Source/bindings/core/v8/BindingSecurity.cpp - Issue 1085973003: Make error messages for cross-domain access OOPIF-friendly.

Side by Side Diff: Source/bindings/core/v8/BindingSecurity.cpp

Issue 1085973003: Make error messages for cross-domain access OOPIF-friendly. (Closed) Base URL: https://chromium.googlesource.com/chromium/blink.git@master

Patch Set: Created 5 years, 8 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
1 /*	1 /*

2 * Copyright (C) 2009 Google Inc. All rights reserved.	2 * Copyright (C) 2009 Google Inc. All rights reserved.

3 *	3 *

4 * Redistribution and use in source and binary forms, with or without	4 * Redistribution and use in source and binary forms, with or without

5 * modification, are permitted provided that the following conditions are	5 * modification, are permitted provided that the following conditions are

6 * met:	6 * met:

7 *	7 *

8 * * Redistributions of source code must retain the above copyright	8 * * Redistributions of source code must retain the above copyright

9 * notice, this list of conditions and the following disclaimer.	9 * notice, this list of conditions and the following disclaimer.

10 * * Redistributions in binary form must reproduce the above	10 * * Redistributions in binary form must reproduce the above

(...skipping 67 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
78 frame->localDOMWindow()->printErrorMessage(targetDocument->domWindow ()->crossDomainAccessErrorMessage(callingWindow));	78 frame->localDOMWindow()->printErrorMessage(targetDocument->domWindow ()->crossDomainAccessErrorMessage(callingWindow));

79 }	79 }

80	80

81 return false;	81 return false;

82 }	82 }

83	83

84 bool BindingSecurity::shouldAllowAccessToFrame(v8::Isolate* isolate, Frame* targ et, SecurityReportingOption reportingOption)	84 bool BindingSecurity::shouldAllowAccessToFrame(v8::Isolate* isolate, Frame* targ et, SecurityReportingOption reportingOption)

85 {	85 {

86 if (!target \|\| !target->isLocalFrame())	86 if (!target \|\| !target->isLocalFrame())

87 return false;	87 return false;

	88

88 return canAccessDocument(isolate, toLocalFrame(target)->document(), reportin gOption);	89 return canAccessDocument(isolate, toLocalFrame(target)->document(), reportin gOption);

89 }	90 }

90	91

91 bool BindingSecurity::shouldAllowAccessToFrame(v8::Isolate* isolate, Frame* targ et, ExceptionState& exceptionState)	92 bool BindingSecurity::shouldAllowAccessToFrame(v8::Isolate* isolate, Frame* targ et, ExceptionState& exceptionState)

92 {	93 {

93 if (!target \|\| !target->isLocalFrame())	94 if (!target)

94 return false;	95 return false;

	96

	97 if (target->isRemoteFrame() && target->domWindow()) {

	98 LocalDOMWindow* callingWindow = callingDOMWindow(isolate);

	99 exceptionState.throwSecurityError(target->domWindow()->sanitizedCrossDom ainAccessErrorMessage(callingWindow), target->domWindow()->crossDomainAccessErro rMessage(callingWindow));

	100 return false;

	101 }

	102

95 return canAccessDocument(isolate, toLocalFrame(target)->document(), exceptio nState);	103 return canAccessDocument(isolate, toLocalFrame(target)->document(), exceptio nState);
	alexmos 2015/04/15 17:15:17 It seems like I can also go further and turn canAc It seems like I can also go further and turn canAccessDocument into canAccessFrame, which would let me do throwSecurityError() in just one location. Do you think that's a good idea? Another question: should RemoteFrames support printErrorMessage()? For some reason, canAccessDocument and other calls like canNavigate() print access denied errors on the target frame, not the calling frame. Alternatively, we could reverse these to print the error on the calling frame (which should always be local): there's a FIXME in LocalFrame::printNavigationErrorMessage to that effect. dcheng 2015/04/15 21:03:49 Yes, let's try to simplify this. Show quoted text On 2015/04/15 at 17:15:17, alexmos wrote: > It seems like I can also go further and turn canAccessDocument into canAccessFrame, which would let me do throwSecurityError() in just one location. Do you think that's a good idea? > Yes, let's try to simplify this. Show quoted text > Another question: should RemoteFrames support printErrorMessage()? For some reason, canAccessDocument and other calls like canNavigate() print access denied errors on the target frame, not the calling frame. Alternatively, we could reverse these to print the error on the calling frame (which should always be local): there's a FIXME in LocalFrame::printNavigationErrorMessage to that effect. I think it's more useful to log on the calling frame. Maybe haraken@ knows of a historical reason why we log it on the target window instead?
96 }	104 }

97	105

98 bool BindingSecurity::shouldAllowAccessToNode(v8::Isolate* isolate, Node* target , ExceptionState& exceptionState)	106 bool BindingSecurity::shouldAllowAccessToNode(v8::Isolate* isolate, Node* target , ExceptionState& exceptionState)

99 {	107 {

100 return target && canAccessDocument(isolate, &target->document(), exceptionSt ate);	108 return target && canAccessDocument(isolate, &target->document(), exceptionSt ate);

101 }	109 }

102	110

103 }	111 }

OLD	NEW

« no previous file with comments | « no previous file | Source/core/frame/DOMWindow.h » ('j') | Source/core/frame/DOMWindow.h » ('J')