| OLD | NEW |
|---|
| 1 /* | 1 /* |
| 2 * Copyright (C) 2009 Google Inc. All rights reserved. | 2 * Copyright (C) 2009 Google Inc. All rights reserved. |
| 3 * | 3 * |
| 4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
| 5 * modification, are permitted provided that the following conditions are | 5 * modification, are permitted provided that the following conditions are |
| 6 * met: | 6 * met: |
| 7 * | 7 * |
| 8 * * Redistributions of source code must retain the above copyright | 8 * * Redistributions of source code must retain the above copyright |
| 9 * notice, this list of conditions and the following disclaimer. | 9 * notice, this list of conditions and the following disclaimer. |
| 10 * * Redistributions in binary form must reproduce the above | 10 * * Redistributions in binary form must reproduce the above |
| (...skipping 23 matching lines...) Expand all Loading... |
| 34 #include "bindings/core/v8/V8Binding.h" | 34 #include "bindings/core/v8/V8Binding.h" |
| 35 #include "core/dom/Document.h" | 35 #include "core/dom/Document.h" |
| 36 #include "core/frame/LocalDOMWindow.h" | 36 #include "core/frame/LocalDOMWindow.h" |
| 37 #include "core/frame/LocalFrame.h" | 37 #include "core/frame/LocalFrame.h" |
| 38 #include "core/frame/Settings.h" | 38 #include "core/frame/Settings.h" |
| 39 #include "core/html/HTMLFrameElementBase.h" | 39 #include "core/html/HTMLFrameElementBase.h" |
| 40 #include "platform/weborigin/SecurityOrigin.h" | 40 #include "platform/weborigin/SecurityOrigin.h" |
| 41 | 41 |
| 42 namespace blink { | 42 namespace blink { |
| 43 | 43 |
| 44 static bool isOriginAccessibleFromDOMWindow(SecurityOrigin* targetOrigin, LocalD
OMWindow* accessingWindow) | 44 static bool isOriginAccessibleFromDOMWindow(const SecurityOrigin* targetOrigin,
const LocalDOMWindow* accessingWindow) |
| 45 { | 45 { |
| 46 return accessingWindow && accessingWindow->document()->securityOrigin()->can
AccessCheckSuborigins(targetOrigin); | 46 return accessingWindow && accessingWindow->document()->securityOrigin()->can
AccessCheckSuborigins(targetOrigin); |
| 47 } | 47 } |
| 48 | 48 |
| 49 static bool canAccessFrame(v8::Isolate* isolate, LocalDOMWindow* accessingWindow
, SecurityOrigin* targetFrameOrigin, DOMWindow* targetWindow, ExceptionState& ex
ceptionState) | 49 static bool canAccessFrame(v8::Isolate* isolate, const LocalDOMWindow* accessing
Window, const SecurityOrigin* targetFrameOrigin, const DOMWindow* targetWindow,
ExceptionState& exceptionState) |
| 50 { | 50 { |
| 51 ASSERT_WITH_SECURITY_IMPLICATION(!(targetWindow && targetWindow->frame()) ||
targetWindow == targetWindow->frame()->domWindow()); |
| 52 |
| 51 if (isOriginAccessibleFromDOMWindow(targetFrameOrigin, accessingWindow)) | 53 if (isOriginAccessibleFromDOMWindow(targetFrameOrigin, accessingWindow)) |
| 52 return true; | 54 return true; |
| 53 | 55 |
| 54 if (targetWindow) | 56 if (targetWindow) |
| 55 exceptionState.throwSecurityError(targetWindow->sanitizedCrossDomainAcce
ssErrorMessage(accessingWindow), targetWindow->crossDomainAccessErrorMessage(acc
essingWindow)); | 57 exceptionState.throwSecurityError(targetWindow->sanitizedCrossDomainAcce
ssErrorMessage(accessingWindow), targetWindow->crossDomainAccessErrorMessage(acc
essingWindow)); |
| 56 return false; | 58 return false; |
| 57 } | 59 } |
| 58 | 60 |
| 59 static bool canAccessFrame(v8::Isolate* isolate, LocalDOMWindow* accessingWindow
, SecurityOrigin* targetFrameOrigin, DOMWindow* targetWindow, SecurityReportingO
ption reportingOption = ReportSecurityError) | 61 static bool canAccessFrame(v8::Isolate* isolate, const LocalDOMWindow* accessing
Window, SecurityOrigin* targetFrameOrigin, const DOMWindow* targetWindow, Securi
tyReportingOption reportingOption = ReportSecurityError) |
| 60 { | 62 { |
| 63 ASSERT_WITH_SECURITY_IMPLICATION(!(targetWindow && targetWindow->frame()) ||
targetWindow == targetWindow->frame()->domWindow()); |
| 64 |
| 61 if (isOriginAccessibleFromDOMWindow(targetFrameOrigin, accessingWindow)) | 65 if (isOriginAccessibleFromDOMWindow(targetFrameOrigin, accessingWindow)) |
| 62 return true; | 66 return true; |
| 63 | 67 |
| 64 if (reportingOption == ReportSecurityError && targetWindow) | 68 if (reportingOption == ReportSecurityError && targetWindow) |
| 65 accessingWindow->printErrorMessage(targetWindow->crossDomainAccessErrorM
essage(accessingWindow)); | 69 accessingWindow->printErrorMessage(targetWindow->crossDomainAccessErrorM
essage(accessingWindow)); |
| 66 return false; | 70 return false; |
| 67 } | 71 } |
| 68 | 72 |
| 69 bool BindingSecurity::shouldAllowAccessToFrame(v8::Isolate* isolate, LocalDOMWin
dow* accessingWindow, Frame* target, SecurityReportingOption reportingOption) | 73 bool BindingSecurity::shouldAllowAccessTo(v8::Isolate* isolate, const LocalDOMWi
ndow* accessingWindow, const DOMWindow* target, ExceptionState& exceptionState) |
| 74 { |
| 75 ASSERT(target); |
| 76 const Frame* frame = target->frame(); |
| 77 if (!frame || !frame->securityContext()) |
| 78 return false; |
| 79 return canAccessFrame(isolate, accessingWindow, frame->securityContext()->se
curityOrigin(), target, exceptionState); |
| 80 } |
| 81 |
| 82 bool BindingSecurity::shouldAllowAccessTo(v8::Isolate* isolate, const LocalDOMWi
ndow* accessingWindow, const DOMWindow* target, SecurityReportingOption reportin
gOption) |
| 83 { |
| 84 ASSERT(target); |
| 85 const Frame* frame = target->frame(); |
| 86 if (!frame || !frame->securityContext()) |
| 87 return false; |
| 88 return canAccessFrame(isolate, accessingWindow, frame->securityContext()->se
curityOrigin(), target, reportingOption); |
| 89 } |
| 90 |
| 91 bool BindingSecurity::shouldAllowAccessTo(v8::Isolate* isolate, const LocalDOMWi
ndow* accessingWindow, const EventTarget* target, ExceptionState& exceptionState
) |
| 92 { |
| 93 ASSERT(target); |
| 94 const DOMWindow* window = target->toDOMWindow(); |
| 95 if (!window) { |
| 96 // We only need to check the access to Window objects which are |
| 97 // cross-origin accessible. If it's not a Window, the object's |
| 98 // origin must always be the same origin (or it already leaked). |
| 99 return true; |
| 100 } |
| 101 const Frame* frame = window->frame(); |
| 102 if (!frame || !frame->securityContext()) |
| 103 return false; |
| 104 return canAccessFrame(isolate, accessingWindow, frame->securityContext()->se
curityOrigin(), window, exceptionState); |
| 105 } |
| 106 |
| 107 bool BindingSecurity::shouldAllowAccessTo(v8::Isolate* isolate, const LocalDOMWi
ndow* accessingWindow, const Location* target, ExceptionState& exceptionState) |
| 108 { |
| 109 ASSERT(target); |
| 110 const Frame* frame = target->frame(); |
| 111 if (!frame || !frame->securityContext()) |
| 112 return false; |
| 113 return canAccessFrame(isolate, accessingWindow, frame->securityContext()->se
curityOrigin(), frame->domWindow(), exceptionState); |
| 114 } |
| 115 |
| 116 bool BindingSecurity::shouldAllowAccessTo(v8::Isolate* isolate, const LocalDOMWi
ndow* accessingWindow, const Location* target, SecurityReportingOption reporting
Option) |
| 117 { |
| 118 ASSERT(target); |
| 119 const Frame* frame = target->frame(); |
| 120 if (!frame || !frame->securityContext()) |
| 121 return false; |
| 122 return canAccessFrame(isolate, accessingWindow, frame->securityContext()->se
curityOrigin(), frame->domWindow(), reportingOption); |
| 123 } |
| 124 |
| 125 bool BindingSecurity::shouldAllowAccessTo(v8::Isolate* isolate, const LocalDOMWi
ndow* accessingWindow, const Node* target, ExceptionState& exceptionState) |
| 126 { |
| 127 if (!target) |
| 128 return false; |
| 129 return canAccessFrame(isolate, accessingWindow, target->document().securityO
rigin(), target->document().domWindow(), exceptionState); |
| 130 } |
| 131 |
| 132 bool BindingSecurity::shouldAllowAccessTo(v8::Isolate* isolate, const LocalDOMWi
ndow* accessingWindow, const Node* target, SecurityReportingOption reportingOpti
on) |
| 133 { |
| 134 if (!target) |
| 135 return false; |
| 136 return canAccessFrame(isolate, accessingWindow, target->document().securityO
rigin(), target->document().domWindow(), reportingOption); |
| 137 } |
| 138 |
| 139 bool BindingSecurity::shouldAllowAccessToFrame(v8::Isolate* isolate, const Local
DOMWindow* accessingWindow, const Frame* target, SecurityReportingOption reporti
ngOption) |
| 70 { | 140 { |
| 71 if (!target || !target->securityContext()) | 141 if (!target || !target->securityContext()) |
| 72 return false; | 142 return false; |
| 73 return canAccessFrame(isolate, accessingWindow, target->securityContext()->s
ecurityOrigin(), target->domWindow(), reportingOption); | 143 return canAccessFrame(isolate, accessingWindow, target->securityContext()->s
ecurityOrigin(), target->domWindow(), reportingOption); |
| 74 } | 144 } |
| 75 | 145 |
| 76 bool BindingSecurity::shouldAllowAccessToFrame(v8::Isolate* isolate, LocalDOMWin
dow* accessingWindow, Frame* target, ExceptionState& exceptionState) | |
| 77 { | |
| 78 if (!target || !target->securityContext()) | |
| 79 return false; | |
| 80 return canAccessFrame(isolate, accessingWindow, target->securityContext()->s
ecurityOrigin(), target->domWindow(), exceptionState); | |
| 81 } | |
| 82 | |
| 83 bool BindingSecurity::shouldAllowAccessToNode(v8::Isolate* isolate, LocalDOMWind
ow* accessingWindow, Node* target, SecurityReportingOption reportingOption) | |
| 84 { | |
| 85 return target && canAccessFrame(isolate, accessingWindow, target->document()
.securityOrigin(), target->document().domWindow(), reportingOption); | |
| 86 } | |
| 87 | |
| 88 bool BindingSecurity::shouldAllowAccessToNode(v8::Isolate* isolate, LocalDOMWind
ow* accessingWindow, Node* target, ExceptionState& exceptionState) | |
| 89 { | |
| 90 return target && canAccessFrame(isolate, accessingWindow, target->document()
.securityOrigin(), target->document().domWindow(), exceptionState); | |
| 91 } | |
| 92 | |
| 93 } // namespace blink | 146 } // namespace blink |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1417023006:
bindings: Refactors BindingSecurity::shouldAllowAccessToXXX. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master