Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(7)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: third_party/WebKit/Source/bindings/core/v8/BindingSecurity.h

Issue 1417023006: bindings: Refactors BindingSecurity::shouldAllowAccessToXXX. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Fixed the assertion condition. Created 5 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | third_party/WebKit/Source/bindings/core/v8/BindingSecurity.cpp » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * Copyright (C) 2009 Google Inc. All rights reserved. 2 * Copyright (C) 2009 Google Inc. All rights reserved.
3 * 3 *
4 * Redistribution and use in source and binary forms, with or without 4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions are 5 * modification, are permitted provided that the following conditions are
6 * met: 6 * met:
7 * 7 *
8 * * Redistributions of source code must retain the above copyright 8 * * Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer. 9 * notice, this list of conditions and the following disclaimer.
10 * * Redistributions in binary form must reproduce the above 10 * * Redistributions in binary form must reproduce the above
(...skipping 13 matching lines...) Expand all
24 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 24 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
25 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 25 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
26 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 26 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
27 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 27 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
28 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 28 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
29 */ 29 */
30 30
31 #ifndef BindingSecurity_h 31 #ifndef BindingSecurity_h
32 #define BindingSecurity_h 32 #define BindingSecurity_h
33 33
34 // FIXME: The LocalFrame include should not be necessary, clients should be incl uding it where they use it.
35 #include "core/CoreExport.h" 34 #include "core/CoreExport.h"
36 #include "core/frame/LocalFrame.h"
37 #include "wtf/Allocator.h" 35 #include "wtf/Allocator.h"
38 #include <v8.h> 36 #include <v8.h>
39 37
40 namespace blink { 38 namespace blink {
41 39
40 class DOMWindow;
41 class EventTarget;
42 class ExceptionState;
43 class Frame;
42 class LocalDOMWindow; 44 class LocalDOMWindow;
43 class ExceptionState; 45 class Location;
44 class Node; 46 class Node;
45 47
46 enum SecurityReportingOption { 48 enum SecurityReportingOption {
47 DoNotReportSecurityError, 49 DoNotReportSecurityError,
48 ReportSecurityError, 50 ReportSecurityError,
49 }; 51 };
50 52
51 class BindingSecurity { 53 class CORE_EXPORT BindingSecurity {
52 STATIC_ONLY(BindingSecurity); 54 STATIC_ONLY(BindingSecurity);
53 public: 55 public:
54 // Check the access to the return value. 56 // Check if the caller (|accessingWindow|) is allowed to access the JS
55 static bool shouldAllowAccessToNode(v8::Isolate*, LocalDOMWindow* accessingW indow, Node*, SecurityReportingOption); 57 // receiver object (|target|), where the receiver object is the JS object
56 static bool shouldAllowAccessToNode(v8::Isolate*, LocalDOMWindow* accessingW indow, Node*, ExceptionState&); 58 // for which the DOM attribute or DOM operation is being invoked (in the
59 // form of receiver.domAttr or receiver.domOp()).
60 // Note that only Window and Location objects are cross-origin accessible
61 // and that EventTarget interface is the parent interface of Window
62 // interface. So the receiver object must be of type DOMWindow,
63 // EventTarget, or Location.
64 //
65 // DOMWindow
66 static bool shouldAllowAccessTo(v8::Isolate*, const LocalDOMWindow* accessin gWindow, const DOMWindow* target, ExceptionState&);
67 static bool shouldAllowAccessTo(v8::Isolate*, const LocalDOMWindow* accessin gWindow, const DOMWindow* target, SecurityReportingOption);
68 // EventTarget (as the parent of DOMWindow)
69 static bool shouldAllowAccessTo(v8::Isolate*, const LocalDOMWindow* accessin gWindow, const EventTarget* target, ExceptionState&); // NOLINT(readability/par ameter_name)
70 // Location
71 static bool shouldAllowAccessTo(v8::Isolate*, const LocalDOMWindow* accessin gWindow, const Location* target, ExceptionState&);
72 static bool shouldAllowAccessTo(v8::Isolate*, const LocalDOMWindow* accessin gWindow, const Location* target, SecurityReportingOption);
73 // Prefer to use the previous overloads instead of falling back to using
74 // Frame*.
75 static bool shouldAllowAccessToFrame(v8::Isolate*, const LocalDOMWindow* acc essingWindow, const Frame* target, SecurityReportingOption); // OBSOLETE
57 76
58 // Check the access to the receiver. 77 // Check if the caller (|accessingWindow|) is allowed to access the JS
59 CORE_EXPORT static bool shouldAllowAccessToFrame(v8::Isolate*, LocalDOMWindo w* accessingWindow, Frame*, SecurityReportingOption = ReportSecurityError); 78 // returned object (|target|), where the returned object is the JS object
60 CORE_EXPORT static bool shouldAllowAccessToFrame(v8::Isolate*, LocalDOMWindo w* accessingWindow, Frame*, ExceptionState&); 79 // which is returned as a result of invoking a DOM attribute or DOM
80 // operation (in the form of
81 // var x = receiver.domAttr // or receiver.domOp()
82 // where |x| is the returned object).
83 // See window.frameElement for example, which may return a frame object.
84 // The object returned from window.frameElement must be the same origin if
85 // it's not null.
86 //
87 // Node
88 static bool shouldAllowAccessTo(v8::Isolate*, const LocalDOMWindow* accessin gWindow, const Node* target, ExceptionState&);
89 static bool shouldAllowAccessTo(v8::Isolate*, const LocalDOMWindow* accessin gWindow, const Node* target, SecurityReportingOption);
61 }; 90 };
62 91
63 } 92 } // namespace blink
64 93
65 #endif 94 #endif
OLDNEW
« no previous file with comments | « no previous file | third_party/WebKit/Source/bindings/core/v8/BindingSecurity.cpp » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698