OLD | NEW |
---|---|
1 /* | 1 /* |
2 * Copyright (C) 2009 Google Inc. All rights reserved. | 2 * Copyright (C) 2009 Google Inc. All rights reserved. |
3 * | 3 * |
4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
5 * modification, are permitted provided that the following conditions are | 5 * modification, are permitted provided that the following conditions are |
6 * met: | 6 * met: |
7 * | 7 * |
8 * * Redistributions of source code must retain the above copyright | 8 * * Redistributions of source code must retain the above copyright |
9 * notice, this list of conditions and the following disclaimer. | 9 * notice, this list of conditions and the following disclaimer. |
10 * * Redistributions in binary form must reproduce the above | 10 * * Redistributions in binary form must reproduce the above |
(...skipping 32 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
43 | 43 |
44 static bool isOriginAccessibleFromDOMWindow(const SecurityOrigin* targetOrigin, const LocalDOMWindow* accessingWindow) | 44 static bool isOriginAccessibleFromDOMWindow(const SecurityOrigin* targetOrigin, const LocalDOMWindow* accessingWindow) |
45 { | 45 { |
46 return accessingWindow && accessingWindow->document()->getSecurityOrigin()-> canAccessCheckSuborigins(targetOrigin); | 46 return accessingWindow && accessingWindow->document()->getSecurityOrigin()-> canAccessCheckSuborigins(targetOrigin); |
47 } | 47 } |
48 | 48 |
49 static bool canAccessFrame(v8::Isolate* isolate, const LocalDOMWindow* accessing Window, const SecurityOrigin* targetFrameOrigin, const DOMWindow* targetWindow, ExceptionState& exceptionState) | 49 static bool canAccessFrame(v8::Isolate* isolate, const LocalDOMWindow* accessing Window, const SecurityOrigin* targetFrameOrigin, const DOMWindow* targetWindow, ExceptionState& exceptionState) |
50 { | 50 { |
51 ASSERT_WITH_SECURITY_IMPLICATION(!(targetWindow && targetWindow->frame()) || targetWindow == targetWindow->frame()->domWindow()); | 51 ASSERT_WITH_SECURITY_IMPLICATION(!(targetWindow && targetWindow->frame()) || targetWindow == targetWindow->frame()->domWindow()); |
52 | 52 |
53 if (isOriginAccessibleFromDOMWindow(targetFrameOrigin, accessingWindow)) | 53 if (targetWindow->isLocalDOMWindow() && isOriginAccessibleFromDOMWindow(targ etFrameOrigin, accessingWindow)) |
haraken
2016/04/13 04:43:19
isOriginAccessibleFromDOMWindow has already been h
| |
54 return true; | 54 return true; |
55 | 55 |
56 if (targetWindow) | 56 if (targetWindow) |
57 exceptionState.throwSecurityError(targetWindow->sanitizedCrossDomainAcce ssErrorMessage(accessingWindow), targetWindow->crossDomainAccessErrorMessage(acc essingWindow)); | 57 exceptionState.throwSecurityError(targetWindow->sanitizedCrossDomainAcce ssErrorMessage(accessingWindow), targetWindow->crossDomainAccessErrorMessage(acc essingWindow)); |
58 return false; | 58 return false; |
59 } | 59 } |
60 | 60 |
61 static bool canAccessFrame(v8::Isolate* isolate, const LocalDOMWindow* accessing Window, SecurityOrigin* targetFrameOrigin, const DOMWindow* targetWindow, Securi tyReportingOption reportingOption = ReportSecurityError) | 61 static bool canAccessFrame(v8::Isolate* isolate, const LocalDOMWindow* accessing Window, SecurityOrigin* targetFrameOrigin, const DOMWindow* targetWindow, Securi tyReportingOption reportingOption = ReportSecurityError) |
62 { | 62 { |
63 ASSERT_WITH_SECURITY_IMPLICATION(!(targetWindow && targetWindow->frame()) || targetWindow == targetWindow->frame()->domWindow()); | 63 ASSERT_WITH_SECURITY_IMPLICATION(!(targetWindow && targetWindow->frame()) || targetWindow == targetWindow->frame()->domWindow()); |
64 | 64 |
65 if (isOriginAccessibleFromDOMWindow(targetFrameOrigin, accessingWindow)) | 65 if (targetWindow->isLocalDOMWindow() && isOriginAccessibleFromDOMWindow(targ etFrameOrigin, accessingWindow)) |
66 return true; | 66 return true; |
67 | 67 |
68 if (reportingOption == ReportSecurityError && targetWindow) | 68 if (reportingOption == ReportSecurityError && targetWindow) |
69 accessingWindow->printErrorMessage(targetWindow->crossDomainAccessErrorM essage(accessingWindow)); | 69 accessingWindow->printErrorMessage(targetWindow->crossDomainAccessErrorM essage(accessingWindow)); |
70 return false; | 70 return false; |
71 } | 71 } |
72 | 72 |
73 bool BindingSecurity::shouldAllowAccessTo(v8::Isolate* isolate, const LocalDOMWi ndow* accessingWindow, const DOMWindow* target, ExceptionState& exceptionState) | 73 bool BindingSecurity::shouldAllowAccessTo(v8::Isolate* isolate, const LocalDOMWi ndow* accessingWindow, const DOMWindow* target, ExceptionState& exceptionState) |
74 { | 74 { |
75 ASSERT(target); | 75 ASSERT(target); |
(...skipping 70 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
146 } | 146 } |
147 | 147 |
148 bool BindingSecurity::shouldAllowAccessToFrame(v8::Isolate* isolate, const Local DOMWindow* accessingWindow, const Frame* target, SecurityReportingOption reporti ngOption) | 148 bool BindingSecurity::shouldAllowAccessToFrame(v8::Isolate* isolate, const Local DOMWindow* accessingWindow, const Frame* target, SecurityReportingOption reporti ngOption) |
149 { | 149 { |
150 if (!target || !target->securityContext()) | 150 if (!target || !target->securityContext()) |
151 return false; | 151 return false; |
152 return canAccessFrame(isolate, accessingWindow, target->securityContext()->g etSecurityOrigin(), target->domWindow(), reportingOption); | 152 return canAccessFrame(isolate, accessingWindow, target->securityContext()->g etSecurityOrigin(), target->domWindow(), reportingOption); |
153 } | 153 } |
154 | 154 |
155 } // namespace blink | 155 } // namespace blink |
OLD | NEW |