Source/bindings/core/v8/V8DOMWrapper.h - Issue 1262353002: Add access checks to V8WrapperInstationScope.

Side by Side Diff: Source/bindings/core/v8/V8DOMWrapper.h

Issue 1262353002: Add access checks to V8WrapperInstationScope. (Closed) Base URL: https://chromium.googlesource.com/chromium/blink.git@master

Patch Set: Created 5 years, 4 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
1 /*	1 /*

2 * Copyright (C) 2009 Google Inc. All rights reserved.	2 * Copyright (C) 2009 Google Inc. All rights reserved.

3 *	3 *

4 * Redistribution and use in source and binary forms, with or without	4 * Redistribution and use in source and binary forms, with or without

5 * modification, are permitted provided that the following conditions are	5 * modification, are permitted provided that the following conditions are

6 * met:	6 * met:

7 *	7 *

8 * * Redistributions of source code must retain the above copyright	8 * * Redistributions of source code must retain the above copyright

9 * notice, this list of conditions and the following disclaimer.	9 * notice, this list of conditions and the following disclaimer.

10 * * Redistributions in binary form must reproduce the above	10 * * Redistributions in binary form must reproduce the above

(...skipping 13 matching lines...) Expand all Loading...
24 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	24 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,

25 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	25 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY

26 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT	26 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT

27 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	27 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE

28 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.	28 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

29 */	29 */

30	30

31 #ifndef V8DOMWrapper_h	31 #ifndef V8DOMWrapper_h

32 #define V8DOMWrapper_h	32 #define V8DOMWrapper_h

33	33

	34 #include "bindings/core/v8/BindingSecurity.h"

34 #include "bindings/core/v8/DOMDataStore.h"	35 #include "bindings/core/v8/DOMDataStore.h"

35 #include "bindings/core/v8/ScriptWrappable.h"	36 #include "bindings/core/v8/ScriptWrappable.h"

	37 #include "bindings/core/v8/V8Binding.h"

36 #include "wtf/PassRefPtr.h"	38 #include "wtf/PassRefPtr.h"

37 #include "wtf/RawPtr.h"	39 #include "wtf/RawPtr.h"

38 #include "wtf/text/AtomicString.h"	40 #include "wtf/text/AtomicString.h"

39 #include <v8.h>	41 #include <v8.h>

40	42

41 namespace blink {	43 namespace blink {

42	44

43 class Node;	45 class Node;

44 struct WrapperTypeInfo;	46 struct WrapperTypeInfo;

45	47

(...skipping 53 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
99 wrapperTypeInfo->refObject(ScriptWrappable::fromNode(node));	101 wrapperTypeInfo->refObject(ScriptWrappable::fromNode(node));

100 setNativeInfo(wrapper, wrapperTypeInfo, ScriptWrappable::fromNode(node)) ;	102 setNativeInfo(wrapper, wrapperTypeInfo, ScriptWrappable::fromNode(node)) ;

101 ASSERT(hasInternalFieldsSet(wrapper));	103 ASSERT(hasInternalFieldsSet(wrapper));

102 }	104 }

103 RELEASE_ASSERT_WITH_SECURITY_IMPLICATION(toScriptWrappable(wrapper) == Scrip tWrappable::fromNode(node));	105 RELEASE_ASSERT_WITH_SECURITY_IMPLICATION(toScriptWrappable(wrapper) == Scrip tWrappable::fromNode(node));

104 return wrapper;	106 return wrapper;

105 }	107 }

106	108

107 class V8WrapperInstantiationScope {	109 class V8WrapperInstantiationScope {

108 public:	110 public:

109 V8WrapperInstantiationScope(v8::Local<v8::Object> creationContext, v8::Isola te* isolate)	111 V8WrapperInstantiationScope(v8::Local<v8::Object> creationContext, v8::Isola te* isolate, bool withSecurityCheck = true)
	Yuki 2015/07/30 11:00:54 The style guide recommends an enum value. https:// The style guide recommends an enum value. https://www.chromium.org/blink/coding-style#TOC-Names See 10th rule.
110 : m_didEnterContext(false)	112 : m_didEnterContext(false)

111 , m_context(isolate->GetCurrentContext())	113 , m_context(isolate->GetCurrentContext())

112 {	114 {

113 // creationContext should not be empty. Because if we have an	115 // creationContext should not be empty. Because if we have an

114 // empty creationContext, we will end up creating	116 // empty creationContext, we will end up creating

115 // a new object in the context currently entered. This is wrong.	117 // a new object in the context currently entered. This is wrong.

116 RELEASE_ASSERT(!creationContext.IsEmpty());	118 RELEASE_ASSERT(!creationContext.IsEmpty());

117 v8::Local<v8::Context> contextForWrapper = creationContext->CreationCont ext();	119 v8::Local<v8::Context> contextForWrapper = creationContext->CreationCont ext();

118 // For performance, we enter the context only if the currently running c ontext	120 // For performance, we enter the context only if the currently running c ontext

119 // is different from the context that we are about to enter.	121 // is different from the context that we are about to enter.

120 if (contextForWrapper == m_context)	122 if (contextForWrapper == m_context)

121 return;	123 return;

	124 if (withSecurityCheck) {
	haraken 2015/07/30 10:43:36 Would you help me understand why we want to enable Would you help me understand why we want to enable the check only for Location? Given that this is a slow path, I guess it would be better to enable the security check for all objects.
	125 // If the context is different, we need to make sure that the curren t

	126 // context has access to the creation context.

	127 if (!m_context.IsEmpty()) {
	haraken 2015/07/30 10:43:36 m_context shouldn't be empty here. m_context shouldn't be empty here.
	128 Frame* frame = toFrameIfNotDetached(contextForWrapper);

	129 RELEASE_ASSERT(!frame \|\| BindingSecurity::shouldAllowAccessToFra me(isolate, frame, DoNotReportSecurityError));
	haraken 2015/07/30 10:43:36 Just to confirm: This will allow a wrapper creatio Just to confirm: This will allow a wrapper creation on a cross-origin frame that is already detached, but is it an expected behavior? c.f., shouldAllowAccessToFrame() returns false for a null frame.
	130 }

	131 }

122 m_context = v8::Local<v8::Context>::New(isolate, contextForWrapper);	132 m_context = v8::Local<v8::Context>::New(isolate, contextForWrapper);

123 m_didEnterContext = true;	133 m_didEnterContext = true;

124 m_context->Enter();	134 m_context->Enter();

125 }	135 }

126	136

127 ~V8WrapperInstantiationScope()	137 ~V8WrapperInstantiationScope()

128 {	138 {

129 if (!m_didEnterContext)	139 if (!m_didEnterContext)

130 return;	140 return;

131 m_context->Exit();	141 m_context->Exit();

132 }	142 }

133	143

134 v8::Local<v8::Context> context() const { return m_context; }	144 v8::Local<v8::Context> context() const { return m_context; }

135	145

136 private:	146 private:

137 bool m_didEnterContext;	147 bool m_didEnterContext;

138 v8::Local<v8::Context> m_context;	148 v8::Local<v8::Context> m_context;

139 };	149 };

140	150

141 } // namespace blink	151 } // namespace blink

142	152

143 #endif // V8DOMWrapper_h	153 #endif // V8DOMWrapper_h

OLD	NEW

« no previous file with comments | « no previous file | Source/bindings/core/v8/V8DOMWrapper.cpp » ('j') | Source/bindings/core/v8/V8DOMWrapper.cpp » ('J')