| Index: third_party/WebKit/Source/bindings/core/v8/BindingSecurity.cpp
|
| diff --git a/third_party/WebKit/Source/bindings/core/v8/BindingSecurity.cpp b/third_party/WebKit/Source/bindings/core/v8/BindingSecurity.cpp
|
| index 9654ddf31bceffe9a716bfdc9ef786247a84d733..bbbace5b81db635b3582c76bd161cff93e1d1c67 100644
|
| --- a/third_party/WebKit/Source/bindings/core/v8/BindingSecurity.cpp
|
| +++ b/third_party/WebKit/Source/bindings/core/v8/BindingSecurity.cpp
|
| @@ -41,13 +41,15 @@
|
|
|
| namespace blink {
|
|
|
| -static bool isOriginAccessibleFromDOMWindow(SecurityOrigin* targetOrigin, LocalDOMWindow* accessingWindow)
|
| +static bool isOriginAccessibleFromDOMWindow(const SecurityOrigin* targetOrigin, const LocalDOMWindow* accessingWindow)
|
| {
|
| return accessingWindow && accessingWindow->document()->securityOrigin()->canAccessCheckSuborigins(targetOrigin);
|
| }
|
|
|
| -static bool canAccessFrame(v8::Isolate* isolate, LocalDOMWindow* accessingWindow, SecurityOrigin* targetFrameOrigin, DOMWindow* targetWindow, ExceptionState& exceptionState)
|
| +static bool canAccessFrame(v8::Isolate* isolate, const LocalDOMWindow* accessingWindow, const SecurityOrigin* targetFrameOrigin, const DOMWindow* targetWindow, ExceptionState& exceptionState)
|
| {
|
| + ASSERT_WITH_SECURITY_IMPLICATION(!(targetWindow && targetWindow->frame()) || targetWindow == targetWindow->frame()->domWindow());
|
| +
|
| if (isOriginAccessibleFromDOMWindow(targetFrameOrigin, accessingWindow))
|
| return true;
|
|
|
| @@ -56,8 +58,10 @@ static bool canAccessFrame(v8::Isolate* isolate, LocalDOMWindow* accessingWindow
|
| return false;
|
| }
|
|
|
| -static bool canAccessFrame(v8::Isolate* isolate, LocalDOMWindow* accessingWindow, SecurityOrigin* targetFrameOrigin, DOMWindow* targetWindow, SecurityReportingOption reportingOption = ReportSecurityError)
|
| +static bool canAccessFrame(v8::Isolate* isolate, const LocalDOMWindow* accessingWindow, SecurityOrigin* targetFrameOrigin, const DOMWindow* targetWindow, SecurityReportingOption reportingOption = ReportSecurityError)
|
| {
|
| + ASSERT_WITH_SECURITY_IMPLICATION(!(targetWindow && targetWindow->frame()) || targetWindow == targetWindow->frame()->domWindow());
|
| +
|
| if (isOriginAccessibleFromDOMWindow(targetFrameOrigin, accessingWindow))
|
| return true;
|
|
|
| @@ -66,28 +70,77 @@ static bool canAccessFrame(v8::Isolate* isolate, LocalDOMWindow* accessingWindow
|
| return false;
|
| }
|
|
|
| -bool BindingSecurity::shouldAllowAccessToFrame(v8::Isolate* isolate, LocalDOMWindow* accessingWindow, Frame* target, SecurityReportingOption reportingOption)
|
| +bool BindingSecurity::shouldAllowAccessTo(v8::Isolate* isolate, const LocalDOMWindow* accessingWindow, const DOMWindow* target, ExceptionState& exceptionState)
|
| {
|
| - if (!target || !target->securityContext())
|
| + ASSERT(target);
|
| + const Frame* frame = target->frame();
|
| + if (!frame || !frame->securityContext())
|
| return false;
|
| - return canAccessFrame(isolate, accessingWindow, target->securityContext()->securityOrigin(), target->domWindow(), reportingOption);
|
| + return canAccessFrame(isolate, accessingWindow, frame->securityContext()->securityOrigin(), target, exceptionState);
|
| }
|
|
|
| -bool BindingSecurity::shouldAllowAccessToFrame(v8::Isolate* isolate, LocalDOMWindow* accessingWindow, Frame* target, ExceptionState& exceptionState)
|
| +bool BindingSecurity::shouldAllowAccessTo(v8::Isolate* isolate, const LocalDOMWindow* accessingWindow, const DOMWindow* target, SecurityReportingOption reportingOption)
|
| {
|
| - if (!target || !target->securityContext())
|
| + ASSERT(target);
|
| + const Frame* frame = target->frame();
|
| + if (!frame || !frame->securityContext())
|
| + return false;
|
| + return canAccessFrame(isolate, accessingWindow, frame->securityContext()->securityOrigin(), target, reportingOption);
|
| +}
|
| +
|
| +bool BindingSecurity::shouldAllowAccessTo(v8::Isolate* isolate, const LocalDOMWindow* accessingWindow, const EventTarget* target, ExceptionState& exceptionState)
|
| +{
|
| + ASSERT(target);
|
| + const DOMWindow* window = target->toDOMWindow();
|
| + if (!window) {
|
| + // We only need to check the access to Window objects which are
|
| + // cross-origin accessible. If it's not a Window, the object's
|
| + // origin must always be the same origin (or it already leaked).
|
| + return true;
|
| + }
|
| + const Frame* frame = window->frame();
|
| + if (!frame || !frame->securityContext())
|
| + return false;
|
| + return canAccessFrame(isolate, accessingWindow, frame->securityContext()->securityOrigin(), window, exceptionState);
|
| +}
|
| +
|
| +bool BindingSecurity::shouldAllowAccessTo(v8::Isolate* isolate, const LocalDOMWindow* accessingWindow, const Location* target, ExceptionState& exceptionState)
|
| +{
|
| + ASSERT(target);
|
| + const Frame* frame = target->frame();
|
| + if (!frame || !frame->securityContext())
|
| return false;
|
| - return canAccessFrame(isolate, accessingWindow, target->securityContext()->securityOrigin(), target->domWindow(), exceptionState);
|
| + return canAccessFrame(isolate, accessingWindow, frame->securityContext()->securityOrigin(), frame->domWindow(), exceptionState);
|
| }
|
|
|
| -bool BindingSecurity::shouldAllowAccessToNode(v8::Isolate* isolate, LocalDOMWindow* accessingWindow, Node* target, SecurityReportingOption reportingOption)
|
| +bool BindingSecurity::shouldAllowAccessTo(v8::Isolate* isolate, const LocalDOMWindow* accessingWindow, const Location* target, SecurityReportingOption reportingOption)
|
| {
|
| - return target && canAccessFrame(isolate, accessingWindow, target->document().securityOrigin(), target->document().domWindow(), reportingOption);
|
| + ASSERT(target);
|
| + const Frame* frame = target->frame();
|
| + if (!frame || !frame->securityContext())
|
| + return false;
|
| + return canAccessFrame(isolate, accessingWindow, frame->securityContext()->securityOrigin(), frame->domWindow(), reportingOption);
|
| }
|
|
|
| -bool BindingSecurity::shouldAllowAccessToNode(v8::Isolate* isolate, LocalDOMWindow* accessingWindow, Node* target, ExceptionState& exceptionState)
|
| +bool BindingSecurity::shouldAllowAccessTo(v8::Isolate* isolate, const LocalDOMWindow* accessingWindow, const Node* target, ExceptionState& exceptionState)
|
| {
|
| - return target && canAccessFrame(isolate, accessingWindow, target->document().securityOrigin(), target->document().domWindow(), exceptionState);
|
| + if (!target)
|
| + return false;
|
| + return canAccessFrame(isolate, accessingWindow, target->document().securityOrigin(), target->document().domWindow(), exceptionState);
|
| +}
|
| +
|
| +bool BindingSecurity::shouldAllowAccessTo(v8::Isolate* isolate, const LocalDOMWindow* accessingWindow, const Node* target, SecurityReportingOption reportingOption)
|
| +{
|
| + if (!target)
|
| + return false;
|
| + return canAccessFrame(isolate, accessingWindow, target->document().securityOrigin(), target->document().domWindow(), reportingOption);
|
| +}
|
| +
|
| +bool BindingSecurity::shouldAllowAccessToFrame(v8::Isolate* isolate, const LocalDOMWindow* accessingWindow, const Frame* target, SecurityReportingOption reportingOption)
|
| +{
|
| + if (!target || !target->securityContext())
|
| + return false;
|
| + return canAccessFrame(isolate, accessingWindow, target->securityContext()->securityOrigin(), target->domWindow(), reportingOption);
|
| }
|
|
|
| } // namespace blink
|
|
|
Chromium Code Reviews
Issue 1417023006:
bindings: Refactors BindingSecurity::shouldAllowAccessToXXX. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master