third_party/WebKit/Source/bindings/core/v8/BindingSecurity.h - Issue 1417023006: bindings: Refactors BindingSecurity::shouldAllowAccessToXXX.

Side by Side Diff: third_party/WebKit/Source/bindings/core/v8/BindingSecurity.h

Issue 1417023006: bindings: Refactors BindingSecurity::shouldAllowAccessToXXX. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Synced. Created 5 years, 1 month ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
1 /*	1 /*

2 * Copyright (C) 2009 Google Inc. All rights reserved.	2 * Copyright (C) 2009 Google Inc. All rights reserved.

3 *	3 *

4 * Redistribution and use in source and binary forms, with or without	4 * Redistribution and use in source and binary forms, with or without

5 * modification, are permitted provided that the following conditions are	5 * modification, are permitted provided that the following conditions are

6 * met:	6 * met:

7 *	7 *

8 * * Redistributions of source code must retain the above copyright	8 * * Redistributions of source code must retain the above copyright

9 * notice, this list of conditions and the following disclaimer.	9 * notice, this list of conditions and the following disclaimer.

10 * * Redistributions in binary form must reproduce the above	10 * * Redistributions in binary form must reproduce the above

(...skipping 13 matching lines...) Expand all Loading...
24 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	24 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,

25 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	25 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY

26 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT	26 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT

27 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	27 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE

28 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.	28 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

29 */	29 */

30	30

31 #ifndef BindingSecurity_h	31 #ifndef BindingSecurity_h

32 #define BindingSecurity_h	32 #define BindingSecurity_h

33	33

34 // FIXME: The LocalFrame include should not be necessary, clients should be incl uding it where they use it.

35 #include "core/CoreExport.h"	34 #include "core/CoreExport.h"

36 #include "core/frame/LocalFrame.h"

37 #include "wtf/Allocator.h"	35 #include "wtf/Allocator.h"

38 #include <v8.h>	36 #include <v8.h>

39	37

40 namespace blink {	38 namespace blink {

41	39

	40 class DOMWindow;

	41 class EventTarget;

	42 class ExceptionState;

	43 class Frame;

42 class LocalDOMWindow;	44 class LocalDOMWindow;

43 class ExceptionState;	45 class Location;

44 class Node;	46 class Node;

45	47

46 enum SecurityReportingOption {	48 enum SecurityReportingOption {

47 DoNotReportSecurityError,	49 DoNotReportSecurityError,

48 ReportSecurityError,	50 ReportSecurityError,

49 };	51 };

50	52

51 class BindingSecurity {	53 class BindingSecurity {
	haraken 2015/11/16 11:34:20 Add CORE_EXPORT to the class (and remove CORE_EXPO Add CORE_EXPORT to the class (and remove CORE_EXPORT from each method). Yuki 2015/11/20 12:27:52 Done. Show quoted text On 2015/11/16 11:34:20, haraken wrote: > > Add CORE_EXPORT to the class (and remove CORE_EXPORT from each method). Done.
52 STATIC_ONLY(BindingSecurity);	54 STATIC_ONLY(BindingSecurity);

53 public:	55 public:

	56 // Check the access to the receiver.
	haraken 2015/11/16 11:34:20 // Check if the receiver is allowed to access the // Check if the receiver is allowed to access the DOMWindow/EventTarget/Location. dcheng 2015/11/17 01:56:59 Can we clarify the comments to define what "receiv Can we clarify the comments to define what "receiver" means in this context? Yuki 2015/11/20 12:27:52 I rewrote the comment in a little bit different wa Show quoted text On 2015/11/16 11:34:20, haraken wrote: > > // Check if the receiver is allowed to access the > DOMWindow/EventTarget/Location. I rewrote the comment in a little bit different way. Yuki 2015/11/20 12:27:52 Done. Show quoted text On 2015/11/17 01:56:59, dcheng wrote: > Can we clarify the comments to define what "receiver" means in this context? Done.
	57 // DOMWindow

	58 CORE_EXPORT static bool shouldAllowAccessTo(v8::Isolate, const LocalDOMWind ow accessingWindow, const DOMWindow* target, ExceptionState&);
	jochen (gone - plz use gerrit) 2015/11/16 14:16:58 should we encode what the method does in the name should we encode what the method does in the name instead of in a comment? shouldAllowAccessFromWindowTo() and shouldAllowWindowToGetReturnValue() or something? Yuki 2015/11/20 12:27:52 I agree that we'd better to encode what the method Show quoted text On 2015/11/16 14:16:58, jochen wrote: > should we encode what the method does in the name instead of in a comment? > > shouldAllowAccessFromWindowTo() and shouldAllowWindowToGetReturnValue() or > something? I agree that we'd better to encode what the method does in the name, however, this simple overloading makes the generated code much simpler. {{cpp_type}} impl = V8T::toImpl(v8Object); if (!shouldAllowAccessTo(accessingWindow, impl)) { return; // NOT ALLOWED. } impl->doSomething(); where there is no need to change the name of shouldAllowAccessToXXX() depending on the type of \|impl\|. In this case, I'd prefer the simple overloading with the same name. With this CL, we can unify [CheckSecurity=Window] and [CheckSecurity=Frame] extended attributes. What do you guys think?
	59 CORE_EXPORT static bool shouldAllowAccessTo(v8::Isolate, const LocalDOMWind ow accessingWindow, const DOMWindow* target, SecurityReportingOption);

	60 // EventTarget (as the parent of DOMWindow)

	61 CORE_EXPORT static bool shouldAllowAccessTo(v8::Isolate, const LocalDOMWind ow accessingWindow, const EventTarget* target, ExceptionState&); // NOLINT(rea dability/parameter_name)
	haraken 2015/11/16 11:34:20 I'm just curious but how much is the EventTarget* I'm just curious but how much is the EventTarget* version used? Hopefully we can remove it... Yuki 2015/11/20 12:27:52 The generated V8EventTarget.cpp needs the EventTar Show quoted text On 2015/11/16 11:34:20, haraken wrote: > > I'm just curious but how much is the EventTarget* version used? Hopefully we can > remove it... The generated V8EventTarget.cpp needs the EventTarget* version. The DOM attributes and operations of EventTarget, such as {add,remove}EventListener, dispatchEvent, etc., need to check the origin because the instance can be an instance of DOMWindow. So we need this version.
	62 // Location

	63 CORE_EXPORT static bool shouldAllowAccessTo(v8::Isolate, const LocalDOMWind ow accessingWindow, const Location* target, ExceptionState&);

	64 CORE_EXPORT static bool shouldAllowAccessTo(v8::Isolate, const LocalDOMWind ow accessingWindow, const Location* target, SecurityReportingOption);

	65

54 // Check the access to the return value.	66 // Check the access to the return value.
	dcheng 2015/11/17 01:56:59 and "access to the return value". I'm not super fa and "access to the return value". I'm not super familiar with bindings, so I'm not actually sure what the difference between the receiver and return value methods is. Yuki 2015/11/20 12:27:52 Done. Show quoted text On 2015/11/17 01:56:59, dcheng wrote: > and "access to the return value". I'm not super familiar with bindings, so I'm > not actually sure what the difference between the receiver and return value > methods is. Done.
55 static bool shouldAllowAccessToNode(v8::Isolate, LocalDOMWindow accessingW indow, Node*, SecurityReportingOption);	67 // Node

56 static bool shouldAllowAccessToNode(v8::Isolate, LocalDOMWindow accessingW indow, Node*, ExceptionState&);	68 CORE_EXPORT static bool shouldAllowAccessTo(v8::Isolate, const LocalDOMWind ow accessingWindow, const Node* target, ExceptionState&);

	69 CORE_EXPORT static bool shouldAllowAccessTo(v8::Isolate, const LocalDOMWind ow accessingWindow, const Node* target, SecurityReportingOption);

57	70

58 // Check the access to the receiver.	71 // Check the access to the frame rather than to a DOM object.
	haraken 2015/11/16 11:34:20 DOM object => DOMWindow/EventTarget/Location DOM object => DOMWindow/EventTarget/Location Yuki 2015/11/20 12:27:52 Done. Show quoted text On 2015/11/16 11:34:20, haraken wrote: > > DOM object => DOMWindow/EventTarget/Location Done.
59 CORE_EXPORT static bool shouldAllowAccessToFrame(v8::Isolate, LocalDOMWindo w accessingWindow, Frame*, SecurityReportingOption = ReportSecurityError);	72 // You should check the access to the DOM object as long as it's possible.
	dcheng 2015/11/17 01:56:59 Nit: reword this as "Prefer to use the previous ov Nit: reword this as "Prefer to use the previous overloads instead of falling back to using Frame." Yuki* 2015/11/20 12:27:52 Done. Show quoted text On 2015/11/17 01:56:59, dcheng wrote: > Nit: reword this as "Prefer to use the previous overloads instead of falling > back to using Frame*." Done.
60 CORE_EXPORT static bool shouldAllowAccessToFrame(v8::Isolate, LocalDOMWindo w accessingWindow, Frame*, ExceptionState&);	73 CORE_EXPORT static bool shouldAllowAccessToFrame(v8::Isolate, const LocalDO MWindow accessingWindow, const Frame*, SecurityReportingOption);
	haraken 2015/11/16 11:34:20 const Frame* target const Frame* target dcheng 2015/11/17 01:56:59 This is a 'receiver' method, right? Should it be g This is a 'receiver' method, right? Should it be grouped with the other receiver methods? Yuki 2015/11/20 12:27:52 Done. Show quoted text On 2015/11/16 11:34:20, haraken wrote: > > const Frame* target Done. Yuki 2015/11/20 12:27:52 Done. Show quoted text On 2015/11/17 01:56:59, dcheng wrote: > This is a 'receiver' method, right? Should it be grouped with the other receiver > methods? Done.
61 };	74 };

62	75

63 }	76 } // namespace blink

64	77

65 #endif	78 #endif

OLD	NEW