third_party/WebKit/Source/bindings/core/v8/BindingSecurity.cpp - Issue 1417023006: bindings: Refactors BindingSecurity::shouldAllowAccessToXXX.

Side by Side Diff: third_party/WebKit/Source/bindings/core/v8/BindingSecurity.cpp

Issue 1417023006: bindings: Refactors BindingSecurity::shouldAllowAccessToXXX. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Synced. Created 5 years ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

« third_party/WebKit/Source/bindings/core/v8/BindingSecurity.h ('K') | « third_party/WebKit/Source/bindings/core/v8/BindingSecurity.h ('k') | third_party/WebKit/Source/bindings/core/v8/ScriptController.cpp » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

OLD	NEW
1 /*	1 /*

2 * Copyright (C) 2009 Google Inc. All rights reserved.	2 * Copyright (C) 2009 Google Inc. All rights reserved.

3 *	3 *

4 * Redistribution and use in source and binary forms, with or without	4 * Redistribution and use in source and binary forms, with or without

5 * modification, are permitted provided that the following conditions are	5 * modification, are permitted provided that the following conditions are

6 * met:	6 * met:

7 *	7 *

8 * * Redistributions of source code must retain the above copyright	8 * * Redistributions of source code must retain the above copyright

9 * notice, this list of conditions and the following disclaimer.	9 * notice, this list of conditions and the following disclaimer.

10 * * Redistributions in binary form must reproduce the above	10 * * Redistributions in binary form must reproduce the above

(...skipping 23 matching lines...) Expand all Loading...
34 #include "bindings/core/v8/V8Binding.h"	34 #include "bindings/core/v8/V8Binding.h"

35 #include "core/dom/Document.h"	35 #include "core/dom/Document.h"

36 #include "core/frame/LocalDOMWindow.h"	36 #include "core/frame/LocalDOMWindow.h"

37 #include "core/frame/LocalFrame.h"	37 #include "core/frame/LocalFrame.h"

38 #include "core/frame/Settings.h"	38 #include "core/frame/Settings.h"

39 #include "core/html/HTMLFrameElementBase.h"	39 #include "core/html/HTMLFrameElementBase.h"

40 #include "platform/weborigin/SecurityOrigin.h"	40 #include "platform/weborigin/SecurityOrigin.h"

41	41

42 namespace blink {	42 namespace blink {

43	43

44 static bool isOriginAccessibleFromDOMWindow(SecurityOrigin* targetOrigin, LocalD OMWindow* accessingWindow)	44 static bool isOriginAccessibleFromDOMWindow(const SecurityOrigin* targetOrigin, const LocalDOMWindow* accessingWindow)

45 {	45 {

46 return accessingWindow && accessingWindow->document()->securityOrigin()->can AccessCheckSuborigins(targetOrigin);	46 return accessingWindow && accessingWindow->document()->securityOrigin()->can AccessCheckSuborigins(targetOrigin);

47 }	47 }

48	48

49 static bool canAccessFrame(v8::Isolate* isolate, LocalDOMWindow* accessingWindow , SecurityOrigin* targetFrameOrigin, DOMWindow* targetWindow, ExceptionState& ex ceptionState)	49 static bool canAccessFrame(v8::Isolate* isolate, const LocalDOMWindow* accessing Window, const SecurityOrigin* targetFrameOrigin, const DOMWindow* targetWindow, ExceptionState& exceptionState)

50 {	50 {

	51 ASSERT_WITH_SECURITY_IMPLICATION(targetWindow == targetWindow->frame()->domW indow());

	52

51 if (isOriginAccessibleFromDOMWindow(targetFrameOrigin, accessingWindow))	53 if (isOriginAccessibleFromDOMWindow(targetFrameOrigin, accessingWindow))

52 return true;	54 return true;

53	55

54 if (targetWindow)	56 if (targetWindow)

55 exceptionState.throwSecurityError(targetWindow->sanitizedCrossDomainAcce ssErrorMessage(accessingWindow), targetWindow->crossDomainAccessErrorMessage(acc essingWindow));	57 exceptionState.throwSecurityError(targetWindow->sanitizedCrossDomainAcce ssErrorMessage(accessingWindow), targetWindow->crossDomainAccessErrorMessage(acc essingWindow));

56 return false;	58 return false;

57 }	59 }

58	60

59 static bool canAccessFrame(v8::Isolate* isolate, LocalDOMWindow* accessingWindow , SecurityOrigin* targetFrameOrigin, DOMWindow* targetWindow, SecurityReportingO ption reportingOption = ReportSecurityError)	61 static bool canAccessFrame(v8::Isolate* isolate, const LocalDOMWindow* accessing Window, SecurityOrigin* targetFrameOrigin, const DOMWindow* targetWindow, Securi tyReportingOption reportingOption = ReportSecurityError)

60 {	62 {

	63 ASSERT_WITH_SECURITY_IMPLICATION(targetWindow == targetWindow->frame()->domW indow());

	64

61 if (isOriginAccessibleFromDOMWindow(targetFrameOrigin, accessingWindow))	65 if (isOriginAccessibleFromDOMWindow(targetFrameOrigin, accessingWindow))

62 return true;	66 return true;

63	67

64 if (reportingOption == ReportSecurityError && targetWindow)	68 if (reportingOption == ReportSecurityError && targetWindow)

65 accessingWindow->printErrorMessage(targetWindow->crossDomainAccessErrorM essage(accessingWindow));	69 accessingWindow->printErrorMessage(targetWindow->crossDomainAccessErrorM essage(accessingWindow));

66 return false;	70 return false;

67 }	71 }

68	72

69 bool BindingSecurity::shouldAllowAccessToFrame(v8::Isolate* isolate, LocalDOMWin dow* accessingWindow, Frame* target, SecurityReportingOption reportingOption)	73 bool BindingSecurity::shouldAllowAccessTo(v8::Isolate* isolate, const LocalDOMWi ndow* accessingWindow, const DOMWindow* target, ExceptionState& exceptionState)

	74 {

	75 ASSERT(target);

	76 const Frame* frame = target->frame();

	77 if (!frame \|\| !frame->securityContext())

	78 return false;

	79 return canAccessFrame(isolate, accessingWindow, frame->securityContext()->se curityOrigin(), target, exceptionState);

	80 }

	81

	82 bool BindingSecurity::shouldAllowAccessTo(v8::Isolate* isolate, const LocalDOMWi ndow* accessingWindow, const DOMWindow* target, SecurityReportingOption reportin gOption)

	83 {

	84 ASSERT(target);

	85 const Frame* frame = target->frame();

	86 if (!frame \|\| !frame->securityContext())

	87 return false;

	88 return canAccessFrame(isolate, accessingWindow, frame->securityContext()->se curityOrigin(), target, reportingOption);

	89 }

	90

	91 bool BindingSecurity::shouldAllowAccessTo(v8::Isolate* isolate, const LocalDOMWi ndow* accessingWindow, const EventTarget* target, ExceptionState& exceptionState )

	92 {

	93 ASSERT(target);

	94 const DOMWindow* window = target->toDOMWindow();

	95 if (!window) {

	96 // We only need to check the access to Window objects which are

	97 // cross-origin accessible. If it's not a Window, the object's

	98 // origin must always be the same origin (or it already leaked).

	99 return true;

	100 }

	101 const Frame* frame = window->frame();

	102 if (!frame \|\| !frame->securityContext())

	103 return false;

	104 return canAccessFrame(isolate, accessingWindow, frame->securityContext()->se curityOrigin(), window, exceptionState);

	105 }

	106

	107 bool BindingSecurity::shouldAllowAccessTo(v8::Isolate* isolate, const LocalDOMWi ndow* accessingWindow, const Location* target, ExceptionState& exceptionState)

	108 {

	109 ASSERT(target);

	110 const Frame* frame = target->frame();

	111 if (!frame \|\| !frame->securityContext())

	112 return false;

	113 return canAccessFrame(isolate, accessingWindow, frame->securityContext()->se curityOrigin(), frame->domWindow(), exceptionState);

	114 }

	115

	116 bool BindingSecurity::shouldAllowAccessTo(v8::Isolate* isolate, const LocalDOMWi ndow* accessingWindow, const Location* target, SecurityReportingOption reporting Option)

	117 {

	118 ASSERT(target);

	119 const Frame* frame = target->frame();

	120 if (!frame \|\| !frame->securityContext())

	121 return false;

	122 return canAccessFrame(isolate, accessingWindow, frame->securityContext()->se curityOrigin(), frame->domWindow(), reportingOption);

	123 }

	124

	125 bool BindingSecurity::shouldAllowAccessTo(v8::Isolate* isolate, const LocalDOMWi ndow* accessingWindow, const Node* target, ExceptionState& exceptionState)

	126 {

	127 if (!target)

	128 return false;

	129 return canAccessFrame(isolate, accessingWindow, target->document().securityO rigin(), target->document().domWindow(), exceptionState);
	haraken 2015/11/22 14:55:00 Is it guaranteed that target->document().frame() i Is it guaranteed that target->document().frame() is non-null? I guess this code should be: if (!target) return false; return shouldAllowAccessTo(isolate, accessingWindow, target->document().frame(), exceptionState); Yuki 2015/11/24 08:44:12 Note that this is not a Window. I think there is Show quoted text On 2015/11/22 14:55:00, haraken wrote: > > Is it guaranteed that target->document().frame() is non-null? > > I guess this code should be: > > if (!target) > return false; > return shouldAllowAccessTo(isolate, accessingWindow, > target->document().frame(), exceptionState); Note that this is not a Window. I think there is no need to require that the node's document is attached to a frame. For Window, WindowProxy must always point to a Window attached to a frame (the spec requires "the Window object of the browsing context's active document" where "the browsing context" is close to Frame in our implementation). However, I don't see such a requirement for non-Window interface objects. By the way, the old implementation is the same as this CL. I'm not changing the implementation here. haraken 2015/11/24 08:50:20 I don't fully understand the security implication Show quoted text On 2015/11/24 08:44:12, Yuki wrote: > On 2015/11/22 14:55:00, haraken wrote: > > > > Is it guaranteed that target->document().frame() is non-null? > > > > I guess this code should be: > > > > if (!target) > > return false; > > return shouldAllowAccessTo(isolate, accessingWindow, > > target->document().frame(), exceptionState); > > Note that this is not a Window. I think there is no need to require that the > node's document is attached to a frame. > > For Window, WindowProxy must always point to a Window attached to a frame (the > spec requires "the Window object of the browsing context's active document" > where "the browsing context" is close to Frame in our implementation). > > However, I don't see such a requirement for non-Window interface objects. > > By the way, the old implementation is the same as this CL. I'm not changing the > implementation here. I don't fully understand the security implication on it (i.e., we don't need to check if the node is attached to a frame or not), but it makes sense to keep the existing behavior in this CL.
	130 }

	131

	132 bool BindingSecurity::shouldAllowAccessTo(v8::Isolate* isolate, const LocalDOMWi ndow* accessingWindow, const Node* target, SecurityReportingOption reportingOpti on)

	133 {

	134 if (!target)

	135 return false;

	136 return canAccessFrame(isolate, accessingWindow, target->document().securityO rigin(), target->document().domWindow(), reportingOption);
	haraken 2015/11/22 14:55:00 Ditto. Ditto. Yuki 2015/11/24 08:44:12 Ditto. Show quoted text On 2015/11/22 14:55:00, haraken wrote: > > Ditto. Ditto.
	137 }

	138

	139 bool BindingSecurity::shouldAllowAccessToFrame(v8::Isolate* isolate, const Local DOMWindow* accessingWindow, const Frame* target, SecurityReportingOption reporti ngOption)

70 {	140 {

71 if (!target \|\| !target->securityContext())	141 if (!target \|\| !target->securityContext())

72 return false;	142 return false;

73 return canAccessFrame(isolate, accessingWindow, target->securityContext()->s ecurityOrigin(), target->domWindow(), reportingOption);	143 return canAccessFrame(isolate, accessingWindow, target->securityContext()->s ecurityOrigin(), target->domWindow(), reportingOption);

74 }	144 }

75	145

76 bool BindingSecurity::shouldAllowAccessToFrame(v8::Isolate* isolate, LocalDOMWin dow* accessingWindow, Frame* target, ExceptionState& exceptionState)

77 {

78 if (!target \|\| !target->securityContext())

79 return false;

80 return canAccessFrame(isolate, accessingWindow, target->securityContext()->s ecurityOrigin(), target->domWindow(), exceptionState);

81 }

82

83 bool BindingSecurity::shouldAllowAccessToNode(v8::Isolate* isolate, LocalDOMWind ow* accessingWindow, Node* target, SecurityReportingOption reportingOption)

84 {

85 return target && canAccessFrame(isolate, accessingWindow, target->document() .securityOrigin(), target->document().domWindow(), reportingOption);

86 }

87

88 bool BindingSecurity::shouldAllowAccessToNode(v8::Isolate* isolate, LocalDOMWind ow* accessingWindow, Node* target, ExceptionState& exceptionState)

89 {

90 return target && canAccessFrame(isolate, accessingWindow, target->document() .securityOrigin(), target->document().domWindow(), exceptionState);

91 }

92

93 } // namespace blink	146 } // namespace blink

OLD	NEW