OLD | NEW |
1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "core/frame/DOMWindow.h" | 5 #include "core/frame/DOMWindow.h" |
6 | 6 |
7 #include "bindings/core/v8/ScriptCallStack.h" | 7 #include "bindings/core/v8/ScriptCallStack.h" |
8 #include "core/dom/Document.h" | 8 #include "core/dom/Document.h" |
9 #include "core/dom/ExceptionCode.h" | 9 #include "core/dom/ExceptionCode.h" |
10 #include "core/dom/ExecutionContext.h" | 10 #include "core/dom/ExecutionContext.h" |
(...skipping 190 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
201 return; | 201 return; |
202 String sourceOrigin = sourceDocument->securityOrigin()->toString(); | 202 String sourceOrigin = sourceDocument->securityOrigin()->toString(); |
203 String sourceSuborigin = sourceDocument->securityOrigin()->suboriginName(); | 203 String sourceSuborigin = sourceDocument->securityOrigin()->suboriginName(); |
204 | 204 |
205 KURL targetUrl = isLocalDOMWindow() ? document()->url() : KURL(KURL(), frame
()->securityContext()->securityOrigin()->toString()); | 205 KURL targetUrl = isLocalDOMWindow() ? document()->url() : KURL(KURL(), frame
()->securityContext()->securityOrigin()->toString()); |
206 if (MixedContentChecker::isMixedContent(sourceDocument->securityOrigin(), ta
rgetUrl)) | 206 if (MixedContentChecker::isMixedContent(sourceDocument->securityOrigin(), ta
rgetUrl)) |
207 UseCounter::count(frame(), UseCounter::PostMessageFromSecureToInsecure); | 207 UseCounter::count(frame(), UseCounter::PostMessageFromSecureToInsecure); |
208 else if (MixedContentChecker::isMixedContent(frame()->securityContext()->sec
urityOrigin(), sourceDocument->url())) | 208 else if (MixedContentChecker::isMixedContent(frame()->securityContext()->sec
urityOrigin(), sourceDocument->url())) |
209 UseCounter::count(frame(), UseCounter::PostMessageFromInsecureToSecure); | 209 UseCounter::count(frame(), UseCounter::PostMessageFromInsecureToSecure); |
210 | 210 |
| 211 RefPtrWillBeRawPtr<MessageEvent> event = MessageEvent::create(channels.relea
se(), message, sourceOrigin, String(), source, sourceSuborigin); |
211 // Give the embedder a chance to intercept this postMessage. If the | 212 // Give the embedder a chance to intercept this postMessage. If the |
212 // target is a remote frame, the message will be forwarded through the | 213 // target is a remote frame, the message will be forwarded through the |
213 // browser process. | 214 // browser process. |
214 RefPtrWillBeRawPtr<MessageEvent> event = MessageEvent::create(channels.relea
se(), message, sourceOrigin, String(), source, sourceSuborigin); | 215 if (frame()->client()->willCheckAndDispatchMessageEvent(target.get(), event.
get(), source->document()->frame())) |
215 bool didHandleMessageEvent = frame()->client()->willCheckAndDispatchMessageE
vent(target.get(), event.get(), source->document()->frame()); | 216 return; |
216 if (!didHandleMessageEvent) { | |
217 // Capture stack trace only when inspector front-end is loaded as it may
be time consuming. | |
218 RefPtr<ScriptCallStack> stackTrace; | |
219 if (InspectorInstrumentation::consoleAgentEnabled(sourceDocument)) | |
220 stackTrace = ScriptCallStack::capture(); | |
221 | 217 |
222 toLocalDOMWindow(this)->schedulePostMessage(event, source, target.get(),
stackTrace.release()); | 218 // Capture stack trace only when inspector front-end is loaded as it may be
time consuming. |
223 } | 219 RefPtr<ScriptCallStack> stackTrace; |
| 220 if (InspectorInstrumentation::consoleAgentEnabled(sourceDocument)) |
| 221 stackTrace = ScriptCallStack::capture(); |
| 222 |
| 223 toLocalDOMWindow(this)->schedulePostMessage(event, target.get(), stackTrace.
release()); |
224 } | 224 } |
225 | 225 |
226 // FIXME: Once we're throwing exceptions for cross-origin access violations, we
will always sanitize the target | 226 // FIXME: Once we're throwing exceptions for cross-origin access violations, we
will always sanitize the target |
227 // frame details, so we can safely combine 'crossDomainAccessErrorMessage' with
this method after considering | 227 // frame details, so we can safely combine 'crossDomainAccessErrorMessage' with
this method after considering |
228 // exactly which details may be exposed to JavaScript. | 228 // exactly which details may be exposed to JavaScript. |
229 // | 229 // |
230 // http://crbug.com/17325 | 230 // http://crbug.com/17325 |
231 String DOMWindow::sanitizedCrossDomainAccessErrorMessage(const LocalDOMWindow* c
allingWindow) const | 231 String DOMWindow::sanitizedCrossDomainAccessErrorMessage(const LocalDOMWindow* c
allingWindow) const |
232 { | 232 { |
233 if (!callingWindow || !callingWindow->document() || !frame()) | 233 if (!callingWindow || !callingWindow->document() || !frame()) |
(...skipping 131 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
365 page->focusController().focusDocumentView(frame(), true /* notifyEmbedder */
); | 365 page->focusController().focusDocumentView(frame(), true /* notifyEmbedder */
); |
366 } | 366 } |
367 | 367 |
368 DEFINE_TRACE(DOMWindow) | 368 DEFINE_TRACE(DOMWindow) |
369 { | 369 { |
370 visitor->trace(m_location); | 370 visitor->trace(m_location); |
371 EventTargetWithInlineData::trace(visitor); | 371 EventTargetWithInlineData::trace(visitor); |
372 } | 372 } |
373 | 373 |
374 } // namespace blink | 374 } // namespace blink |
OLD | NEW |