Skip to content

Commit 9c2d325

Browse files
author
zhourenjian
committed
Fixing cross site scripting's domain problem
1 parent 7aa19fe commit 9c2d325

File tree

4 files changed

+106
-39
lines changed

4 files changed

+106
-39
lines changed

sources/net.sf.j2s.ajax/ajaxpipe/net/sf/j2s/ajax/SimplePipeRequest.java

Lines changed: 79 additions & 33 deletions
Original file line numberDiff line numberDiff line change
@@ -335,32 +335,41 @@ public void onLoaded() {
335335
}
336336
var map = net.sf.j2s.ajax.SimplePipeRequest.pipeScriptMap;
337337
var pipe = map[url];
338-
if (pipe != null) {
338+
if (pipe != null && pipeID != null && pipeID.length > 0) {
339339
var stillExistedRequest = false;
340-
var idPrefix = iframeID;
341-
var idx = iframeID.lastIndexOf ("-");
340+
var idPrefix = pipeID;
341+
var idx = pipeID.lastIndexOf ("-");
342342
if (idx != -1) {
343-
idPrefix = iframeID.substring (0, idx);
343+
idPrefix = pipeID.substring (0, idx);
344344
}
345345
var iframes = document.getElementsByTagName ("IFRAME");
346346
for (var i = 0; i < iframes.length; i++) {
347347
var el = iframes[i];
348348
if (el.id != null && el.id.indexOf (idPrefix) == 0) {
349-
alert ("exist request!");
350349
stillExistedRequest = true;
351350
break;
352351
}
353352
}
353+
if (!stillExistedRequest) {
354+
var scripts = document.getElementsByTagName ("SCRIPT");
355+
for (var i = 0; i < scripts.length; i++) {
356+
var el = scripts[i];
357+
if (el.id != null && el.id.indexOf (idPrefix) == 0) {
358+
stillExistedRequest = true;
359+
break;
360+
}
361+
}
362+
}
354363
pipe.queryEnded = !stillExistedRequest;
355364
delete map[url];
356365
}
357366
*/
358-
native static void updatePipeByURL(String iframeID, String url);
367+
native static void updatePipeByURL(String pipeID, String url);
359368

360369
/**
361370
* @j2sNative
362371
return function () {
363-
if (iframeID != null) {
372+
if (pipeID != null) {
364373
var pw = window.parent;
365374
if (pw == null || pw["net"] == null) return;
366375
if (!pw.net.sf.j2s.ajax.SimpleRPCRequest.cleanUp(this)) {
@@ -369,11 +378,11 @@ public void onLoaded() {
369378
var url = this.url;
370379
this.url = null;
371380
document.getElementsByTagName ("HEAD")[0].removeChild (this);
372-
var iframe = pw.document.getElementById (iframeID);
381+
var iframe = pw.document.getElementById (pipeID);
373382
if (iframe != null) {
374383
iframe.parentNode.removeChild (iframe);
375384
}
376-
pw.net.sf.j2s.ajax.SimplePipeRequest.updatePipeByURL (iframeID, url);
385+
pw.net.sf.j2s.ajax.SimplePipeRequest.updatePipeByURL (pipeID, url);
377386
} else {
378387
if (window == null || window["net"] == null) return;
379388
if (!net.sf.j2s.ajax.SimpleRPCRequest.cleanUp(this)) {
@@ -382,11 +391,11 @@ public void onLoaded() {
382391
var url = this.url;
383392
this.url = null;
384393
document.getElementsByTagName ("HEAD")[0].removeChild (this);
385-
net.sf.j2s.ajax.SimplePipeRequest.updatePipeByURL (iframeID, url);
394+
net.sf.j2s.ajax.SimplePipeRequest.updatePipeByURL (pipeID, url);
386395
}
387396
};
388397
*/
389-
native static Object generatePipeScriptCallback(String iframeID);
398+
native static Object generatePipeScriptCallback(String pipeID);
390399

391400
/**
392401
* Load or send data for pipe using SCRIPT tag.
@@ -398,11 +407,14 @@ public void onLoaded() {
398407
script.type = "text/javascript";
399408
script.src = url;
400409
script.url = url;
401-
var iframeID = arguments[1];
410+
var pipeID = arguments[1];
411+
if (pipeID != null && pipeID.length > 0) {
412+
script.id = pipeID;
413+
}
402414
var userAgent = navigator.userAgent.toLowerCase ();
403415
var isOpera = (userAgent.indexOf ("opera") != -1);
404416
var isIE = (userAgent.indexOf ("msie") != -1) && !isOpera;
405-
var fun = net.sf.j2s.ajax.SimplePipeRequest.generatePipeScriptCallback (iframeID);
417+
var fun = net.sf.j2s.ajax.SimplePipeRequest.generatePipeScriptCallback (pipeID);
406418
script.defer = true;
407419
if (typeof (script.onreadystatechange) == "undefined" || !isIE) { // W3C
408420
script.onload = script.onerror = fun;
@@ -422,11 +434,11 @@ public void onLoaded() {
422434
* @j2sNative
423435
var iframe = document.createElement ("IFRAME");
424436
iframe.style.display = "none";
425-
var iframeID = null;
437+
var pipeID = null;
426438
do {
427-
iframeID = "pipe-script-" + pipeKey + "-" + Math.round (10000000 * Math.random ());
428-
} while (document.getElementById (iframeID) != null);
429-
iframe.id = iframeID;
439+
pipeID = "pipe-script-" + pipeKey + "-" + Math.round (10000000 * Math.random ());
440+
} while (document.getElementById (pipeID) != null);
441+
iframe.id = pipeID;
430442
document.body.appendChild (iframe);
431443
var html = "<html><head><title></title>";
432444
html += "<script type=\"text/javascript\">\r\n";
@@ -445,7 +457,7 @@ public void onLoaded() {
445457
html += "window.setTimeout (function () {\r\n";
446458
html += "net = { sf : { j2s : { ajax : { SimplePipeRequest : { generatePipeScriptCallback : " + net.sf.j2s.ajax.SimplePipeRequest.generatePipeScriptCallback + " } } } } };\r\n";
447459
html += "(" + net.sf.j2s.ajax.SimplePipeRequest.loadPipeScript + ") (";
448-
html += "\"" + url.replace (/"/g, "\\\"") + "\", \"" + iframeID + "\"";
460+
html += "\"" + url.replace (/"/g, "\\\"") + "\", \"" + pipeID + "\"";
449461
html += ");\r\n";
450462
if (ClassLoader.isOpera)
451463
html += "}, " + (net.sf.j2s.ajax.SimplePipeRequest.pipeQueryInterval >> 2) + ");\r\n";
@@ -460,8 +472,11 @@ public void onLoaded() {
460472
try {
461473
var doc = handle.contentWindow.document;
462474
doc.open ();
463-
if (ClazzLoader.isIE) {
464-
doc.domain = domain;
475+
if (ClazzLoader.isIE && window["xss.domain.enabled"] == true
476+
&& domain != null && domain.length > 0) {
477+
try {
478+
doc.domain = domain;
479+
} catch (e) {}
465480
}
466481
doc.write (html);
467482
doc.close ();
@@ -473,20 +488,25 @@ public void onLoaded() {
473488
}
474489
};
475490
*/
476-
native static Object generateLazyIframeWriting(Object handle, String html);
491+
native static Object generateLazyIframeWriting(Object handle, String domain, String html);
477492

478493
/**
479494
* @param handle
480495
* @param html
481496
* @j2sNative
482497
var handle = arguments[0];
483498
var html = arguments[1];
484-
var domain = document.domain;
485-
if (ClazzLoader.isIE) {
499+
var domain = null;
500+
try {
501+
domain = document.domain;
502+
} catch (e) {}
503+
if (ClazzLoader.isIE && window["xss.domain.enabled"] == true
504+
&& domain != null && domain.length > 0) {
486505
document.domain = domain;
487506
}
488507
if (handle.contentWindow != null) {
489-
if (ClazzLoader.isIE) {
508+
if (ClazzLoader.isIE && window["xss.domain.enabled"] == true
509+
&& domain != null && domain.length > 0) {
490510
handle.contentWindow.location = "javascript:document.open();document.domain='" + domain + "';document.close();void(0);";
491511
} else {
492512
handle.contentWindow.location = "about:blank";
@@ -497,18 +517,20 @@ public void onLoaded() {
497517
try {
498518
var doc = handle.contentWindow.document;
499519
doc.open ();
500-
if (ClazzLoader.isIE) {
520+
if (ClazzLoader.isIE && window["xss.domain.enabled"] == true
521+
&& domain != null && domain.length > 0) {
501522
doc.domain = domain;
502523
}
503524
doc.write (html);
504525
doc.close ();
505526
} catch (e) {
506-
window.setTimeout (net.sf.j2s.ajax.SimplePipeRequest.generateLazyIframeWriting (handle, html), 25);
527+
window.setTimeout (net.sf.j2s.ajax.SimplePipeRequest.generateLazyIframeWriting (handle, domain, html), 25);
507528
}
508529
*/
509530
native static void iframeDocumentWrite(Object handle, String html);
510531

511532
static void pipeScript(SimplePipeRunnable runnable) { // xss
533+
// only for JavaScript
512534
String url = runnable.getPipeURL();
513535
String requestURL = url + (url.indexOf('?') != -1 ? "&" : "?")
514536
+ constructRequest(runnable.pipeKey, PIPE_TYPE_XSS, true);
@@ -517,12 +539,32 @@ static void pipeScript(SimplePipeRunnable runnable) { // xss
517539
* net.sf.j2s.ajax.SimplePipeRequest.pipeScriptMap[requestURL] = runnable;
518540
*/ {}
519541
if (isXSSMode(url)) {
520-
// in xss mode, iframe is used to avoid blocking other *.js loading
521-
loadPipeIFrameScript(runnable.pipeKey, requestURL);
522-
return;
542+
boolean ok4IFrameScript = true;
543+
/**
544+
* @j2sNative
545+
* var domain = null;
546+
* try {
547+
* domain = document.domain;
548+
* } catch (e) {
549+
* }
550+
* ok4IFrameScript = domain != null && domain.length > 0;
551+
*/ {}
552+
if (ok4IFrameScript) {
553+
// in xss mode, iframe is used to avoid blocking other *.js loading
554+
loadPipeIFrameScript(runnable.pipeKey, requestURL);
555+
return;
556+
}
523557
}
524-
loadPipeScript(requestURL); // never reach here? March 5, 2009
525-
// only for JavaScript
558+
/**
559+
* @j2sNative
560+
* var pipeID = null;
561+
* do {
562+
* pipeID = "pipe-script-" + runnable.pipeKey + "-" + Math.round (10000000 * Math.random ());
563+
* } while (document.getElementById (pipeID) != null);
564+
* net.sf.j2s.ajax.SimplePipeRequest.loadPipeScript(requestURL, pipeID);
565+
*/ {
566+
loadPipeScript(requestURL); // reach here for about:blank page. April 8, 2010
567+
}
526568
}
527569

528570
/**
@@ -645,6 +687,7 @@ public void onLoaded() {
645687
var url = runnable.getPipeURL();
646688
if (subdomain == null) {
647689
document.domain = document.domain;
690+
window["xss.domain.enabled"] = true;
648691
}
649692
ifr.src = url + (url.indexOf('?') != -1 ? "&" : "?")
650693
+ spr.constructRequest(pipeKey, spr.PIPE_TYPE_SCRIPT, true)
@@ -666,7 +709,7 @@ public void onLoaded() {
666709
if (last == -1) {
667710
last = created;
668711
}
669-
if (now - last > 4 * spr.pipeLiveNotifyInterval) {
712+
if (now - last > 3 * spr.pipeLiveNotifyInterval) {
670713
runnable.pipeAlive = false;
671714
runnable.pipeClosed();
672715
sph.removePipe(key);
@@ -912,13 +955,16 @@ static int restStringIndex(final String string, int start) {
912955
* @j2sNative
913956
* var subdomain = null;
914957
* if (isSubdomain) {
915-
* subdomain = window.location.host;
958+
* try {
959+
* subdomain = window.location.host;
960+
* } catch (e) {}
916961
* if (subdomain != null) {
917962
* var idx = subdomain.indexOf (":");
918963
* if (idx != -1) {
919964
* subdomain = subdomain.substring (0, idx);
920965
* }
921966
* document.domain = subdomain; // set owner iframe's domain
967+
* window["xss.domain.enabled"] = true;
922968
* }
923969
* }
924970
* return subdomain;

sources/net.sf.j2s.ajax/ajaxrpc/net/sf/j2s/ajax/SimpleRPCRequest.java

Lines changed: 9 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -195,7 +195,15 @@ protected static String adjustRequestURL(String method, String url, String seria
195195
} else {
196196
locPort = parseInt (locPort);
197197
}
198-
var locHost = loc.host;
198+
var locHost = null;
199+
try {
200+
locHost = loc.host;
201+
} catch (e) {
202+
if (arguments.length == 2) {
203+
return false; // about:blank page has no domain
204+
}
205+
return true; // about:blank page
206+
}
199207
var idx4 = locHost.indexOf (":");
200208
if (idx4 != -1) {
201209
locHost = locHost.substring (0, idx4);

sources/net.sf.j2s.ajax/store/net/sf/j2s/store/SimpleStore.java

Lines changed: 7 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -17,8 +17,13 @@ private SimpleStore() {
1717
* var ua = navigator.userAgent.toLowerCase ();
1818
* var isOldIE = ua.indexOf ("msie 5.5") != -1 || ua.indexOf ("msie 5.0") != -1;
1919
* var cookieURL = window["j2s.xss.cookie.url"];
20-
* var isLocal = window.location.protocol == "file:"
21-
* || window.location.host.toLowerCase ().indexOf ("localhost") != -1;
20+
* var isLocal = false;
21+
* try {
22+
* isLocal = window.location.protocol == "file:"
23+
* || window.location.host.toLowerCase ().indexOf ("localhost") != -1;
24+
* } catch (e) {
25+
* isLocal = true;
26+
* }
2227
* if (!isLocal && cookieURL != null && !isOldIE) {
2328
* this.store = new net.sf.j2s.store.XSSCookieStore(cookieURL);
2429
* } else {

sources/net.sf.j2s.ajax/store/net/sf/j2s/store/XSSCookieStore.java

Lines changed: 11 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -10,8 +10,13 @@
1010
* var ua = navigator.userAgent.toLowerCase ();
1111
* var isOldIE = ua.indexOf ("msie 5.5") != -1 || ua.indexOf ("msie 5.0") != -1;
1212
* var xssCookieURL = window["j2s.xss.cookie.url"];
13-
* var isLocal = window.location.protocol == "file:"
14-
* || window.location.host.toLowerCase ().indexOf ("localhost") != -1;
13+
* var isLocal = false;
14+
* try {
15+
* isLocal = window.location.protocol == "file:"
16+
* || window.location.host.toLowerCase ().indexOf ("localhost") != -1;
17+
* } catch (e) {
18+
* isLocal = true;
19+
* }
1520
* if (!isLocal && xssCookieURL != null && !isOldIE) {
1621
* net.sf.j2s.store.XSSCookieStore.initialize(xssCookieURL);
1722
* }
@@ -33,7 +38,10 @@ public XSSCookieStore(String url) {
3338
/**
3439
* @j2sNative
3540
var ua = navigator.userAgent.toLowerCase ();
36-
document.domain = document.domain;
41+
try {
42+
document.domain = document.domain;
43+
window["xss.domain.enabled"] = true;
44+
} catch (e) {}
3745
var xssIfr = document.getElementById ("xss-cookie");
3846
if (xssIfr != null) {
3947
return;

0 commit comments

Comments
 (0)