Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(468)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: third_party/WebKit/Source/bindings/core/v8/BindingSecurity.cpp

Issue 1898303002: Make sure binding security checks don't pass if the frame is remote. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@2661
Patch Set: Created 4 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « content/browser/frame_host/render_frame_host_manager_browsertest.cc ('k') | third_party/WebKit/Source/core/frame/DOMWindow.cpp » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * Copyright (C) 2009 Google Inc. All rights reserved. 2 * Copyright (C) 2009 Google Inc. All rights reserved.
3 * 3 *
4 * Redistribution and use in source and binary forms, with or without 4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions are 5 * modification, are permitted provided that the following conditions are
6 * met: 6 * met:
7 * 7 *
8 * * Redistributions of source code must retain the above copyright 8 * * Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer. 9 * notice, this list of conditions and the following disclaimer.
10 * * Redistributions in binary form must reproduce the above 10 * * Redistributions in binary form must reproduce the above
(...skipping 31 matching lines...) Expand 10 before | Expand all | Expand 10 after
42 42
43 static bool isOriginAccessibleFromDOMWindow(const SecurityOrigin* targetOrigin, const LocalDOMWindow* accessingWindow) 43 static bool isOriginAccessibleFromDOMWindow(const SecurityOrigin* targetOrigin, const LocalDOMWindow* accessingWindow)
44 { 44 {
45 return accessingWindow && accessingWindow->document()->securityOrigin()->can AccessCheckSuborigins(targetOrigin); 45 return accessingWindow && accessingWindow->document()->securityOrigin()->can AccessCheckSuborigins(targetOrigin);
46 } 46 }
47 47
48 static bool canAccessFrame(v8::Isolate* isolate, const LocalDOMWindow* accessing Window, const SecurityOrigin* targetFrameOrigin, const DOMWindow* targetWindow, ExceptionState& exceptionState) 48 static bool canAccessFrame(v8::Isolate* isolate, const LocalDOMWindow* accessing Window, const SecurityOrigin* targetFrameOrigin, const DOMWindow* targetWindow, ExceptionState& exceptionState)
49 { 49 {
50 ASSERT_WITH_SECURITY_IMPLICATION(!(targetWindow && targetWindow->frame()) || targetWindow == targetWindow->frame()->domWindow()); 50 ASSERT_WITH_SECURITY_IMPLICATION(!(targetWindow && targetWindow->frame()) || targetWindow == targetWindow->frame()->domWindow());
51 51
52 if (isOriginAccessibleFromDOMWindow(targetFrameOrigin, accessingWindow)) 52 // It's important to check that targetWindow is a LocalDOMWindow: it's
53 // possible for a remote frame and local frame to have the same security
54 // origin, depending on the model being used to allocate Frames between
55 // processes. See https://crbug.com/601629.
56 if (targetWindow && targetWindow->isLocalDOMWindow() && isOriginAccessibleFr omDOMWindow(targetFrameOrigin, accessingWindow))
53 return true; 57 return true;
54 58
55 if (targetWindow) 59 if (targetWindow)
56 exceptionState.throwSecurityError(targetWindow->sanitizedCrossDomainAcce ssErrorMessage(accessingWindow), targetWindow->crossDomainAccessErrorMessage(acc essingWindow)); 60 exceptionState.throwSecurityError(targetWindow->sanitizedCrossDomainAcce ssErrorMessage(accessingWindow), targetWindow->crossDomainAccessErrorMessage(acc essingWindow));
57 return false; 61 return false;
58 } 62 }
59 63
60 static bool canAccessFrame(v8::Isolate* isolate, const LocalDOMWindow* accessing Window, SecurityOrigin* targetFrameOrigin, const DOMWindow* targetWindow, Securi tyReportingOption reportingOption = ReportSecurityError) 64 static bool canAccessFrame(v8::Isolate* isolate, const LocalDOMWindow* accessing Window, SecurityOrigin* targetFrameOrigin, const DOMWindow* targetWindow, Securi tyReportingOption reportingOption = ReportSecurityError)
61 { 65 {
62 ASSERT_WITH_SECURITY_IMPLICATION(!(targetWindow && targetWindow->frame()) || targetWindow == targetWindow->frame()->domWindow()); 66 ASSERT_WITH_SECURITY_IMPLICATION(!(targetWindow && targetWindow->frame()) || targetWindow == targetWindow->frame()->domWindow());
63 67
64 if (isOriginAccessibleFromDOMWindow(targetFrameOrigin, accessingWindow)) 68 // It's important to check that targetWindow is a LocalDOMWindow: it's
69 // possible for a remote frame and local frame to have the same security
70 // origin, depending on the model being used to allocate Frames between
71 // processes. See https://crbug.com/601629.
72 if (targetWindow->isLocalDOMWindow() && isOriginAccessibleFromDOMWindow(targ etFrameOrigin, accessingWindow))
65 return true; 73 return true;
66 74
67 if (reportingOption == ReportSecurityError && targetWindow) 75 if (reportingOption == ReportSecurityError && targetWindow)
68 accessingWindow->printErrorMessage(targetWindow->crossDomainAccessErrorM essage(accessingWindow)); 76 accessingWindow->printErrorMessage(targetWindow->crossDomainAccessErrorM essage(accessingWindow));
69 return false; 77 return false;
70 } 78 }
71 79
72 bool BindingSecurity::shouldAllowAccessTo(v8::Isolate* isolate, const LocalDOMWi ndow* accessingWindow, const DOMWindow* target, ExceptionState& exceptionState) 80 bool BindingSecurity::shouldAllowAccessTo(v8::Isolate* isolate, const LocalDOMWi ndow* accessingWindow, const DOMWindow* target, ExceptionState& exceptionState)
73 { 81 {
74 ASSERT(target); 82 ASSERT(target);
(...skipping 61 matching lines...) Expand 10 before | Expand all | Expand 10 after
136 } 144 }
137 145
138 bool BindingSecurity::shouldAllowAccessToFrame(v8::Isolate* isolate, const Local DOMWindow* accessingWindow, const Frame* target, SecurityReportingOption reporti ngOption) 146 bool BindingSecurity::shouldAllowAccessToFrame(v8::Isolate* isolate, const Local DOMWindow* accessingWindow, const Frame* target, SecurityReportingOption reporti ngOption)
139 { 147 {
140 if (!target || !target->securityContext()) 148 if (!target || !target->securityContext())
141 return false; 149 return false;
142 return canAccessFrame(isolate, accessingWindow, target->securityContext()->s ecurityOrigin(), target->domWindow(), reportingOption); 150 return canAccessFrame(isolate, accessingWindow, target->securityContext()->s ecurityOrigin(), target->domWindow(), reportingOption);
143 } 151 }
144 152
145 } // namespace blink 153 } // namespace blink
OLDNEW
« no previous file with comments | « content/browser/frame_host/render_frame_host_manager_browsertest.cc ('k') | third_party/WebKit/Source/core/frame/DOMWindow.cpp » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698