| Index: third_party/WebKit/Source/bindings/core/v8/BindingSecurity.h
|
| diff --git a/third_party/WebKit/Source/bindings/core/v8/BindingSecurity.h b/third_party/WebKit/Source/bindings/core/v8/BindingSecurity.h
|
| index f8fbe354caff51b25d157eae0ebc90d5296f1076..85205f64c9970b5eb228624784e31bef620a2ce4 100644
|
| --- a/third_party/WebKit/Source/bindings/core/v8/BindingSecurity.h
|
| +++ b/third_party/WebKit/Source/bindings/core/v8/BindingSecurity.h
|
| @@ -31,16 +31,18 @@
|
| #ifndef BindingSecurity_h
|
| #define BindingSecurity_h
|
|
|
| -// FIXME: The LocalFrame include should not be necessary, clients should be including it where they use it.
|
| #include "core/CoreExport.h"
|
| -#include "core/frame/LocalFrame.h"
|
| #include "wtf/Allocator.h"
|
| #include <v8.h>
|
|
|
| namespace blink {
|
|
|
| -class LocalDOMWindow;
|
| +class DOMWindow;
|
| +class EventTarget;
|
| class ExceptionState;
|
| +class Frame;
|
| +class LocalDOMWindow;
|
| +class Location;
|
| class Node;
|
|
|
| enum SecurityReportingOption {
|
| @@ -48,18 +50,45 @@ enum SecurityReportingOption {
|
| ReportSecurityError,
|
| };
|
|
|
| -class BindingSecurity {
|
| +class CORE_EXPORT BindingSecurity {
|
| STATIC_ONLY(BindingSecurity);
|
| public:
|
| - // Check the access to the return value.
|
| - static bool shouldAllowAccessToNode(v8::Isolate*, LocalDOMWindow* accessingWindow, Node*, SecurityReportingOption);
|
| - static bool shouldAllowAccessToNode(v8::Isolate*, LocalDOMWindow* accessingWindow, Node*, ExceptionState&);
|
| + // Check if the caller (|accessingWindow|) is allowed to access the JS
|
| + // receiver object (|target|), where the receiver object is the JS object
|
| + // for which the DOM attribute or DOM operation is being invoked (in the
|
| + // form of receiver.domAttr or receiver.domOp()).
|
| + // Note that only Window and Location objects are cross-origin accessible
|
| + // and that EventTarget interface is the parent interface of Window
|
| + // interface. So the receiver object must be of type DOMWindow,
|
| + // EventTarget, or Location.
|
| + //
|
| + // DOMWindow
|
| + static bool shouldAllowAccessTo(v8::Isolate*, const LocalDOMWindow* accessingWindow, const DOMWindow* target, ExceptionState&);
|
| + static bool shouldAllowAccessTo(v8::Isolate*, const LocalDOMWindow* accessingWindow, const DOMWindow* target, SecurityReportingOption);
|
| + // EventTarget (as the parent of DOMWindow)
|
| + static bool shouldAllowAccessTo(v8::Isolate*, const LocalDOMWindow* accessingWindow, const EventTarget* target, ExceptionState&); // NOLINT(readability/parameter_name)
|
| + // Location
|
| + static bool shouldAllowAccessTo(v8::Isolate*, const LocalDOMWindow* accessingWindow, const Location* target, ExceptionState&);
|
| + static bool shouldAllowAccessTo(v8::Isolate*, const LocalDOMWindow* accessingWindow, const Location* target, SecurityReportingOption);
|
| + // Prefer to use the previous overloads instead of falling back to using
|
| + // Frame*.
|
| + static bool shouldAllowAccessToFrame(v8::Isolate*, const LocalDOMWindow* accessingWindow, const Frame* target, SecurityReportingOption); // OBSOLETE
|
|
|
| - // Check the access to the receiver.
|
| - CORE_EXPORT static bool shouldAllowAccessToFrame(v8::Isolate*, LocalDOMWindow* accessingWindow, Frame*, SecurityReportingOption = ReportSecurityError);
|
| - CORE_EXPORT static bool shouldAllowAccessToFrame(v8::Isolate*, LocalDOMWindow* accessingWindow, Frame*, ExceptionState&);
|
| + // Check if the caller (|accessingWindow|) is allowed to access the JS
|
| + // returned object (|target|), where the returned object is the JS object
|
| + // which is returned as a result of invoking a DOM attribute or DOM
|
| + // operation (in the form of
|
| + // var x = receiver.domAttr // or receiver.domOp()
|
| + // where |x| is the returned object).
|
| + // See window.frameElement for example, which may return a frame object.
|
| + // The object returned from window.frameElement must be the same origin if
|
| + // it's not null.
|
| + //
|
| + // Node
|
| + static bool shouldAllowAccessTo(v8::Isolate*, const LocalDOMWindow* accessingWindow, const Node* target, ExceptionState&);
|
| + static bool shouldAllowAccessTo(v8::Isolate*, const LocalDOMWindow* accessingWindow, const Node* target, SecurityReportingOption);
|
| };
|
|
|
| -}
|
| +} // namespace blink
|
|
|
| #endif
|
|
|
Chromium Code Reviews
Issue 1417023006:
bindings: Refactors BindingSecurity::shouldAllowAccessToXXX. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master