OLD | NEW |
1 /* | 1 /* |
2 * Copyright (C) 2009 Google Inc. All rights reserved. | 2 * Copyright (C) 2009 Google Inc. All rights reserved. |
3 * | 3 * |
4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
5 * modification, are permitted provided that the following conditions are | 5 * modification, are permitted provided that the following conditions are |
6 * met: | 6 * met: |
7 * | 7 * |
8 * * Redistributions of source code must retain the above copyright | 8 * * Redistributions of source code must retain the above copyright |
9 * notice, this list of conditions and the following disclaimer. | 9 * notice, this list of conditions and the following disclaimer. |
10 * * Redistributions in binary form must reproduce the above | 10 * * Redistributions in binary form must reproduce the above |
(...skipping 25 matching lines...) Expand all Loading... |
36 #include <v8.h> | 36 #include <v8.h> |
37 | 37 |
38 namespace blink { | 38 namespace blink { |
39 | 39 |
40 class DOMWindow; | 40 class DOMWindow; |
41 class EventTarget; | 41 class EventTarget; |
42 class ExceptionState; | 42 class ExceptionState; |
43 class Frame; | 43 class Frame; |
44 class LocalDOMWindow; | 44 class LocalDOMWindow; |
45 class Location; | 45 class Location; |
| 46 class MainThreadWorkletGlobalScope; |
46 class Node; | 47 class Node; |
47 | 48 |
48 enum SecurityReportingOption { | 49 enum SecurityReportingOption { |
49 DoNotReportSecurityError, | 50 DoNotReportSecurityError, |
50 ReportSecurityError, | 51 ReportSecurityError, |
51 }; | 52 }; |
52 | 53 |
53 class CORE_EXPORT BindingSecurity { | 54 class CORE_EXPORT BindingSecurity { |
54 STATIC_ONLY(BindingSecurity); | 55 STATIC_ONLY(BindingSecurity); |
55 public: | 56 public: |
56 // Check if the caller (|accessingWindow|) is allowed to access the JS | 57 // Check if the caller (|accessingWindow|) is allowed to access the JS |
57 // receiver object (|target|), where the receiver object is the JS object | 58 // receiver object (|target|), where the receiver object is the JS object |
58 // for which the DOM attribute or DOM operation is being invoked (in the | 59 // for which the DOM attribute or DOM operation is being invoked (in the |
59 // form of receiver.domAttr or receiver.domOp()). | 60 // form of receiver.domAttr or receiver.domOp()). |
60 // Note that only Window and Location objects are cross-origin accessible | 61 // Note that only Window and Location objects are cross-origin accessible |
61 // and that EventTarget interface is the parent interface of Window | 62 // and that EventTarget interface is the parent interface of Window |
62 // interface. So the receiver object must be of type DOMWindow, | 63 // interface. So the receiver object must be of type DOMWindow, |
63 // EventTarget, or Location. | 64 // EventTarget, or Location. |
64 // | 65 // |
65 // DOMWindow | 66 // DOMWindow |
66 static bool shouldAllowAccessTo(v8::Isolate*, const LocalDOMWindow* accessin
gWindow, const DOMWindow* target, ExceptionState&); | 67 static bool shouldAllowAccessTo(v8::Isolate*, const LocalDOMWindow* accessin
gWindow, const DOMWindow* target, ExceptionState&); |
67 static bool shouldAllowAccessTo(v8::Isolate*, const LocalDOMWindow* accessin
gWindow, const DOMWindow* target, SecurityReportingOption); | 68 static bool shouldAllowAccessTo(v8::Isolate*, const LocalDOMWindow* accessin
gWindow, const DOMWindow* target, SecurityReportingOption); |
68 // EventTarget (as the parent of DOMWindow) | 69 // EventTarget (as the parent of DOMWindow) |
69 static bool shouldAllowAccessTo(v8::Isolate*, const LocalDOMWindow* accessin
gWindow, const EventTarget* target, ExceptionState&); // NOLINT(readability/par
ameter_name) | 70 static bool shouldAllowAccessTo(v8::Isolate*, const LocalDOMWindow* accessin
gWindow, const EventTarget* target, ExceptionState&); // NOLINT(readability/par
ameter_name) |
70 // Location | 71 // Location |
71 static bool shouldAllowAccessTo(v8::Isolate*, const LocalDOMWindow* accessin
gWindow, const Location* target, ExceptionState&); | 72 static bool shouldAllowAccessTo(v8::Isolate*, const LocalDOMWindow* accessin
gWindow, const Location* target, ExceptionState&); |
72 static bool shouldAllowAccessTo(v8::Isolate*, const LocalDOMWindow* accessin
gWindow, const Location* target, SecurityReportingOption); | 73 static bool shouldAllowAccessTo(v8::Isolate*, const LocalDOMWindow* accessin
gWindow, const Location* target, SecurityReportingOption); |
| 74 // MainThreadWorkletGlobalScope |
| 75 static bool shouldAllowAccessTo(v8::Isolate*, const LocalDOMWindow* accessin
gWindow, const MainThreadWorkletGlobalScope* target, SecurityReportingOption); |
73 // Prefer to use the previous overloads instead of falling back to using | 76 // Prefer to use the previous overloads instead of falling back to using |
74 // Frame*. | 77 // Frame*. |
75 static bool shouldAllowAccessToFrame(v8::Isolate*, const LocalDOMWindow* acc
essingWindow, const Frame* target, SecurityReportingOption); // OBSOLETE | 78 static bool shouldAllowAccessToFrame(v8::Isolate*, const LocalDOMWindow* acc
essingWindow, const Frame* target, SecurityReportingOption); // OBSOLETE |
76 | 79 |
77 // Check if the caller (|accessingWindow|) is allowed to access the JS | 80 // Check if the caller (|accessingWindow|) is allowed to access the JS |
78 // returned object (|target|), where the returned object is the JS object | 81 // returned object (|target|), where the returned object is the JS object |
79 // which is returned as a result of invoking a DOM attribute or DOM | 82 // which is returned as a result of invoking a DOM attribute or DOM |
80 // operation (in the form of | 83 // operation (in the form of |
81 // var x = receiver.domAttr // or receiver.domOp() | 84 // var x = receiver.domAttr // or receiver.domOp() |
82 // where |x| is the returned object). | 85 // where |x| is the returned object). |
83 // See window.frameElement for example, which may return a frame object. | 86 // See window.frameElement for example, which may return a frame object. |
84 // The object returned from window.frameElement must be the same origin if | 87 // The object returned from window.frameElement must be the same origin if |
85 // it's not null. | 88 // it's not null. |
86 // | 89 // |
87 // Node | 90 // Node |
88 static bool shouldAllowAccessTo(v8::Isolate*, const LocalDOMWindow* accessin
gWindow, const Node* target, ExceptionState&); | 91 static bool shouldAllowAccessTo(v8::Isolate*, const LocalDOMWindow* accessin
gWindow, const Node* target, ExceptionState&); |
89 static bool shouldAllowAccessTo(v8::Isolate*, const LocalDOMWindow* accessin
gWindow, const Node* target, SecurityReportingOption); | 92 static bool shouldAllowAccessTo(v8::Isolate*, const LocalDOMWindow* accessin
gWindow, const Node* target, SecurityReportingOption); |
90 }; | 93 }; |
91 | 94 |
92 } // namespace blink | 95 } // namespace blink |
93 | 96 |
94 #endif | 97 #endif |
OLD | NEW |