| Index: Source/WebCore/bindings/generic/BindingSecurityBase.cpp
|
| ===================================================================
|
| --- Source/WebCore/bindings/generic/BindingSecurityBase.cpp (revision 92508)
|
| +++ Source/WebCore/bindings/generic/BindingSecurityBase.cpp (working copy)
|
| @@ -48,47 +48,17 @@
|
| return node->document()->frame();
|
| }
|
|
|
| -// Same origin policy implementation:
|
| -//
|
| -// Same origin policy prevents JS code from domain A from accessing JS & DOM
|
| -// objects in a different domain B. There are exceptions and several objects
|
| -// are accessible by cross-domain code. For example, the window.frames object
|
| -// is accessible by code from a different domain, but window.document is not.
|
| -//
|
| -// The JS binding code sets security check callbacks on a function template,
|
| -// and accessing instances of the template calls the callback function.
|
| -// The callback function enforces the same origin policy.
|
| -//
|
| -// Callback functions are expensive. Binding code should use a security token
|
| -// string to do fast access checks for the common case where source and target
|
| -// are in the same domain. A security token is a string object that represents
|
| -// the protocol/url/port of a domain.
|
| -//
|
| -// There are special cases where security token matching is not enough.
|
| -// For example, JS can set its domain to a super domain by calling
|
| -// document.setDomain(...). In these cases, the binding code can reset
|
| -// a context's security token to its global object so that the fast access
|
| -// check will always fail.
|
| -
|
| -// Helper to check if the current execution context can access a target frame.
|
| -// First it checks same domain policy using the lexical context.
|
| -//
|
| -// This is equivalent to KJS::Window::allowsAccessFrom(ExecState*).
|
| -bool BindingSecurityBase::canAccess(DOMWindow* activeWindow,
|
| - DOMWindow* targetWindow)
|
| +bool BindingSecurityBase::canAccess(DOMWindow* activeWindow, DOMWindow* targetWindow)
|
| {
|
| ASSERT(targetWindow);
|
| -
|
| - String message;
|
| -
|
| if (activeWindow == targetWindow)
|
| return true;
|
|
|
| if (!activeWindow)
|
| return false;
|
|
|
| - const SecurityOrigin* activeSecurityOrigin = activeWindow->securityOrigin();
|
| - const SecurityOrigin* targetSecurityOrigin = targetWindow->securityOrigin();
|
| + SecurityOrigin* activeSecurityOrigin = activeWindow->securityOrigin();
|
| + SecurityOrigin* targetSecurityOrigin = targetWindow->securityOrigin();
|
|
|
| // We have seen crashes were the security origin of the target has not been
|
| // initialized. Defend against that.
|
| @@ -98,12 +68,7 @@
|
| if (activeSecurityOrigin->canAccess(targetSecurityOrigin))
|
| return true;
|
|
|
| - // Allow access to a "about:blank" page if the dynamic context is a
|
| - // detached context of the same frame as the blank page.
|
| - if (targetSecurityOrigin->isEmpty() && activeWindow->frame() == targetWindow->frame())
|
| - return true;
|
| -
|
| return false;
|
| }
|
|
|
| -} // namespace WebCore
|
| +}
|
|
|
Chromium Code Reviews
Issue 7569017:
Merge 91957 (Closed)
Base URL: http://svn.webkit.org/repository/webkit/branches/chromium/782/