RGBCube/serenity
1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-10-31 17:02:45 +00:00
Code Issues Activity Actions

LibWeb: Disallow cross-origin access to <iframe>.contentDocument

Browse source 
With this patch, we now enforce basic same-origin policy for this one
<iframe> attribute.

To make it easier to add more attributes like this, I've added an
extended IDL attribute ("[ReturnNullIfCrossOrigin]") that does exactly
what it sounds like. :^)
This commit is contained in:
Andreas Kling 2020-09-22 18:26:33 +02:00
parent 4c1f317572
commit 37c287b1d4
4 changed files with 28 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

9
Libraries/LibWeb/CodeGenerators/WrapperGenerator.cpp
View file

@ -445,8 +445,9 @@ void generate_implementation(const IDL::Interface& interface)
out() << "#include <LibWeb/Bindings/NodeWrapperFactory.h>";
out() << "#include <LibWeb/Bindings/" << wrapper_class << ".h>";
out() << "#include <LibWeb/DOM/Element.h>";
out() << "#include <LibWeb/HTML/HTMLElement.h>";
out() << "#include <LibWeb/DOM/EventListener.h>";
out() << "#include <LibWeb/HTML/HTMLElement.h>";
out() << "#include <LibWeb/Origin.h>";
out() << "#include <LibWeb/Bindings/CommentWrapper.h>";
out() << "#include <LibWeb/Bindings/DocumentWrapper.h>";
out() << "#include <LibWeb/Bindings/DocumentFragmentWrapper.h>";
@ -457,6 +458,7 @@ void generate_implementation(const IDL::Interface& interface)
out() << "#include <LibWeb/Bindings/ImageDataWrapper.h>";
out() << "#include <LibWeb/Bindings/TextWrapper.h>";
out() << "#include <LibWeb/Bindings/CanvasRenderingContext2DWrapper.h>";
out() << "#include <LibWeb/Bindings/WindowObject.h>";
// FIXME: This is a total hack until we can figure out the namespace for a given type somehow.
out() << "using namespace Web::DOM;";
@ -606,6 +608,11 @@ void generate_implementation(const IDL::Interface& interface)
out() << " if (!impl)";
out() << " return {};";
if (attribute.extended_attributes.contains("ReturnNullIfCrossOrigin")) {
out() << " if (!impl->may_access_from_origin(static_cast<WindowObject&>(global_object).origin()))";
out() << " return JS::js_null();";
}
if (attribute.extended_attributes.contains("Reflect")) {
auto attribute_name = attribute.extended_attributes.get("Reflect").value();
if (attribute_name.is_null())