Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(4)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: third_party/WebKit/Source/bindings/core/v8/BindingSecurity.cpp

Issue 1887553002: Make sure binding security checks don't pass if the frame is remote. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: address comments / add more comments Created 4 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« content/browser/frame_host/render_frame_host_manager_browsertest.cc ('K') | « content/browser/frame_host/render_frame_host_manager_browsertest.cc ('k') | third_party/WebKit/Source/core/frame/DOMWindow.cpp » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * Copyright (C) 2009 Google Inc. All rights reserved. 2 * Copyright (C) 2009 Google Inc. All rights reserved.
3 * 3 *
4 * Redistribution and use in source and binary forms, with or without 4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions are 5 * modification, are permitted provided that the following conditions are
6 * met: 6 * met:
7 * 7 *
8 * * Redistributions of source code must retain the above copyright 8 * * Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer. 9 * notice, this list of conditions and the following disclaimer.
10 * * Redistributions in binary form must reproduce the above 10 * * Redistributions in binary form must reproduce the above
(...skipping 32 matching lines...) Expand 10 before | Expand all | Expand 10 after
43 43
44 static bool isOriginAccessibleFromDOMWindow(const SecurityOrigin* targetOrigin, const LocalDOMWindow* accessingWindow) 44 static bool isOriginAccessibleFromDOMWindow(const SecurityOrigin* targetOrigin, const LocalDOMWindow* accessingWindow)
45 { 45 {
46 return accessingWindow && accessingWindow->document()->getSecurityOrigin()-> canAccessCheckSuborigins(targetOrigin); 46 return accessingWindow && accessingWindow->document()->getSecurityOrigin()-> canAccessCheckSuborigins(targetOrigin);
47 } 47 }
48 48
49 static bool canAccessFrame(v8::Isolate* isolate, const LocalDOMWindow* accessing Window, const SecurityOrigin* targetFrameOrigin, const DOMWindow* targetWindow, ExceptionState& exceptionState) 49 static bool canAccessFrame(v8::Isolate* isolate, const LocalDOMWindow* accessing Window, const SecurityOrigin* targetFrameOrigin, const DOMWindow* targetWindow, ExceptionState& exceptionState)
50 { 50 {
51 ASSERT_WITH_SECURITY_IMPLICATION(!(targetWindow && targetWindow->frame()) || targetWindow == targetWindow->frame()->domWindow()); 51 ASSERT_WITH_SECURITY_IMPLICATION(!(targetWindow && targetWindow->frame()) || targetWindow == targetWindow->frame()->domWindow());
52 52
53 if (isOriginAccessibleFromDOMWindow(targetFrameOrigin, accessingWindow)) 53 // It's important to check that targetWindow is a LocalDOMWindow: it's
54 // possible for a remote frame and local frame to have the same security
55 // origin, depending on the model being used to allocate Frames between
56 // processes. See https://crbug.com/601629
Charlie Reis 2016/04/13 16:45:56 nit: End with period, here and below (as you did i
dcheng 2016/04/13 17:13:01 Done.
57 if (targetWindow->isLocalDOMWindow() && isOriginAccessibleFromDOMWindow(targ etFrameOrigin, accessingWindow))
54 return true; 58 return true;
55 59
56 if (targetWindow) 60 if (targetWindow)
57 exceptionState.throwSecurityError(targetWindow->sanitizedCrossDomainAcce ssErrorMessage(accessingWindow), targetWindow->crossDomainAccessErrorMessage(acc essingWindow)); 61 exceptionState.throwSecurityError(targetWindow->sanitizedCrossDomainAcce ssErrorMessage(accessingWindow), targetWindow->crossDomainAccessErrorMessage(acc essingWindow));
58 return false; 62 return false;
59 } 63 }
60 64
61 static bool canAccessFrame(v8::Isolate* isolate, const LocalDOMWindow* accessing Window, SecurityOrigin* targetFrameOrigin, const DOMWindow* targetWindow, Securi tyReportingOption reportingOption = ReportSecurityError) 65 static bool canAccessFrame(v8::Isolate* isolate, const LocalDOMWindow* accessing Window, SecurityOrigin* targetFrameOrigin, const DOMWindow* targetWindow, Securi tyReportingOption reportingOption = ReportSecurityError)
62 { 66 {
63 ASSERT_WITH_SECURITY_IMPLICATION(!(targetWindow && targetWindow->frame()) || targetWindow == targetWindow->frame()->domWindow()); 67 ASSERT_WITH_SECURITY_IMPLICATION(!(targetWindow && targetWindow->frame()) || targetWindow == targetWindow->frame()->domWindow());
64 68
65 if (isOriginAccessibleFromDOMWindow(targetFrameOrigin, accessingWindow)) 69 // It's important to check that targetWindow is a LocalDOMWindow: it's
70 // possible for a remote frame and local frame to have the same security
71 // origin, depending on the model being used to allocate Frames between
72 // processes. See https://crbug.com/601629
73 if (targetWindow->isLocalDOMWindow() && isOriginAccessibleFromDOMWindow(targ etFrameOrigin, accessingWindow))
66 return true; 74 return true;
67 75
68 if (reportingOption == ReportSecurityError && targetWindow) 76 if (reportingOption == ReportSecurityError && targetWindow)
69 accessingWindow->printErrorMessage(targetWindow->crossDomainAccessErrorM essage(accessingWindow)); 77 accessingWindow->printErrorMessage(targetWindow->crossDomainAccessErrorM essage(accessingWindow));
70 return false; 78 return false;
71 } 79 }
72 80
73 bool BindingSecurity::shouldAllowAccessTo(v8::Isolate* isolate, const LocalDOMWi ndow* accessingWindow, const DOMWindow* target, ExceptionState& exceptionState) 81 bool BindingSecurity::shouldAllowAccessTo(v8::Isolate* isolate, const LocalDOMWi ndow* accessingWindow, const DOMWindow* target, ExceptionState& exceptionState)
74 { 82 {
75 ASSERT(target); 83 ASSERT(target);
(...skipping 70 matching lines...) Expand 10 before | Expand all | Expand 10 after
146 } 154 }
147 155
148 bool BindingSecurity::shouldAllowAccessToFrame(v8::Isolate* isolate, const Local DOMWindow* accessingWindow, const Frame* target, SecurityReportingOption reporti ngOption) 156 bool BindingSecurity::shouldAllowAccessToFrame(v8::Isolate* isolate, const Local DOMWindow* accessingWindow, const Frame* target, SecurityReportingOption reporti ngOption)
149 { 157 {
150 if (!target || !target->securityContext()) 158 if (!target || !target->securityContext())
151 return false; 159 return false;
152 return canAccessFrame(isolate, accessingWindow, target->securityContext()->g etSecurityOrigin(), target->domWindow(), reportingOption); 160 return canAccessFrame(isolate, accessingWindow, target->securityContext()->g etSecurityOrigin(), target->domWindow(), reportingOption);
153 } 161 }
154 162
155 } // namespace blink 163 } // namespace blink
OLDNEW
« content/browser/frame_host/render_frame_host_manager_browsertest.cc ('K') | « content/browser/frame_host/render_frame_host_manager_browsertest.cc ('k') | third_party/WebKit/Source/core/frame/DOMWindow.cpp » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698