diff --git a/Libraries/LibWeb/CodeGenerators/WrapperGenerator.cpp b/Libraries/LibWeb/CodeGenerators/WrapperGenerator.cpp index 570089bc28..4d0365b109 100644 --- a/Libraries/LibWeb/CodeGenerators/WrapperGenerator.cpp +++ b/Libraries/LibWeb/CodeGenerators/WrapperGenerator.cpp @@ -445,8 +445,9 @@ void generate_implementation(const IDL::Interface& interface) out() << "#include "; out() << "#include "; out() << "#include "; - out() << "#include "; out() << "#include "; + out() << "#include "; + out() << "#include "; out() << "#include "; out() << "#include "; out() << "#include "; @@ -457,6 +458,7 @@ void generate_implementation(const IDL::Interface& interface) out() << "#include "; out() << "#include "; out() << "#include "; + out() << "#include "; // FIXME: This is a total hack until we can figure out the namespace for a given type somehow. out() << "using namespace Web::DOM;"; @@ -606,6 +608,11 @@ void generate_implementation(const IDL::Interface& interface) out() << " if (!impl)"; out() << " return {};"; + if (attribute.extended_attributes.contains("ReturnNullIfCrossOrigin")) { + out() << " if (!impl->may_access_from_origin(static_cast(global_object).origin()))"; + out() << " return JS::js_null();"; + } + if (attribute.extended_attributes.contains("Reflect")) { auto attribute_name = attribute.extended_attributes.get("Reflect").value(); if (attribute_name.is_null()) diff --git a/Libraries/LibWeb/HTML/HTMLIFrameElement.cpp b/Libraries/LibWeb/HTML/HTMLIFrameElement.cpp index 3c1d536c1e..7fe0c5b929 100644 --- a/Libraries/LibWeb/HTML/HTMLIFrameElement.cpp +++ b/Libraries/LibWeb/HTML/HTMLIFrameElement.cpp @@ -26,17 +26,20 @@ #include #include +#include #include #include +#include #include #include #include #include +#include #include #include #include +#include #include -#include namespace Web::HTML { @@ -81,6 +84,18 @@ void HTMLIFrameElement::load_src(const String& value) m_content_frame->loader().load(url, FrameLoader::Type::IFrame); } +Origin HTMLIFrameElement::content_origin() const +{ + if (!m_content_frame || !m_content_frame->document()) + return {}; + return m_content_frame->document()->origin(); +} + +bool HTMLIFrameElement::may_access_from_origin(const Origin& origin) const +{ + return origin.is_same(content_origin()); +} + const DOM::Document* HTMLIFrameElement::content_document() const { return m_content_frame ? m_content_frame->document() : nullptr; diff --git a/Libraries/LibWeb/HTML/HTMLIFrameElement.h b/Libraries/LibWeb/HTML/HTMLIFrameElement.h index bff8692b22..2d5e138d7c 100644 --- a/Libraries/LibWeb/HTML/HTMLIFrameElement.h +++ b/Libraries/LibWeb/HTML/HTMLIFrameElement.h @@ -44,6 +44,9 @@ public: const DOM::Document* content_document() const; + Origin content_origin() const; + bool may_access_from_origin(const Origin&) const; + void content_frame_did_load(Badge); private: diff --git a/Libraries/LibWeb/HTML/HTMLIFrameElement.idl b/Libraries/LibWeb/HTML/HTMLIFrameElement.idl index 97513c966c..5a9e2bf186 100644 --- a/Libraries/LibWeb/HTML/HTMLIFrameElement.idl +++ b/Libraries/LibWeb/HTML/HTMLIFrameElement.idl @@ -7,6 +7,5 @@ interface HTMLIFrameElement : HTMLElement { [Reflect] attribute DOMString width; [Reflect] attribute DOMString height; - readonly attribute Document? contentDocument; - + [ReturnNullIfCrossOrigin] readonly attribute Document? contentDocument; }