Source/bindings/core/v8/V8DOMWrapper.h - Issue 1349593002: Merge 202211 "Rethrow cross-site exceptions as security errors"

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: Source/bindings/core/v8/V8DOMWrapper.h

Issue 1349593002: Merge 202211 "Rethrow cross-site exceptions as security errors" (Closed) Base URL: svn://svn.chromium.org/blink/branches/chromium/2490/

Patch Set: Created 5 years, 3 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

« no previous file with comments | « LayoutTests/http/tests/security/xss-DENIED-cross-origin-stack-overflow-expected.txt ('k') | Source/bindings/core/v8/V8DOMWrapper.cpp » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

Index: Source/bindings/core/v8/V8DOMWrapper.h

===================================================================

--- Source/bindings/core/v8/V8DOMWrapper.h (revision 202325)

+++ Source/bindings/core/v8/V8DOMWrapper.h (working copy)

@@ -113,6 +113,8 @@

V8WrapperInstantiationScope(v8::Local<v8::Object> creationContext, v8::Isolate* isolate, bool withSecurityCheck = true)

: m_didEnterContext(false)

, m_context(isolate->GetCurrentContext())

+ , m_tryCatch(isolate)

+ , m_convertExceptions(false)

{

// creationContext should not be empty. Because if we have an

// empty creationContext, we will end up creating

@@ -119,12 +121,16 @@

// a new object in the context currently entered. This is wrong.

RELEASE_ASSERT(!creationContext.IsEmpty());

v8::Local<v8::Context> contextForWrapper = creationContext->CreationContext();

// For performance, we enter the context only if the currently running context

// is different from the context that we are about to enter.

if (contextForWrapper == m_context)

return;

- if (withSecurityCheck)

+ if (withSecurityCheck) {

securityCheck(isolate, contextForWrapper);

+ } else {

+ m_convertExceptions = true;

+ }

m_context = v8::Local<v8::Context>::New(isolate, contextForWrapper);

m_didEnterContext = true;

m_context->Enter();

@@ -132,9 +138,19 @@

~V8WrapperInstantiationScope()

{

- if (!m_didEnterContext)

+ if (!m_didEnterContext) {

+ m_tryCatch.ReThrow();

return;

+ }

m_context->Exit();

+ // Rethrow any cross-context exceptions as security error.

+ if (m_tryCatch.HasCaught()) {

+ if (m_convertExceptions) {

+ m_tryCatch.Reset();

+ convertException();

+ }

+ m_tryCatch.ReThrow();

+ }

}

v8::Local<v8::Context> context() const { return m_context; }

@@ -141,9 +157,12 @@

private:

void securityCheck(v8::Isolate*, v8::Local<v8::Context> contextForWrapper);

+ void convertException();

bool m_didEnterContext;

v8::Local<v8::Context> m_context;

+ v8::TryCatch m_tryCatch;

+ bool m_convertExceptions;

};

} // namespace blink