Source/WebCore/ChangeLog

 12011-05-26 Jochen Eisinger <jochen@chromium.org>
 2
 3 Reviewed by NOBODY (OOPS!).
 4
 5 Check access policy on all storage operations
 6 https://bugs.webkit.org/show_bug.cgi?id=61581
 7
 8 * storage/Storage.cpp:
 9 (WebCore::Storage::length):
 10 (WebCore::Storage::key):
 11 (WebCore::Storage::getItem):
 12 (WebCore::Storage::setItem):
 13 (WebCore::Storage::removeItem):
 14 (WebCore::Storage::clear):
 15 (WebCore::Storage::contains):
 16 * storage/StorageArea.h:
 17 * storage/StorageAreaImpl.h:
 18 (WebCore::StorageAreaImpl::canAccessStorage):
 19
1202011-05-25 Levi Weintraub <leviw@chromium.org>
221
322 Reviewed by Eric Seidel.

Source/WebCore/storage/Storage.cpp

@@unsigned Storage::length() const
5959 if (!m_frame || !m_frame->page() || m_frame->page()->settings()->privateBrowsingEnabled())
6060 return 0;
6161
 62 if (!m_storageArea->canAccessStorage(m_frame))
 63 return 0;
 64
6265 return m_storageArea->length();
6366}
6467

@@String Storage::key(unsigned index) const
6770 if (!m_frame || !m_frame->page() || m_frame->page()->settings()->privateBrowsingEnabled())
6871 return String();
6972
 73 if (!m_storageArea->canAccessStorage(m_frame))
 74 return String();
 75
7076 return m_storageArea->key(index);
7177}
7278

@@String Storage::getItem(const String& key) const
7581 if (!m_frame || !m_frame->page() || m_frame->page()->settings()->privateBrowsingEnabled())
7682 return String();
7783
 84 if (!m_storageArea->canAccessStorage(m_frame))
 85 return String();
 86
7887 return m_storageArea->getItem(key);
7988}
8089

@@void Storage::setItem(const String& key, const String& value, ExceptionCode& ec)
8493 if (!m_frame)
8594 return;
8695
 96 if (!m_storageArea->canAccessStorage(m_frame))
 97 return;
 98
8799 m_storageArea->setItem(key, value, ec, m_frame);
88100}
89101

@@void Storage::removeItem(const String& key)
92104 if (!m_frame)
93105 return;
94106
 107 if (!m_storageArea->canAccessStorage(m_frame))
 108 return;
 109
95110 m_storageArea->removeItem(key, m_frame);
96111}
97112

@@void Storage::clear()
100115 if (!m_frame)
101116 return;
102117
 118 if (!m_storageArea->canAccessStorage(m_frame))
 119 return;
 120
103121 m_storageArea->clear(m_frame);
104122}
105123

@@bool Storage::contains(const String& key) const
108126 if (!m_frame || !m_frame->page() || m_frame->page()->settings()->privateBrowsingEnabled())
109127 return false;
110128
 129 if (!m_storageArea->canAccessStorage(m_frame))
 130 return false;
 131
111132 return m_storageArea->contains(key);
112133}
113134

Source/WebCore/storage/StorageArea.h

@@namespace WebCore {
5454 virtual String removeItem(const String& key, Frame* sourceFrame) = 0;
5555 virtual bool clear(Frame* sourceFrame) = 0;
5656 virtual bool contains(const String& key) const = 0;
 57
 58 virtual bool canAccessStorage(Frame* sourceFrame) const = 0;
5759 };
5860
5961} // namespace WebCore

Source/WebCore/storage/StorageAreaImpl.h

@@namespace WebCore {
5252 virtual String removeItem(const String& key, Frame* sourceFrame);
5353 virtual bool clear(Frame* sourceFrame);
5454 virtual bool contains(const String& key) const;
 55 virtual bool canAccessStorage(Frame* sourceFrame) const { return true; }
5556
5657 PassRefPtr<StorageAreaImpl> copy();
5758 void close();

Source/WebKit/chromium/ChangeLog

 12011-05-26 Jochen Eisinger <jochen@chromium.org>
 2
 3 Reviewed by NOBODY (OOPS!).
 4
 5 Check access policy on all storage operations
 6 https://bugs.webkit.org/show_bug.cgi?id=61581
 7
 8 * src/StorageAreaProxy.cpp:
 9 (WebCore::StorageAreaProxy::setItem):
 10 (WebCore::StorageAreaProxy::canAccessStorage):
 11 * src/StorageAreaProxy.h:
 12
1132011-05-24 Keishi Hattori <keishi@webkit.org>
214
315 Reviewed by Kent Tamura.

Source/WebKit/chromium/src/StorageAreaProxy.cpp

@@String StorageAreaProxy::setItem(const String& key, const String& value, Excepti
8282{
8383 WebKit::WebStorageArea::Result result = WebKit::WebStorageArea::ResultOK;
8484 WebKit::WebString oldValue;
85  WebKit::WebFrameImpl* webFrame = WebKit::WebFrameImpl::fromFrame(frame);
86  WebKit::WebViewImpl* webView = webFrame->viewImpl();
87  if (webView->permissionClient() && !webView->permissionClient()->allowStorage(webFrame, m_storageType == LocalStorage))
88  ec = QUOTA_EXCEEDED_ERR;
89  else {
90  m_storageArea->setItem(key, value, frame->document()->url(), result, oldValue, webFrame);
91  ec = (result == WebKit::WebStorageArea::ResultOK) ? 0 : QUOTA_EXCEEDED_ERR;
92  String oldValueString = oldValue;
93  if (oldValueString != value && result == WebKit::WebStorageArea::ResultOK)
94  storageEvent(key, oldValue, value, m_storageType, frame->document()->securityOrigin(), frame);
95  }
 85 m_storageArea->setItem(key, value, frame->document()->url(), result, oldValue);
 86 ec = (result == WebKit::WebStorageArea::ResultOK) ? 0 : QUOTA_EXCEEDED_ERR;
 87 String oldValueString = oldValue;
 88 if (oldValueString != value && result == WebKit::WebStorageArea::ResultOK)
 89 storageEvent(key, oldValue, value, m_storageType, frame->document()->securityOrigin(), frame);
9690 return oldValue;
9791}
9892

@@bool StorageAreaProxy::contains(const String& key) const
119113 return !getItem(key).isNull();
120114}
121115
 116bool StorageAreaProxy::canAccessStorage(Frame* frame) const
 117{
 118 WebKit::WebFrameImpl* webFrame = WebKit::WebFrameImpl::fromFrame(frame);
 119 WebKit::WebViewImpl* webView = webFrame->viewImpl();
 120 return !webView->permissionClient() || webView->permissionClient()->allowStorage(webFrame, m_storageType == LocalStorage);
 121}
 122
122123// Copied from WebCore/storage/StorageEventDispatcher.cpp out of necessity. It's probably best to keep it current.
123124void StorageAreaProxy::storageEvent(const String& key, const String& oldValue, const String& newValue, StorageType storageType, SecurityOrigin* securityOrigin, Frame* sourceFrame)
124125{

Source/WebKit/chromium/src/StorageAreaProxy.h

@@public:
5050 virtual String removeItem(const String& key, Frame* sourceFrame);
5151 virtual bool clear(Frame* sourceFrame);
5252 virtual bool contains(const String& key) const;
 53 virtual bool canAccessStorage(Frame* sourceFrame) const;
5354
5455private:
5556 void storageEvent(const String& key, const String& oldValue, const String& newValue, StorageType, SecurityOrigin*, Frame* sourceFrame);