 
 void History::back()
 {
-    if (!m_frame)
-        return;
-    m_frame->navigationScheduler()->scheduleHistoryNavigation(-1);
+    go(-1);
+}
+
+void History::back(ScriptExecutionContext* context)
+{
+    go(context, -1);
 }
 
 void History::forward()
 {
+    go(1);
+}
+
+void History::forward(ScriptExecutionContext* context)
+{
+    go(context, 1);
+}
+
+void History::go(int distance)
+{
     if (!m_frame)
         return;
-    m_frame->navigationScheduler()->scheduleHistoryNavigation(1);
+    m_frame->navigationScheduler()->scheduleHistoryNavigation(distance);
 }
 
-void History::go(int distance)
+void History::go(ScriptExecutionContext* context, int distance)
 {
     if (!m_frame)
         return;
+
+    ASSERT(WTF::isMainThread());
+    Frame* activeFrame = static_cast<Document*>(context)->frame();
+    if (!activeFrame)
+        return;
+
+    if (!activeFrame->loader()->shouldAllowNavigation(m_frame))
+        return;
+
     m_frame->navigationScheduler()->scheduleHistoryNavigation(distance);
 }
 
diff --git a/WebCore/page/History.h b/WebCore/page/History.h
index e885847..9ec1914 100644
--- a/WebCore/page/History.h
+++ b/WebCore/page/History.h
@@ -34,6 +34,7 @@
 namespace WebCore {
 
 class Frame;
+class ScriptExecutionContext;
 class SerializedScriptValue;
 typedef int ExceptionCode;
 
@@ -49,6 +50,10 @@ public:
     void forward();
     void go(int distance);
 
+    void back(ScriptExecutionContext*);
+    void forward(ScriptExecutionContext*);
+    void go(ScriptExecutionContext*, int distance);
+
     enum StateObjectType {
         StateObjectPush,
         StateObjectReplace
diff --git a/WebCore/page/History.idl b/WebCore/page/History.idl
index d1be5ae..d8eac60 100644
--- a/WebCore/page/History.idl
+++ b/WebCore/page/History.idl
@@ -37,9 +37,9 @@ module window {
     ] History {
         readonly attribute unsigned long length;
 
-        [DoNotCheckDomainSecurity] void back();
-        [DoNotCheckDomainSecurity] void forward();
-        [DoNotCheckDomainSecurity] void go(in long distance);
+        [DoNotCheckDomainSecurity, CallWith=ScriptExecutionContext] void back();
+        [DoNotCheckDomainSecurity, CallWith=ScriptExecutionContext] void forward();
+        [DoNotCheckDomainSecurity, CallWith=ScriptExecutionContext] void go(in long distance);
         
         [Custom, EnabledAtRuntime] void pushState(in any data, in DOMString title, in optional DOMString url)
             raises(DOMException);
author	Cary Clark <cary@android.com>	2011-02-16 07:56:22 -0800
committer	Android (Google) Code Review <android-gerrit@google.com>	2011-02-16 07:56:22 -0800
commit	ab420739ed8c917b526cbe0823415288df13baf8 (patch)
tree	7cbd1d85cb1600567c3d412ce63e86a03bd75523
parent	944d70ebdb065af6f4c2438f418c7defb18a3aee (diff)
parent	35d2bd6c7e3a089eb4a8d6e074f53a13f471289e (diff)
download	external_webkit-ab420739ed8c917b526cbe0823415288df13baf8.zip external_webkit-ab420739ed8c917b526cbe0823415288df13baf8.tar.gz external_webkit-ab420739ed8c917b526cbe0823415288df13baf8.tar.bz2