OLD | NEW |
1 /* | 1 /* |
2 * Copyright (C) 2006, 2007, 2008, 2010 Apple Inc. All rights reserved. | 2 * Copyright (C) 2006, 2007, 2008, 2010 Apple Inc. All rights reserved. |
3 * Copyright (C) 2010 Nokia Corporation and/or its subsidiary(-ies) | 3 * Copyright (C) 2010 Nokia Corporation and/or its subsidiary(-ies) |
4 * | 4 * |
5 * Redistribution and use in source and binary forms, with or without | 5 * Redistribution and use in source and binary forms, with or without |
6 * modification, are permitted provided that the following conditions | 6 * modification, are permitted provided that the following conditions |
7 * are met: | 7 * are met: |
8 * 1. Redistributions of source code must retain the above copyright | 8 * 1. Redistributions of source code must retain the above copyright |
9 * notice, this list of conditions and the following disclaimer. | 9 * notice, this list of conditions and the following disclaimer. |
10 * 2. Redistributions in binary form must reproduce the above copyright | 10 * 2. Redistributions in binary form must reproduce the above copyright |
(...skipping 1695 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1706 // Perhaps we should involve the security origin object in composing it. | 1706 // Perhaps we should involve the security origin object in composing it. |
1707 // FIXME: This message, and other console messages, have extra newlines. Sho
uld remove them. | 1707 // FIXME: This message, and other console messages, have extra newlines. Sho
uld remove them. |
1708 return "Unsafe JavaScript attempt to access frame with URL " + m_url.string(
) + " from frame with URL " + activeWindowURL.string() + ". Domains, protocols a
nd ports must match.\n"; | 1708 return "Unsafe JavaScript attempt to access frame with URL " + m_url.string(
) + " from frame with URL " + activeWindowURL.string() + ". Domains, protocols a
nd ports must match.\n"; |
1709 } | 1709 } |
1710 | 1710 |
1711 bool DOMWindow::isInsecureScriptAccess(DOMWindow* activeWindow, const String& ur
lString) | 1711 bool DOMWindow::isInsecureScriptAccess(DOMWindow* activeWindow, const String& ur
lString) |
1712 { | 1712 { |
1713 if (!protocolIsJavaScript(urlString)) | 1713 if (!protocolIsJavaScript(urlString)) |
1714 return false; | 1714 return false; |
1715 | 1715 |
1716 // FIXME: Is there some way to eliminate the need for a separate "activeWind
ow == this" check? | 1716 // If m_frame->domWindow() != this, then |this| isn't the DOMWindow that's |
1717 if (activeWindow == this) | 1717 // currently active in the frame and there's no way we should allow the |
1718 return false; | 1718 // access. |
| 1719 // FIXME: Remove this check if we're able to disconnect DOMWindow from |
| 1720 // Frame on navigation: https://bugs.webkit.org/show_bug.cgi?id=62054 |
| 1721 if (m_frame->domWindow() == this) { |
| 1722 // FIXME: Is there some way to eliminate the need for a separate "active
Window == this" check? |
| 1723 if (activeWindow == this) |
| 1724 return false; |
1719 | 1725 |
1720 // FIXME: The name canAccess seems to be a roundabout way to ask "can execut
e script". | 1726 // FIXME: The name canAccess seems to be a roundabout way to ask "can ex
ecute script". |
1721 // Can we name the SecurityOrigin function better to make this more clear? | 1727 // Can we name the SecurityOrigin function better to make this more clea
r? |
1722 if (activeWindow->securityOrigin()->canAccess(securityOrigin())) | 1728 if (activeWindow->securityOrigin()->canAccess(securityOrigin())) |
1723 return false; | 1729 return false; |
| 1730 } |
1724 | 1731 |
1725 printErrorMessage(crossDomainAccessErrorMessage(activeWindow)); | 1732 printErrorMessage(crossDomainAccessErrorMessage(activeWindow)); |
1726 return true; | 1733 return true; |
1727 } | 1734 } |
1728 | 1735 |
1729 Frame* DOMWindow::createWindow(const String& urlString, const AtomicString& fram
eName, const WindowFeatures& windowFeatures, | 1736 Frame* DOMWindow::createWindow(const String& urlString, const AtomicString& fram
eName, const WindowFeatures& windowFeatures, |
1730 DOMWindow* activeWindow, Frame* firstFrame, Frame* openerFrame, PrepareDialo
gFunction function, void* functionContext) | 1737 DOMWindow* activeWindow, Frame* firstFrame, Frame* openerFrame, PrepareDialo
gFunction function, void* functionContext) |
1731 { | 1738 { |
1732 Frame* activeFrame = activeWindow->frame(); | 1739 Frame* activeFrame = activeWindow->frame(); |
1733 | 1740 |
(...skipping 133 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1867 #if ENABLE(QUOTA) | 1874 #if ENABLE(QUOTA) |
1868 StorageInfo* DOMWindow::webkitStorageInfo() const | 1875 StorageInfo* DOMWindow::webkitStorageInfo() const |
1869 { | 1876 { |
1870 if (!m_storageInfo) | 1877 if (!m_storageInfo) |
1871 m_storageInfo = StorageInfo::create(); | 1878 m_storageInfo = StorageInfo::create(); |
1872 return m_storageInfo.get(); | 1879 return m_storageInfo.get(); |
1873 } | 1880 } |
1874 #endif | 1881 #endif |
1875 | 1882 |
1876 } // namespace WebCore | 1883 } // namespace WebCore |
OLD | NEW |