24437 2009-03-06 15:53:12 -0800 Add support for registering noAccess URL schemes 2009-03-10 09:26:00 -0700 1 1 1 Unclassified WebKit Frames 528+ (Nightly build) All All RESOLVED FIXED P2 Normal --- 1 fishd fishd abarth sam oldest_to_newest 112672 0 fishd 2009-03-06 15:53:12 -0800 Add support for registering noAccess URL schemes Part of Chrome is built using HTML, and those HTML panels have a special URL scheme called chrome-ui. We currently have code in the V8 bindings that does denies canAccess for all chrome-ui URLs except that of the web inspector. It then gives the web inspector univeral access. This is a bit messy, and it is unfortunate that this knowledge of chrome-ui URLs has to live in the V8 bindings or in WebCore at all. Instead, I propose the following changes: 1- Add FrameLoader::registerURLSchemeAsNoAccess, and have SecurityOrigin check that list upon construction (just as it does for isLocal). 2- Make InspectorController call grantUniversalAccess on its Document's SecurityOrigin at the time when windowScriptObjectAvailable is called. As a result, noAccess schemes will always return false from SecurityOrigin::canAccess unless grantUniversalAccess has been called. Thanks to Adam Barth for these suggestions. 112680 1 28377 fishd 2009-03-06 16:50:44 -0800 Created attachment 28377 v1 patch I also added a bit of cleanup to this patch as well: - moved localSchemes to the top of the file - renamed LocalSchemesMap to URLSchemesMap - renamed shouldTreatSchemeAsLocal to shouldTreatURLSchemeAsLocal for consistency 112690 2 28377 abarth 2009-03-06 18:33:37 -0800 Comment on attachment 28377 v1 patch >+ // Grant the inspector the ability to script the inspected page. >+ m_page->mainFrame()->document()->securityOrigin()->grantUniversalAccess(); The mainFrame() in this chain is kind of scary. If I can get the inspector to load in an iframe, I can get universal access. I wouldn't block this patch on this issue because we're already screwed in that case because of: > // FIXME: This should be cleaned up. API Mix-up. > JSGlobalObject* globalObject = m_page->mainFrame()->script()->globalObject(); I should probably file a bug and investigate. >+bool FrameLoader::shouldTreatURLSchemeAsNoAccess(const String& scheme) >+{ >+ return noAccessSchemes().contains(scheme); >+} I wonder if we need to fast case HTTP here like we do in FrameLoader::shouldTreatURLSchemeAsLocal. I suspect it doesn't matter since this is only called once per document creation. It's kind of weird that this state is kept in FrameLoader. It might make more sense to put these in SecurityOrigin and have FrameLoader ask SecurityOrigin about the security policies for URL schemes. 112698 3 fishd 2009-03-06 22:57:57 -0800 > The mainFrame() in this chain is kind of scary. If I can get the inspector to > load in an iframe, I can get universal access. I wouldn't block this patch on Good observation. I wonder if there is a way for the InspectorController to get the Frame that it is loaded in. > >+bool FrameLoader::shouldTreatURLSchemeAsNoAccess(const String& scheme) > >+{ > >+ return noAccessSchemes().contains(scheme); > >+} > > I wonder if we need to fast case HTTP here like we do in > FrameLoader::shouldTreatURLSchemeAsLocal. I suspect it doesn't matter since > this is only called once per document creation. I thought about adding a fast path for HTTP, but I came to the same conclusion you did. Once per document is not enough to worry about. > It's kind of weird that this state is kept in FrameLoader. It might make more > sense to put these in SecurityOrigin and have FrameLoader ask SecurityOrigin > about the security policies for URL schemes. Good point. I just put it on FrameLoader for consistency. I could certainly move both lists. 112894 4 fishd 2009-03-09 13:48:10 -0700 Hey Sam, it looks like you have reviewed changes to SecurityOrigin in the past. Could you please comment on this patch? Thanks! 112901 5 28377 sam 2009-03-09 14:23:06 -0700 Comment on attachment 28377 v1 patch r=me. But I agree that we should move this logic into SecurityOrigin code at some point. 112914 6 fishd 2009-03-09 17:08:27 -0700 Thanks. I'm happy to make that change. 113004 7 fishd 2009-03-10 09:26:00 -0700 Landed as http://trac.webkit.org/changeset/41555 I decided to do the cleanup to a followup patch, mainly because I have some question about the merits of the shouldTreatURLAsLocal function and the "optimizations" to return early if the scheme is "http" or "file". I suspect those are premature optimizations since these functions are called ~ once per resource on a page, which is typically not frequently enough to warrant such optimizations. 28377 2009-03-06 16:50:44 -0800 2009-03-09 14:23:06 -0700 v1 patch noaccess_1.txt text/plain 6542 fishd SW5kZXg6IENoYW5nZUxvZwo9PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09Ci0tLSBDaGFuZ2VMb2cJKHJldmlzaW9uIDQxNTA3 KQorKysgQ2hhbmdlTG9nCSh3b3JraW5nIGNvcHkpCkBAIC0xLDMgKzEsMzEgQEAKKzIwMDktMDMt MDYgIERhcmluIEZpc2hlciAgPGRhcmluQGNocm9taXVtLm9yZz4KKworICAgICAgICBSZXZpZXdl ZCBieSBOT0JPRFkgKE9PUFMhKS4KKworICAgICAgICBodHRwczovL2J1Z3Mud2Via2l0Lm9yZy9z aG93X2J1Zy5jZ2k/aWQ9MjQ0MzcKKworICAgICAgICBBZGQgc3VwcG9ydCBmb3IgcmVnaXN0ZXJp bmcgbm9BY2Nlc3MgVVJMIHNjaGVtZXM6CisgICAgICAgIDEtICBBZGQgRnJhbWVMb2FkZXI6OnJl Z2lzdGVyVVJMU2NoZW1lQXNOb0FjY2VzcywgYW5kIGhhdmUgU2VjdXJpdHlPcmlnaW4gY2hlY2sK KyAgICAgICAgdGhhdCBsaXN0IHVwb24gY29uc3RydWN0aW9uIChzaW1pbGFyIHRvIGhvdyBpc0xv Y2FsIGlzIGltcGxlbWVudGVkKS4KKyAgICAgICAgMi0gIE1ha2UgSW5zcGVjdG9yQ29udHJvbGxl ciBjYWxsIGdyYW50VW5pdmVyc2FsQWNjZXNzIG9uIGl0cyBEb2N1bWVudCdzCisgICAgICAgIFNl Y3VyaXR5T3JpZ2luIGF0IHRoZSB0aW1lIHdoZW4gd2luZG93U2NyaXB0T2JqZWN0QXZhaWxhYmxl IGlzIGNhbGxlZC4KKworICAgICAgICBUaGlzIGVuYWJsZXMgY29udGVudCBzdWNoIGFzIHRoZSBp bnNwZWN0b3IgdG8gYmUgbG9hZGVkIGZyb20gYSBjdXN0b20gKG5vbi1maWxlKQorICAgICAgICBV UkwsIHdoaWNoIGlzIGhvdyBDaHJvbWl1bSBsb2FkcyB0aGUgaW5zcGVjdG9yLiAgSXQgYWxzbyBh bGxvd3Mgb3RoZXIgVVJMIHNjaGVtZXMKKyAgICAgICAgdG8gYmUgdHJlYXRlZCBsaWtlIGRhdGE6 IFVSTHMsIHdoaWNoIENocm9taXVtIHV0aWxpemVzIGZvciBpdHMgdmFyaW91cyBIVE1MLWJhc2Vk CisgICAgICAgIFVJIHBhbmVscy4KKworICAgICAgICAqIGluc3BlY3Rvci9JbnNwZWN0b3JDb250 cm9sbGVyLmNwcDoKKyAgICAgICAgKFdlYkNvcmU6Okluc3BlY3RvckNvbnRyb2xsZXI6OndpbmRv d1NjcmlwdE9iamVjdEF2YWlsYWJsZSk6CisgICAgICAgICogbG9hZGVyL0ZyYW1lTG9hZGVyLmNw cDoKKyAgICAgICAgKFdlYkNvcmU6OmxvY2FsU2NoZW1lcyk6CisgICAgICAgIChXZWJDb3JlOjpu b0FjY2Vzc1NjaGVtZXMpOgorICAgICAgICAoV2ViQ29yZTo6RnJhbWVMb2FkZXI6OmxvYWRJdGVt KToKKyAgICAgICAgKiBsb2FkZXIvRnJhbWVMb2FkZXIuaDoKKyAgICAgICAgKiBwYWdlL1NlY3Vy aXR5T3JpZ2luLmNwcDoKKyAgICAgICAgKFdlYkNvcmU6OlNlY3VyaXR5T3JpZ2luOjpTZWN1cml0 eU9yaWdpbik6CisgICAgICAgIChXZWJDb3JlOjpTZWN1cml0eU9yaWdpbjo6aXNMb2NhbCk6CisK IDIwMDktMDMtMDYgIFBldGVyIEthc3RpbmcgIDxwa2FzdGluZ0Bnb29nbGUuY29tPgogCiAgICAg ICAgIFJldmlld2VkIGJ5IERhcmluIEZpc2hlci4KSW5kZXg6IGluc3BlY3Rvci9JbnNwZWN0b3JD b250cm9sbGVyLmNwcAo9PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09Ci0tLSBpbnNwZWN0b3IvSW5zcGVjdG9yQ29udHJvbGxl ci5jcHAJKHJldmlzaW9uIDQxNTA0KQorKysgaW5zcGVjdG9yL0luc3BlY3RvckNvbnRyb2xsZXIu Y3BwCSh3b3JraW5nIGNvcHkpCkBAIC02NjQsNiArNjY0LDkgQEAgdm9pZCBJbnNwZWN0b3JDb250 cm9sbGVyOjp3aW5kb3dTY3JpcHRPYgogICAgIGlmICghbV9wYWdlIHx8ICFlbmFibGVkKCkpCiAg ICAgICAgIHJldHVybjsKIAorICAgIC8vIEdyYW50IHRoZSBpbnNwZWN0b3IgdGhlIGFiaWxpdHkg dG8gc2NyaXB0IHRoZSBpbnNwZWN0ZWQgcGFnZS4KKyAgICBtX3BhZ2UtPm1haW5GcmFtZSgpLT5k b2N1bWVudCgpLT5zZWN1cml0eU9yaWdpbigpLT5ncmFudFVuaXZlcnNhbEFjY2VzcygpOworCiAg ICAgLy8gRklYTUU6IFRoaXMgc2hvdWxkIGJlIGNsZWFuZWQgdXAuIEFQSSBNaXgtdXAuCiAgICAg SlNHbG9iYWxPYmplY3QqIGdsb2JhbE9iamVjdCA9IG1fcGFnZS0+bWFpbkZyYW1lKCktPnNjcmlw dCgpLT5nbG9iYWxPYmplY3QoKTsKICAgICBFeGVjU3RhdGUqIGV4ZWMgPSBnbG9iYWxPYmplY3Qt Pmdsb2JhbEV4ZWMoKTsKSW5kZXg6IGxvYWRlci9GcmFtZUxvYWRlci5jcHAKPT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQot LS0gbG9hZGVyL0ZyYW1lTG9hZGVyLmNwcAkocmV2aXNpb24gNDE1MDQpCisrKyBsb2FkZXIvRnJh bWVMb2FkZXIuY3BwCSh3b3JraW5nIGNvcHkpCkBAIC0xMTMsNyArMTEzLDM0IEBAIHVzaW5nIG5h bWVzcGFjZSBTVkdOYW1lczsKICNlbmRpZgogdXNpbmcgbmFtZXNwYWNlIEhUTUxOYW1lczsKIAot dHlwZWRlZiBIYXNoU2V0PFN0cmluZywgQ2FzZUZvbGRpbmdIYXNoPiBMb2NhbFNjaGVtZXNNYXA7 Cit0eXBlZGVmIEhhc2hTZXQ8U3RyaW5nLCBDYXNlRm9sZGluZ0hhc2g+IFVSTFNjaGVtZXNNYXA7 CisKK3N0YXRpYyBVUkxTY2hlbWVzTWFwJiBsb2NhbFNjaGVtZXMoKQoreworICAgIERFRklORV9T VEFUSUNfTE9DQUwoVVJMU2NoZW1lc01hcCwgbG9jYWxTY2hlbWVzLCAoKSk7CisKKyAgICBpZiAo bG9jYWxTY2hlbWVzLmlzRW1wdHkoKSkgeworICAgICAgICBsb2NhbFNjaGVtZXMuYWRkKCJmaWxl Iik7CisjaWYgUExBVEZPUk0oTUFDKQorICAgICAgICBsb2NhbFNjaGVtZXMuYWRkKCJhcHBsZXdl YmRhdGEiKTsKKyNlbmRpZgorI2lmIFBMQVRGT1JNKFFUKQorICAgICAgICBsb2NhbFNjaGVtZXMu YWRkKCJxcmMiKTsKKyNlbmRpZgorICAgIH0KKworICAgIHJldHVybiBsb2NhbFNjaGVtZXM7Cit9 CisKK3N0YXRpYyBVUkxTY2hlbWVzTWFwJiBub0FjY2Vzc1NjaGVtZXMoKQoreworICAgIERFRklO RV9TVEFUSUNfTE9DQUwoVVJMU2NoZW1lc01hcCwgbm9BY2Nlc3NTY2hlbWVzLCAoKSk7CisKKyAg ICBpZiAobm9BY2Nlc3NTY2hlbWVzLmlzRW1wdHkoKSkKKyAgICAgICAgbm9BY2Nlc3NTY2hlbWVz LmFkZCgiZGF0YSIpOworCisgICAgcmV0dXJuIG5vQWNjZXNzU2NoZW1lczsKK30KIAogc3RydWN0 IEZvcm1TdWJtaXNzaW9uIHsKICAgICBGb3JtU3VibWlzc2lvbihjb25zdCBjaGFyKiBhY3Rpb24s IGNvbnN0IFN0cmluZyYgdXJsLCBQYXNzUmVmUHRyPEZvcm1EYXRhPiBmb3JtRGF0YSwKQEAgLTEx MTYsMjMgKzExNDMsNiBAQCBib29sIEZyYW1lTG9hZGVyOjphbGxvd1N1YnN0aXR1dGVEYXRhQWNj CiAgICAgcmV0dXJuIGxvY2FsTG9hZFBvbGljeSAhPSBGcmFtZUxvYWRlcjo6QWxsb3dMb2NhbExv YWRzRm9yTG9jYWxPbmx5OwogfQogCi1zdGF0aWMgTG9jYWxTY2hlbWVzTWFwJiBsb2NhbFNjaGVt ZXMoKQotewotICAgIERFRklORV9TVEFUSUNfTE9DQUwoTG9jYWxTY2hlbWVzTWFwLCBsb2NhbFNj aGVtZXMsICgpKTsKLQotICAgIGlmIChsb2NhbFNjaGVtZXMuaXNFbXB0eSgpKSB7Ci0gICAgICAg IGxvY2FsU2NoZW1lcy5hZGQoImZpbGUiKTsKLSNpZiBQTEFURk9STShNQUMpCi0gICAgICAgIGxv Y2FsU2NoZW1lcy5hZGQoImFwcGxld2ViZGF0YSIpOwotI2VuZGlmCi0jaWYgUExBVEZPUk0oUVQp Ci0gICAgICAgIGxvY2FsU2NoZW1lcy5hZGQoInFyYyIpOwotI2VuZGlmCi0gICAgfQotCi0gICAg cmV0dXJuIGxvY2FsU2NoZW1lczsKLX0KLQogdm9pZCBGcmFtZUxvYWRlcjo6Y29tbWl0SWNvblVS TFRvSWNvbkRhdGFiYXNlKGNvbnN0IEtVUkwmIGljb24pCiB7CiAgICAgQVNTRVJUKGljb25EYXRh YmFzZSgpKTsKQEAgLTUxNTIsNyArNTE2Miw3IEBAIGJvb2wgRnJhbWVMb2FkZXI6OnNob3VsZFRy ZWF0VVJMQXNMb2NhbCgKICAgICByZXR1cm4gbG9jYWxTY2hlbWVzKCkuY29udGFpbnMoc2NoZW1l KTsKIH0KIAotYm9vbCBGcmFtZUxvYWRlcjo6c2hvdWxkVHJlYXRTY2hlbWVBc0xvY2FsKGNvbnN0 IFN0cmluZyYgc2NoZW1lKQorYm9vbCBGcmFtZUxvYWRlcjo6c2hvdWxkVHJlYXRVUkxTY2hlbWVB c0xvY2FsKGNvbnN0IFN0cmluZyYgc2NoZW1lKQogewogICAgIC8vIFRoaXMgYXZvaWRzIGFuIGFs bG9jYXRpb24gb2YgYW5vdGhlciBTdHJpbmcgYW5kIHRoZSBIYXNoU2V0IGNvbnRhaW5zKCkKICAg ICAvLyBjYWxsIGZvciB0aGUgZmlsZTogYW5kIGh0dHA6IHNjaGVtZXMuCkBAIC01MTcwLDYgKzUx ODAsMTYgQEAgYm9vbCBGcmFtZUxvYWRlcjo6c2hvdWxkVHJlYXRTY2hlbWVBc0xvYwogICAgIHJl dHVybiBsb2NhbFNjaGVtZXMoKS5jb250YWlucyhzY2hlbWUpOwogfQogCit2b2lkIEZyYW1lTG9h ZGVyOjpyZWdpc3RlclVSTFNjaGVtZUFzTm9BY2Nlc3MoY29uc3QgU3RyaW5nJiBzY2hlbWUpCit7 CisgICAgbm9BY2Nlc3NTY2hlbWVzKCkuYWRkKHNjaGVtZSk7Cit9CisKK2Jvb2wgRnJhbWVMb2Fk ZXI6OnNob3VsZFRyZWF0VVJMU2NoZW1lQXNOb0FjY2Vzcyhjb25zdCBTdHJpbmcmIHNjaGVtZSkK K3sKKyAgICByZXR1cm4gbm9BY2Nlc3NTY2hlbWVzKCkuY29udGFpbnMoc2NoZW1lKTsKK30KKwog dm9pZCBGcmFtZUxvYWRlcjo6ZGlzcGF0Y2hEaWRDb21taXRMb2FkKCkKIHsKICAgICBpZiAobV9j cmVhdGluZ0luaXRpYWxFbXB0eURvY3VtZW50KQpJbmRleDogbG9hZGVyL0ZyYW1lTG9hZGVyLmgK PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PQotLS0gbG9hZGVyL0ZyYW1lTG9hZGVyLmgJKHJldmlzaW9uIDQxNTA0KQorKysg bG9hZGVyL0ZyYW1lTG9hZGVyLmgJKHdvcmtpbmcgY29weSkKQEAgLTQyNCw5ICs0MjQsMTIgQEAg bmFtZXNwYWNlIFdlYkNvcmUgewogICAgICAgICBzdGF0aWMgYm9vbCByZXN0cmljdEFjY2Vzc1Rv TG9jYWwoKTsKICAgICAgICAgc3RhdGljIGJvb2wgYWxsb3dTdWJzdGl0dXRlRGF0YUFjY2Vzc1Rv TG9jYWwoKTsKIAotICAgICAgICBzdGF0aWMgdm9pZCByZWdpc3RlclVSTFNjaGVtZUFzTG9jYWwo Y29uc3QgU3RyaW5nJiBzY2hlbWUpOworICAgICAgICBzdGF0aWMgdm9pZCByZWdpc3RlclVSTFNj aGVtZUFzTG9jYWwoY29uc3QgU3RyaW5nJik7CiAgICAgICAgIHN0YXRpYyBib29sIHNob3VsZFRy ZWF0VVJMQXNMb2NhbChjb25zdCBTdHJpbmcmKTsKLSAgICAgICAgc3RhdGljIGJvb2wgc2hvdWxk VHJlYXRTY2hlbWVBc0xvY2FsKGNvbnN0IFN0cmluZyYpOworICAgICAgICBzdGF0aWMgYm9vbCBz aG91bGRUcmVhdFVSTFNjaGVtZUFzTG9jYWwoY29uc3QgU3RyaW5nJik7CisKKyAgICAgICAgc3Rh dGljIHZvaWQgcmVnaXN0ZXJVUkxTY2hlbWVBc05vQWNjZXNzKGNvbnN0IFN0cmluZyYpOworICAg ICAgICBzdGF0aWMgYm9vbCBzaG91bGRUcmVhdFVSTFNjaGVtZUFzTm9BY2Nlc3MoY29uc3QgU3Ry aW5nJik7CiAKICAgICAgICAgYm9vbCBjb21taXR0aW5nRmlyc3RSZWFsTG9hZCgpIGNvbnN0IHsg cmV0dXJuICFtX2NyZWF0aW5nSW5pdGlhbEVtcHR5RG9jdW1lbnQgJiYgIW1fY29tbWl0dGVkRmly c3RSZWFsRG9jdW1lbnRMb2FkOyB9CiAKSW5kZXg6IHBhZ2UvU2VjdXJpdHlPcmlnaW4uY3BwCj09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT0KLS0tIHBhZ2UvU2VjdXJpdHlPcmlnaW4uY3BwCShyZXZpc2lvbiA0MTUwNCkKKysr IHBhZ2UvU2VjdXJpdHlPcmlnaW4uY3BwCSh3b3JraW5nIGNvcHkpCkBAIC02NSw4ICs2NSw4IEBA IFNlY3VyaXR5T3JpZ2luOjpTZWN1cml0eU9yaWdpbihjb25zdCBLVVIKICAgICBpZiAobV9wcm90 b2NvbCA9PSAiYWJvdXQiIHx8IG1fcHJvdG9jb2wgPT0gImphdmFzY3JpcHQiKQogICAgICAgICBt X3Byb3RvY29sID0gIiI7CiAKLSAgICAvLyBkYXRhOiBVUkxzIGFyZSBub3QgYWxsb3dlZCBhY2Nl c3MgdG8gYW55dGhpbmcgb3RoZXIgdGhhbiB0aGVtc2VsdmVzLgotICAgIGlmIChtX3Byb3RvY29s ID09ICJkYXRhIikKKyAgICAvLyBTb21lIFVSTHMgYXJlIG5vdCBhbGxvd2VkIGFjY2VzcyB0byBh bnl0aGluZyBvdGhlciB0aGFuIHRoZW1zZWx2ZXMuCisgICAgaWYgKEZyYW1lTG9hZGVyOjpzaG91 bGRUcmVhdFVSTFNjaGVtZUFzTm9BY2Nlc3MobV9wcm90b2NvbCkpCiAgICAgICAgIG1fbm9BY2Nl c3MgPSB0cnVlOwogCiAgICAgLy8gZG9jdW1lbnQuZG9tYWluIHN0YXJ0cyBhcyBtX2hvc3QsIGJ1 dCBjYW4gYmUgc2V0IGJ5IHRoZSBET00uCkBAIC0xOTMsNyArMTkzLDcgQEAgdm9pZCBTZWN1cml0 eU9yaWdpbjo6Z3JhbnRVbml2ZXJzYWxBY2NlcwogCiBib29sIFNlY3VyaXR5T3JpZ2luOjppc0xv Y2FsKCkgY29uc3QKIHsKLSAgICByZXR1cm4gRnJhbWVMb2FkZXI6OnNob3VsZFRyZWF0U2NoZW1l QXNMb2NhbChtX3Byb3RvY29sKTsKKyAgICByZXR1cm4gRnJhbWVMb2FkZXI6OnNob3VsZFRyZWF0 VVJMU2NoZW1lQXNMb2NhbChtX3Byb3RvY29sKTsKIH0KIAogYm9vbCBTZWN1cml0eU9yaWdpbjo6 aXNTZWN1cmVUcmFuc2l0aW9uVG8oY29uc3QgS1VSTCYgdXJsKSBjb25zdAo=