bindings: Refactors BindingSecurity::shouldAllowAccessToXXX.

third_party/WebKit/Source/core/frame/DOMWindow.cpp

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "config.h"
 #include "core/frame/DOMWindow.h"
 
 #include "bindings/core/v8/ScriptCallStackFactory.h"
 #include "core/dom/Document.h"
 #include "core/dom/ExceptionCode.h"
@@ skipping 212 matching lines @@
 
         toLocalDOMWindow(this)->schedulePostMessage(event, source, target.get(), stackTrace.release());
     }
 }
 
 // FIXME: Once we're throwing exceptions for cross-origin access violations, we will always sanitize the target
 // frame details, so we can safely combine 'crossDomainAccessErrorMessage' with this method after considering
 // exactly which details may be exposed to JavaScript.
 //
 // http://crbug.com/17325
-String DOMWindow::sanitizedCrossDomainAccessErrorMessage(LocalDOMWindow* callingWindow)
+String DOMWindow::sanitizedCrossDomainAccessErrorMessage(const LocalDOMWindow* callingWindow) const
 {
     if (!callingWindow || !callingWindow->document() || !frame())
         return String();
 
     const KURL& callingWindowURL = callingWindow->document()->url();
     if (callingWindowURL.isNull())
         return String();
 
     ASSERT(!callingWindow->document()->securityOrigin()->canAccessCheckSuborigins(frame()->securityContext()->securityOrigin()));
 
-    SecurityOrigin* activeOrigin = callingWindow->document()->securityOrigin();
+    const SecurityOrigin* activeOrigin = callingWindow->document()->securityOrigin();
     String message = "Blocked a frame with origin \"" + activeOrigin->toString() + "\" from accessing a cross-origin frame.";
 
     // FIXME: Evaluate which details from 'crossDomainAccessErrorMessage' may safely be reported to JavaScript.
 
     return message;
 }
 
-String DOMWindow::crossDomainAccessErrorMessage(LocalDOMWindow* callingWindow)
+String DOMWindow::crossDomainAccessErrorMessage(const LocalDOMWindow* callingWindow) const
 {
     if (!callingWindow || !callingWindow->document() || !frame())
         return String();
 
     const KURL& callingWindowURL = callingWindow->document()->url();
     if (callingWindowURL.isNull())
         return String();
 
     // FIXME: This message, and other console messages, have extra newlines. Should remove them.
-    SecurityOrigin* activeOrigin = callingWindow->document()->securityOrigin();
-    SecurityOrigin* targetOrigin = frame()->securityContext()->securityOrigin();
+    const SecurityOrigin* activeOrigin = callingWindow->document()->securityOrigin();
+    const SecurityOrigin* targetOrigin = frame()->securityContext()->securityOrigin();
     ASSERT(!activeOrigin->canAccessCheckSuborigins(targetOrigin));
 
     String message = "Blocked a frame with origin \"" + activeOrigin->toString() + "\" from accessing a frame with origin \"" + targetOrigin->toString() + "\". ";
 
     // Sandbox errors: Use the origin of the frames' location, rather than their actual origin (since we know that at least one will be "null").
     KURL activeURL = callingWindow->document()->url();
     // TODO(alexmos): RemoteFrames do not have a document, and their URLs
     // aren't replicated.  For now, construct the URL using the replicated
     // origin for RemoteFrames. If the target frame is remote and sandboxed,
     // there isn't anything else to show other than "null" for its origin.
@@ skipping 67 matching lines @@
     m_windowIsClosing = true;
 }
 
 DEFINE_TRACE(DOMWindow)
 {
     visitor->trace(m_location);
     EventTargetWithInlineData::trace(visitor);
 }
 
 } // namespace blink