| OLD | NEW |
|---|
| 1 // Copyright (c) 2008, Google Inc. | 1 // Copyright (c) 2008, Google Inc. |
| 2 // All rights reserved. | 2 // All rights reserved. |
| 3 // | 3 // |
| 4 // Redistribution and use in source and binary forms, with or without | 4 // Redistribution and use in source and binary forms, with or without |
| 5 // modification, are permitted provided that the following conditions are | 5 // modification, are permitted provided that the following conditions are |
| 6 // met: | 6 // met: |
| 7 // | 7 // |
| 8 // * Redistributions of source code must retain the above copyright | 8 // * Redistributions of source code must retain the above copyright |
| 9 // notice, this list of conditions and the following disclaimer. | 9 // notice, this list of conditions and the following disclaimer. |
| 10 // * Redistributions in binary form must reproduce the above | 10 // * Redistributions in binary form must reproduce the above |
| (...skipping 1960 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1971 if (!origin_window->document()) | 1971 if (!origin_window->document()) |
| 1972 return true; | 1972 return true; |
| 1973 | 1973 |
| 1974 const SecurityOrigin* active_security_origin = origin_window->securityOrigin
(); | 1974 const SecurityOrigin* active_security_origin = origin_window->securityOrigin
(); |
| 1975 const SecurityOrigin* target_security_origin = target_window->securityOrigin
(); | 1975 const SecurityOrigin* target_security_origin = target_window->securityOrigin
(); |
| 1976 | 1976 |
| 1977 String ui_resource_protocol = ChromiumBridge::uiResourceProtocol(); | 1977 String ui_resource_protocol = ChromiumBridge::uiResourceProtocol(); |
| 1978 if (active_security_origin->protocol() == ui_resource_protocol) { | 1978 if (active_security_origin->protocol() == ui_resource_protocol) { |
| 1979 KURL inspector_url = ChromiumBridge::inspectorURL(); | 1979 KURL inspector_url = ChromiumBridge::inspectorURL(); |
| 1980 ASSERT(inspector_url.protocol() == ui_resource_protocol); | 1980 ASSERT(inspector_url.protocol() == ui_resource_protocol); |
| 1981 ASSERT(inspector_url.protocol().endsWith("-resource")); | |
| 1982 | 1981 |
| 1983 // The Inspector can access anything. | 1982 // The Inspector can access anything. |
| 1984 if (active_security_origin->host() == inspector_url.host()) | 1983 if (active_security_origin->host() == inspector_url.host()) |
| 1985 return true; | 1984 return true; |
| 1986 | 1985 |
| 1987 // To mitigate XSS vulnerabilities on the browser itself, UI resources | 1986 // To mitigate XSS vulnerabilities on the browser itself, UI resources |
| 1988 // besides the Inspector can't access other documents. | 1987 // besides the Inspector can't access other documents. |
| 1989 return false; | 1988 return false; |
| 1990 } | 1989 } |
| 1991 | 1990 |
| (...skipping 1281 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 3273 v8::Handle<v8::Function> frame_source_name; | 3272 v8::Handle<v8::Function> frame_source_name; |
| 3274 frame_source_name = v8::Local<v8::Function>::Cast( | 3273 frame_source_name = v8::Local<v8::Function>::Cast( |
| 3275 utility_context->Global()->Get(v8::String::New("frame_source_name"))); | 3274 utility_context->Global()->Get(v8::String::New("frame_source_name"))); |
| 3276 if (frame_source_name.IsEmpty()) { | 3275 if (frame_source_name.IsEmpty()) { |
| 3277 return String(); | 3276 return String(); |
| 3278 } | 3277 } |
| 3279 return ToWebCoreString(v8::Debug::Call(frame_source_name)); | 3278 return ToWebCoreString(v8::Debug::Call(frame_source_name)); |
| 3280 } | 3279 } |
| 3281 | 3280 |
| 3282 } // namespace WebCore | 3281 } // namespace WebCore |
| OLD | NEW |
|---|
Chromium Code Reviews
