Changeset 128670 in webkit for trunk/Source/JavaScriptCore

Timestamp:

Sep 14, 2012, 4:33:20 PM (13 years ago)

Author:

[email protected]

Message:

JSC should throw a more descriptive exception when blocking 'eval' via CSP.
​https://bugs.webkit.org/show_bug.cgi?id=94331

Patch by Mike West <​[email protected]> on 2012-09-14
Reviewed by Geoffrey Garen.

Source/JavaScriptCore:

Unless explicitly whitelisted, the 'script-src' Content Security Policy
directive blocks 'eval' and 'eval'-like constructs such as
'new Function()'. When 'eval' is encountered in code, an 'EvalError' is
thrown, but the associated message is poor: "Eval is disabled" doesn't
give developers enough information about why their code isn't behaving
as expected.

This patch adds an 'errorMessage' parameter to the JavaScriptCore method
used to disable 'eval'; ContentSecurityPolicy has the opportunity to
pass in a more detailed and descriptive error that contains more context
for the developer.

• runtime/Executable.cpp:

(JSC::EvalExecutable::compileInternal):

Drop the hard-coded "Eval is disabled" error message in favor of
reading the error message off the global object.

• runtime/FunctionConstructor.cpp:

(JSC::FunctionConstructor::getCallData):

Drop the hard-coded "Function constructor is disabled" error message
in favor of reading the error message off the global object.

• runtime/JSGlobalObject.h:

(JSGlobalObject):
(JSC::JSGlobalObject::evalEnabled):

Making this accessor method const.

(JSC::JSGlobalObject::evalDisabledErrorMessage):

Accessor for the error message set via 'setEvalDisabled'.

(JSC::JSGlobalObject::setEvalEnabled):

Adding an 'errorMessage' parameter which is stored on the global
object, and used when exceptions are thrown.

Source/WebCore:

Unless explicitly whitelisted, the 'script-src' Content Security Policy
directive blocks 'eval' and 'eval'-like constructs such as
'new Function()'. When 'eval' is encountered in code, an 'EvalError' is
thrown, but the associated message is poor: "Eval is disabled" doesn't
give developers enough information about why their code isn't behaving
as expected.

This patch adds an 'errorMessage' parameter to the JavaScriptCore method
used to disable 'eval'; ContentSecurityPolicy has the opportunity to
pass in a more detailed and descriptive error that contains more context
for the developer.

The new error message is tested by adjusting existing tests; nothing new
is required.

• bindings/js/ScriptController.cpp:

(WebCore::ScriptController::initScript):

Read the error message off the document's ContentSecurityPolicy.

(WebCore::ScriptController::disableEval):

• bindings/js/ScriptController.h:

(ScriptController):

Pipe the error message through to JSGlobalObject when disabling eval

• bindings/js/WorkerScriptController.cpp:

(WebCore::WorkerScriptController::disableEval):

• bindings/js/WorkerScriptController.h:

(WorkerScriptController):

Pipe the error message through to JSGlobalObject when disabling eval

• bindings/v8/ScriptController.cpp:

(WebCore::ScriptController::disableEval):

• bindings/v8/ScriptController.h:

(ScriptController):

• bindings/v8/WorkerScriptController.cpp:

(WebCore::WorkerScriptController::disableEval):

• bindings/v8/WorkerScriptController.h:

(WorkerScriptController):

Placeholder for V8 piping to be built in webk.it/94332.

• dom/Document.cpp:

(WebCore::Document::disableEval):

• dom/Document.h:

(Document):

• dom/ScriptExecutionContext.h:

(ScriptExecutionContext):

Pipe the error message through to the ScriptController when
disabling eval.

• page/ContentSecurityPolicy.cpp:

(WebCore::CSPDirectiveList::evalDisabledErrorMessage):

Accessor for the error message that ought be displayed to developers
when 'eval' used while disabled for a specific directive list.

(WebCore::CSPDirectiveList::setEvalDisabledErrorMessage):

Mutator for the error message that ought be displayed to developers
when 'eval' used while disabled for a specific directive list.

(CSPDirectiveList):
(WebCore::CSPDirectiveList::create):

Upon creation of a CSPDirectiveList, set the error message if the
directive list disables 'eval'.

(WebCore::ContentSecurityPolicy::didReceiveHeader):

Pass the error message into ScriptExecutionContext::disableEval.

(WebCore::ContentSecurityPolicy::evalDisabledErrorMessage):

Public accessor for the policy's error message; walks the list of
directive lists and returns the first error message found.

(WebCore):

• page/ContentSecurityPolicy.h:
• workers/WorkerContext.cpp:

(WebCore::WorkerContext::disableEval):

• workers/WorkerContext.h:

(WorkerContext):

Pipe the error message through to the ScriptController when
disabling eval.

LayoutTests:

• http/tests/security/contentSecurityPolicy/eval-blocked-expected.txt:
• http/tests/security/contentSecurityPolicy/eval-blocked-in-about-blank-iframe-expected.txt:
• http/tests/security/contentSecurityPolicy/function-constructor-blocked-expected.txt:

Location:

trunk/Source/JavaScriptCore

Files:

• ChangeLog (modified) (1 diff)
• runtime/Executable.cpp (modified) (1 diff)
• runtime/FunctionConstructor.cpp (modified) (1 diff)
• runtime/JSGlobalObject.h (modified) (2 diffs)

trunk/Source/JavaScriptCore/ChangeLog

@@ +1 @@
+2012-09-14  Mike West  <[email protected]>
+
+        JSC should throw a more descriptive exception when blocking 'eval' via CSP.
+        https://bugs.webkit.org/show_bug.cgi?id=94331
+
+        Reviewed by Geoffrey Garen.
+
+        Unless explicitly whitelisted, the 'script-src' Content Security Policy
+        directive blocks 'eval' and 'eval'-like constructs such as
+        'new Function()'. When 'eval' is encountered in code, an 'EvalError' is
+        thrown, but the associated message is poor: "Eval is disabled" doesn't
+        give developers enough information about why their code isn't behaving
+        as expected.
+
+        This patch adds an 'errorMessage' parameter to the JavaScriptCore method
+        used to disable 'eval'; ContentSecurityPolicy has the opportunity to
+        pass in a more detailed and descriptive error that contains more context
+        for the developer.
+
+        * runtime/Executable.cpp:
+        (JSC::EvalExecutable::compileInternal):
+            Drop the hard-coded "Eval is disabled" error message in favor of
+            reading the error message off the global object.
+        * runtime/FunctionConstructor.cpp:
+        (JSC::FunctionConstructor::getCallData):
+            Drop the hard-coded "Function constructor is disabled" error message
+            in favor of reading the error message off the global object.
+        * runtime/JSGlobalObject.h:
+        (JSGlobalObject):
+        (JSC::JSGlobalObject::evalEnabled):
+            Making this accessor method const.
+        (JSC::JSGlobalObject::evalDisabledErrorMessage):
+            Accessor for the error message set via 'setEvalDisabled'.
+        (JSC::JSGlobalObject::setEvalEnabled):
+            Adding an 'errorMessage' parameter which is stored on the global
+            object, and used when exceptions are thrown.
+
 2012-09-14  Filip Pizlo  <[email protected]>
 

trunk/Source/JavaScriptCore/runtime/Executable.cpp

@@ -203 +203 @@
     } else {
         if (!lexicalGlobalObject->evalEnabled())
-            return throwError(exec, createEvalError(exec, ASCIILiteral("Eval is disabled")));
+            return throwError(exec, createEvalError(exec, lexicalGlobalObject->evalDisabledErrorMessage()));
         RefPtr<EvalNode> evalNode = parse<EvalNode>(globalData, lexicalGlobalObject, m_source, 0, Identifier(), isStrictMode() ? JSParseStrict : JSParseNormal, EvalNode::isFunctionNode ? JSParseFunctionCode : JSParseProgramCode, lexicalGlobalObject->debugger(), exec, &exception);
         if (!evalNode) {

trunk/Source/JavaScriptCore/runtime/FunctionConstructor.cpp

@@ -83 +83 @@
 {
     if (!globalObject->evalEnabled())
-        return throwError(exec, createEvalError(exec, ASCIILiteral("Function constructor is disabled")));
+        return throwError(exec, createEvalError(exec, globalObject->evalDisabledErrorMessage()));
     return constructFunctionSkippingEvalEnabledCheck(exec, globalObject, args, functionName, sourceURL, position);
 }

trunk/Source/JavaScriptCore/runtime/JSGlobalObject.h

@@ -156 +156 @@
 
         bool m_evalEnabled;
+        String m_evalDisabledErrorMessage;
         bool m_experimentsEnabled;
 
@@ -305 +306 @@
         bool isDynamicScope(bool& requiresDynamicChecks) const;
 
-        void setEvalEnabled(bool enabled) { m_evalEnabled = enabled; }
-        bool evalEnabled() { return m_evalEnabled; }
+        bool evalEnabled() const { return m_evalEnabled; }
+        const String& evalDisabledErrorMessage() const { return m_evalDisabledErrorMessage; }
+        void setEvalEnabled(bool enabled, const String& errorMessage = String())
+        {
+            m_evalEnabled = enabled;
+            m_evalDisabledErrorMessage = errorMessage;
+        }
 
         void resetPrototype(JSGlobalData&, JSValue prototype);