Chromium Code Reviews Chromium Code Reviews
Issue 1323453005:
Modifies V8WrapperInstantiationScope::SecurityCheck to only call BindingSecurity::shouldAllowAccess… (Closed)
Base URL: https://chromium.googlesource.com/chromium/blink.git@master| OLD | NEW |
|---|---|
| 1 /* | 1 /* |
| 2 * Copyright (C) 2009 Google Inc. All rights reserved. | 2 * Copyright (C) 2009 Google Inc. All rights reserved. |
| 3 * | 3 * |
| 4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
| 5 * modification, are permitted provided that the following conditions are | 5 * modification, are permitted provided that the following conditions are |
| 6 * met: | 6 * met: |
| 7 * | 7 * |
| 8 * * Redistributions of source code must retain the above copyright | 8 * * Redistributions of source code must retain the above copyright |
| 9 * notice, this list of conditions and the following disclaimer. | 9 * notice, this list of conditions and the following disclaimer. |
| 10 * * Redistributions in binary form must reproduce the above | 10 * * Redistributions in binary form must reproduce the above |
| (...skipping 112 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 123 if (object->InternalFieldCount() < v8DefaultWrapperInternalFieldCount) | 123 if (object->InternalFieldCount() < v8DefaultWrapperInternalFieldCount) |
| 124 return false; | 124 return false; |
| 125 | 125 |
| 126 const ScriptWrappable* untrustedScriptWrappable = toScriptWrappable(object); | 126 const ScriptWrappable* untrustedScriptWrappable = toScriptWrappable(object); |
| 127 const WrapperTypeInfo* untrustedWrapperTypeInfo = toWrapperTypeInfo(object); | 127 const WrapperTypeInfo* untrustedWrapperTypeInfo = toWrapperTypeInfo(object); |
| 128 return untrustedScriptWrappable | 128 return untrustedScriptWrappable |
| 129 && untrustedWrapperTypeInfo | 129 && untrustedWrapperTypeInfo |
| 130 && untrustedWrapperTypeInfo->ginEmbedder == gin::kEmbedderBlink; | 130 && untrustedWrapperTypeInfo->ginEmbedder == gin::kEmbedderBlink; |
| 131 } | 131 } |
| 132 | 132 |
| 133 void V8WrapperInstantiationScope::SecurityCheck(v8::Isolate* isolate, v8::Local< v8::Context> contextForWrapper) | 133 void V8WrapperInstantiationScope::SecurityCheck(v8::Isolate* isolate, v8::Local< v8::Context> contextForWrapper) |
|
haraken
2015/09/09 15:41:43
SecurityCheck => securityCheck
epertoso
2015/09/09 15:52:11
Done.
| |
| 134 { | 134 { |
| 135 if (!m_context.IsEmpty()) { | 135 if (!m_context.IsEmpty()) { |
|
haraken
2015/09/09 15:41:43
You can early-return if m_context is empty.
epertoso
2015/09/09 15:52:11
Done.
| |
| 136 // If the context is different, we need to make sure that the current | 136 // If the context is different, we need to make sure that the current |
| 137 // context has access to the creation context. | 137 // context has access to the creation context. |
| 138 Frame* frame = toFrameIfNotDetached(contextForWrapper); | 138 Frame* frame = toFrameIfNotDetached(contextForWrapper); |
| 139 RELEASE_ASSERT(!frame || BindingSecurity::shouldAllowAccessToFrame(isola te, frame, DoNotReportSecurityError)); | 139 if (!frame) |
| 140 return; | |
| 141 const DOMWrapperWorld& currentWorld = DOMWrapperWorld::world(m_context); | |
| 142 RELEASE_ASSERT(currentWorld.worldId() == DOMWrapperWorld::world(contextF orWrapper).worldId()); | |
|
haraken
2015/09/09 15:41:42
Does this need to be RELEASE_ASSERT?
epertoso
2015/09/09 15:52:11
I think it's a valid assumption.
| |
| 143 if (currentWorld.isMainWorld()) { | |
| 144 RELEASE_ASSERT(BindingSecurity::shouldAllowAccessToFrame(isolate, fr ame, DoNotReportSecurityError)); | |
| 145 } | |
| 140 } | 146 } |
| 141 } | 147 } |
| 142 | 148 |
| 143 } // namespace blink | 149 } // namespace blink |
| OLD | NEW |
