/*
* Copyright (C) 2000 Harri Porten (porten@kde.org)
* Copyright (C) 2006 Jon Shier (jshier@iastate.edu)
* Copyright (C) 2003, 2004, 2005, 2006, 2007, 2008 Apple Inc. All rights reseved.
* Copyright (C) 2006 Alexey Proskuryakov (ap@webkit.org)
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301
* USA
*/
#include "config.h"
#include "JSLocationCustom.h"
#include "DOMWindow.h"
#include "ExceptionCode.h"
#include "Frame.h"
#include "FrameLoader.h"
#include "JSDOMBinding.h"
#include "JSDOMWindowCustom.h"
#include "KURL.h"
#include "Location.h"
#include "ScriptController.h"
#include <runtime/JSFunction.h>
#include <runtime/PrototypeFunction.h>
using namespace JSC;
namespace WebCore {
static JSValue nonCachingStaticReplaceFunctionGetter(ExecState* exec, const Identifier& propertyName, const PropertySlot&)
{
return new (exec) NativeFunctionWrapper(exec, exec->lexicalGlobalObject()->prototypeFunctionStructure(), 1, propertyName, jsLocationPrototypeFunctionReplace);
}
static JSValue nonCachingStaticReloadFunctionGetter(ExecState* exec, const Identifier& propertyName, const PropertySlot&)
{
return new (exec) NativeFunctionWrapper(exec, exec->lexicalGlobalObject()->prototypeFunctionStructure(), 0, propertyName, jsLocationPrototypeFunctionReload);
}
static JSValue nonCachingStaticAssignFunctionGetter(ExecState* exec, const Identifier& propertyName, const PropertySlot&)
{
return new (exec) NativeFunctionWrapper(exec, exec->lexicalGlobalObject()->prototypeFunctionStructure(), 1, propertyName, jsLocationPrototypeFunctionAssign);
}
bool JSLocation::getOwnPropertySlotDelegate(ExecState* exec, const Identifier& propertyName, PropertySlot& slot)
{
Frame* frame = impl()->frame();
if (!frame) {
slot.setUndefined();
return true;
}
// When accessing Location cross-domain, functions are always the native built-in ones.
// See JSDOMWindow::getOwnPropertySlotDelegate for additional details.
// Our custom code is only needed to implement the Window cross-domain scheme, so if access is
// allowed, return false so the normal lookup will take place.
String message;
if (allowsAccessFromFrame(exec, frame, message))
return false;
// Check for the few functions that we allow, even when called cross-domain.
const HashEntry* entry = JSLocationPrototype::s_info.propHashTable(exec)->entry(exec, propertyName);
if (entry && (entry->attributes() & Function)) {
if (entry->function() == jsLocationPrototypeFunctionReplace) {
slot.setCustom(this, nonCachingStaticReplaceFunctionGetter);
return true;
} else if (entry->function() == jsLocationPrototypeFunctionReload) {
slot.setCustom(this, nonCachingStaticReloadFunctionGetter);
return true;
} else if (entry->function() == jsLocationPrototypeFunctionAssign) {
slot.setCustom(this, nonCachingStaticAssignFunctionGetter);
return true;
}
}
// FIXME: Other implementers of the Window cross-domain scheme (Window, History) allow toString,
// but for now we have decided not to, partly because it seems silly to return "[Object Location]" in
// such cases when normally the string form of Location would be the URL.
printErrorMessageForFrame(frame, message);
slot.setUndefined();
return true;
}
bool JSLocation::getOwnPropertyDescriptorDelegate(ExecState* exec, const Identifier& propertyName, PropertyDescriptor& descriptor)
{
Frame* frame = impl()->frame();
if (!frame) {
descriptor.setUndefined();
return true;
}
// throw out all cross domain access
if (!allowsAccessFromFrame(exec, frame))
return true;
// Check for the few functions that we allow, even when called cross-domain.
const HashEntry* entry = JSLocationPrototype::s_info.propHashTable(exec)->entry(exec, propertyName);
PropertySlot slot;
if (entry && (entry->attributes() & Function)) {
if (entry->function() == jsLocationPrototypeFunctionReplace) {
slot.setCustom(this, nonCachingStaticReplaceFunctionGetter);
descriptor.setDescriptor(slot.getValue(exec, propertyName), entry->attributes());
return true;
} else if (entry->function() == jsLocationPrototypeFunctionReload) {
slot.setCustom(this, nonCachingStaticReloadFunctionGetter);
descriptor.setDescriptor(slot.getValue(exec, propertyName), entry->attributes());
return true;
} else if (entry->function() == jsLocationPrototypeFunctionAssign) {
slot.setCustom(this, nonCachingStaticAssignFunctionGetter);
descriptor.setDescriptor(slot.getValue(exec, propertyName), entry->attributes());
return true;
}
}
// FIXME: Other implementers of the Window cross-domain scheme (Window, History) allow toString,
// but for now we have decided not to, partly because it seems silly to return "[Object Location]" in
// such cases when normally the string form of Location would be the URL.
descriptor.setUndefined();
return true;
}
bool JSLocation::putDelegate(ExecState* exec, const Identifier& propertyName, JSValue value, PutPropertySlot& slot)
{
Frame* frame = impl()->frame();
if (!frame)
return true;
if (propertyName == exec->propertyNames().toString || propertyName == exec->propertyNames().valueOf)
return true;
bool sameDomainAccess = allowsAccessFromFrame(exec, frame);
const HashEntry* entry = JSLocation::s_info.propHashTable(exec)->entry(exec, propertyName);
if (!entry) {
if (sameDomainAccess)
JSObject::put(exec, propertyName, value, slot);
return true;
}
// Cross-domain access to the location is allowed when assigning the whole location,
// but not when assigning the individual pieces, since that might inadvertently
// disclose other parts of the original location.
if (entry->propertyPutter() != setJSLocationHref && !sameDomainAccess)
return true;
return false;
}
bool JSLocation::deleteProperty(ExecState* exec, const Identifier& propertyName)
{
// Only allow deleting by frames in the same origin.
if (!allowsAccessFromFrame(exec, impl()->frame()))
return false;
return Base::deleteProperty(exec, propertyName);
}
void JSLocation::getOwnPropertyNames(ExecState* exec, PropertyNameArray& propertyNames, EnumerationMode mode)
{
// Only allow the location object to enumerated by frames in the same origin.
if (!allowsAccessFromFrame(exec, impl()->frame()))
return;
Base::getOwnPropertyNames(exec, propertyNames, mode);
}
void JSLocation::defineGetter(ExecState* exec, const Identifier& propertyName, JSObject* getterFunction, unsigned attributes)
{
if (propertyName == exec->propertyNames().toString || propertyName == exec->propertyNames().valueOf)
return;
Base::defineGetter(exec, propertyName, getterFunction, attributes);
}
static void navigateIfAllowed(ExecState* exec, Frame* frame, const KURL& url, bool lockHistory, bool lockBackForwardList)
{
Frame* lexicalFrame = toLexicalFrame(exec);
if (!lexicalFrame)
return;
if (!protocolIsJavaScript(url) || allowsAccessFromFrame(exec, frame))
frame->redirectScheduler()->scheduleLocationChange(url.string(), lexicalFrame->loader()->outgoingReferrer(), lockHistory, lockBackForwardList, processingUserGesture(exec));
}
void JSLocation::setHref(ExecState* exec, JSValue value)
{
Frame* frame = impl()->frame();
ASSERT(frame);
KURL url = completeURL(exec, value.toString(exec));
if (url.isNull())
return;
if (!shouldAllowNavigation(exec, frame))
return;
navigateIfAllowed(exec, frame, url, !frame->script()->anyPageIsProcessingUserGesture(), false);
}
void JSLocation::setProtocol(ExecState* exec, JSValue value)
{
Frame* frame = impl()->frame();
ASSERT(frame);
KURL url = frame->loader()->url();
if (!url.setProtocol(value.toString(exec))) {
setDOMException(exec, SYNTAX_ERR);
return;
}
navigateIfAllowed(exec, frame, url, !frame->script()->anyPageIsProcessingUserGesture(), false);
}
void JSLocation::setHost(ExecState* exec, JSValue value)
{
Frame* frame = impl()->frame();
ASSERT(frame);
KURL url = frame->loader()->url();
url.setHostAndPort(value.toString(exec));
navigateIfAllowed(exec, frame, url, !frame->script()->anyPageIsProcessingUserGesture(), false);
}
void JSLocation::setHostname(ExecState* exec, JSValue value)
{
Frame* frame = impl()->frame();
ASSERT(frame);
KURL url = frame->loader()->url();
url.setHost(value.toString(exec));
navigateIfAllowed(exec, frame, url, !frame->script()->anyPageIsProcessingUserGesture(), false);
}
void JSLocation::setPort(ExecState* exec, JSValue value)
{
Frame* frame = impl()->frame();
ASSERT(frame);
KURL url = frame->loader()->url();
// FIXME: Could make this a little less ugly if String provided a toUnsignedShort function.
const UString& portString = value.toString(exec);
int port = charactersToInt(portString.data(), portString.size());
if (port < 0 || port > 0xFFFF)
url.removePort();
else
url.setPort(port);
navigateIfAllowed(exec, frame, url, !frame->script()->anyPageIsProcessingUserGesture(), false);
}
void JSLocation::setPathname(ExecState* exec, JSValue value)
{
Frame* frame = impl()->frame();
ASSERT(frame);
KURL url = frame->loader()->url();
url.setPath(value.toString(exec));
navigateIfAllowed(exec, frame, url, !frame->script()->anyPageIsProcessingUserGesture(), false);
}
void JSLocation::setSearch(ExecState* exec, JSValue value)
{
Frame* frame = impl()->frame();
ASSERT(frame);
KURL url = frame->loader()->url();
url.setQuery(value.toString(exec));
navigateIfAllowed(exec, frame, url, !frame->script()->anyPageIsProcessingUserGesture(), false);
}
void JSLocation::setHash(ExecState* exec, JSValue value)
{
Frame* frame = impl()->frame();
ASSERT(frame);
KURL url = frame->loader()->url();
String oldFragmentIdentifier = url.fragmentIdentifier();
String str = value.toString(exec);
if (str.startsWith("#"))
str = str.substring(1);
if (equalIgnoringNullity(oldFragmentIdentifier, str))
return;
url.setFragmentIdentifier(str);
navigateIfAllowed(exec, frame, url, !frame->script()->anyPageIsProcessingUserGesture(), false);
}
JSValue JSLocation::replace(ExecState* exec, const ArgList& args)
{
Frame* frame = impl()->frame();
if (!frame)
return jsUndefined();
KURL url = completeURL(exec, args.at(0).toString(exec));
if (url.isNull())
return jsUndefined();
if (!shouldAllowNavigation(exec, frame))
return jsUndefined();
navigateIfAllowed(exec, frame, url, true, true);
return jsUndefined();
}
JSValue JSLocation::reload(ExecState* exec, const ArgList&)
{
Frame* frame = impl()->frame();
if (!frame || !allowsAccessFromFrame(exec, frame))
return jsUndefined();
if (!protocolIsJavaScript(frame->loader()->url()))
frame->redirectScheduler()->scheduleRefresh(processingUserGesture(exec));
return jsUndefined();
}
JSValue JSLocation::assign(ExecState* exec, const ArgList& args)
{
Frame* frame = impl()->frame();
if (!frame)
return jsUndefined();
KURL url = completeURL(exec, args.at(0).toString(exec));
if (url.isNull())
return jsUndefined();
if (!shouldAllowNavigation(exec, frame))
return jsUndefined();
// We want a new history item if this JS was called via a user gesture
navigateIfAllowed(exec, frame, url, !frame->script()->anyPageIsProcessingUserGesture(), false);
return jsUndefined();
}
JSValue JSLocation::toString(ExecState* exec, const ArgList&)
{
Frame* frame = impl()->frame();
if (!frame || !allowsAccessFromFrame(exec, frame))
return jsUndefined();
return jsString(exec, impl()->toString());
}
bool JSLocationPrototype::putDelegate(ExecState* exec, const Identifier& propertyName, JSValue, PutPropertySlot&)
{
return (propertyName == exec->propertyNames().toString || propertyName == exec->propertyNames().valueOf);
}
void JSLocationPrototype::defineGetter(ExecState* exec, const Identifier& propertyName, JSObject* getterFunction, unsigned attributes)
{
if (propertyName == exec->propertyNames().toString || propertyName == exec->propertyNames().valueOf)
return;
Base::defineGetter(exec, propertyName, getterFunction, attributes);
}
} // namespace WebCore