Chromium Code Reviews Chromium Code Reviews
Issue 1887553002:
Make sure binding security checks don't pass if the frame is remote. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 /* | 1 /* |
| 2 * Copyright (C) 2009 Google Inc. All rights reserved. | 2 * Copyright (C) 2009 Google Inc. All rights reserved. |
| 3 * | 3 * |
| 4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
| 5 * modification, are permitted provided that the following conditions are | 5 * modification, are permitted provided that the following conditions are |
| 6 * met: | 6 * met: |
| 7 * | 7 * |
| 8 * * Redistributions of source code must retain the above copyright | 8 * * Redistributions of source code must retain the above copyright |
| 9 * notice, this list of conditions and the following disclaimer. | 9 * notice, this list of conditions and the following disclaimer. |
| 10 * * Redistributions in binary form must reproduce the above | 10 * * Redistributions in binary form must reproduce the above |
| (...skipping 32 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 43 | 43 |
| 44 static bool isOriginAccessibleFromDOMWindow(const SecurityOrigin* targetOrigin, const LocalDOMWindow* accessingWindow) | 44 static bool isOriginAccessibleFromDOMWindow(const SecurityOrigin* targetOrigin, const LocalDOMWindow* accessingWindow) |
| 45 { | 45 { |
| 46 return accessingWindow && accessingWindow->document()->getSecurityOrigin()-> canAccessCheckSuborigins(targetOrigin); | 46 return accessingWindow && accessingWindow->document()->getSecurityOrigin()-> canAccessCheckSuborigins(targetOrigin); |
| 47 } | 47 } |
| 48 | 48 |
| 49 static bool canAccessFrame(v8::Isolate* isolate, const LocalDOMWindow* accessing Window, const SecurityOrigin* targetFrameOrigin, const DOMWindow* targetWindow, ExceptionState& exceptionState) | 49 static bool canAccessFrame(v8::Isolate* isolate, const LocalDOMWindow* accessing Window, const SecurityOrigin* targetFrameOrigin, const DOMWindow* targetWindow, ExceptionState& exceptionState) |
| 50 { | 50 { |
| 51 ASSERT_WITH_SECURITY_IMPLICATION(!(targetWindow && targetWindow->frame()) || targetWindow == targetWindow->frame()->domWindow()); | 51 ASSERT_WITH_SECURITY_IMPLICATION(!(targetWindow && targetWindow->frame()) || targetWindow == targetWindow->frame()->domWindow()); |
| 52 | 52 |
| 53 if (isOriginAccessibleFromDOMWindow(targetFrameOrigin, accessingWindow)) | 53 if (targetWindow->isLocalDOMWindow() && isOriginAccessibleFromDOMWindow(targ etFrameOrigin, accessingWindow)) |
|
haraken
2016/04/13 04:43:19
isOriginAccessibleFromDOMWindow has already been h
| |
| 54 return true; | 54 return true; |
| 55 | 55 |
| 56 if (targetWindow) | 56 if (targetWindow) |
| 57 exceptionState.throwSecurityError(targetWindow->sanitizedCrossDomainAcce ssErrorMessage(accessingWindow), targetWindow->crossDomainAccessErrorMessage(acc essingWindow)); | 57 exceptionState.throwSecurityError(targetWindow->sanitizedCrossDomainAcce ssErrorMessage(accessingWindow), targetWindow->crossDomainAccessErrorMessage(acc essingWindow)); |
| 58 return false; | 58 return false; |
| 59 } | 59 } |
| 60 | 60 |
| 61 static bool canAccessFrame(v8::Isolate* isolate, const LocalDOMWindow* accessing Window, SecurityOrigin* targetFrameOrigin, const DOMWindow* targetWindow, Securi tyReportingOption reportingOption = ReportSecurityError) | 61 static bool canAccessFrame(v8::Isolate* isolate, const LocalDOMWindow* accessing Window, SecurityOrigin* targetFrameOrigin, const DOMWindow* targetWindow, Securi tyReportingOption reportingOption = ReportSecurityError) |
| 62 { | 62 { |
| 63 ASSERT_WITH_SECURITY_IMPLICATION(!(targetWindow && targetWindow->frame()) || targetWindow == targetWindow->frame()->domWindow()); | 63 ASSERT_WITH_SECURITY_IMPLICATION(!(targetWindow && targetWindow->frame()) || targetWindow == targetWindow->frame()->domWindow()); |
| 64 | 64 |
| 65 if (isOriginAccessibleFromDOMWindow(targetFrameOrigin, accessingWindow)) | 65 if (targetWindow->isLocalDOMWindow() && isOriginAccessibleFromDOMWindow(targ etFrameOrigin, accessingWindow)) |
| 66 return true; | 66 return true; |
| 67 | 67 |
| 68 if (reportingOption == ReportSecurityError && targetWindow) | 68 if (reportingOption == ReportSecurityError && targetWindow) |
| 69 accessingWindow->printErrorMessage(targetWindow->crossDomainAccessErrorM essage(accessingWindow)); | 69 accessingWindow->printErrorMessage(targetWindow->crossDomainAccessErrorM essage(accessingWindow)); |
| 70 return false; | 70 return false; |
| 71 } | 71 } |
| 72 | 72 |
| 73 bool BindingSecurity::shouldAllowAccessTo(v8::Isolate* isolate, const LocalDOMWi ndow* accessingWindow, const DOMWindow* target, ExceptionState& exceptionState) | 73 bool BindingSecurity::shouldAllowAccessTo(v8::Isolate* isolate, const LocalDOMWi ndow* accessingWindow, const DOMWindow* target, ExceptionState& exceptionState) |
| 74 { | 74 { |
| 75 ASSERT(target); | 75 ASSERT(target); |
| (...skipping 70 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 146 } | 146 } |
| 147 | 147 |
| 148 bool BindingSecurity::shouldAllowAccessToFrame(v8::Isolate* isolate, const Local DOMWindow* accessingWindow, const Frame* target, SecurityReportingOption reporti ngOption) | 148 bool BindingSecurity::shouldAllowAccessToFrame(v8::Isolate* isolate, const Local DOMWindow* accessingWindow, const Frame* target, SecurityReportingOption reporti ngOption) |
| 149 { | 149 { |
| 150 if (!target || !target->securityContext()) | 150 if (!target || !target->securityContext()) |
| 151 return false; | 151 return false; |
| 152 return canAccessFrame(isolate, accessingWindow, target->securityContext()->g etSecurityOrigin(), target->domWindow(), reportingOption); | 152 return canAccessFrame(isolate, accessingWindow, target->securityContext()->g etSecurityOrigin(), target->domWindow(), reportingOption); |
| 153 } | 153 } |
| 154 | 154 |
| 155 } // namespace blink | 155 } // namespace blink |
| OLD | NEW |
