Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(243)

Unified Diff: Source/bindings/v8/V8Initializer.cpp

Issue 19095003: Throw 'SecurityError' upon cross-origin Location access. (Closed) Base URL: svn://svn.chromium.org/blink/trunk
Patch Set: Created 7 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « LayoutTests/http/tests/security/xssAuditor/xss-protection-parsing-04-expected.txt ('k') | no next file » | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: Source/bindings/v8/V8Initializer.cpp
diff --git a/Source/bindings/v8/V8Initializer.cpp b/Source/bindings/v8/V8Initializer.cpp
index c1ff7cb8959d8321abe3484d4cd3a8cce099ad9d..cfa378a1c6bb2146d9e149f49e30386af9bda1c0 100644
--- a/Source/bindings/v8/V8Initializer.cpp
+++ b/Source/bindings/v8/V8Initializer.cpp
@@ -35,6 +35,7 @@
#include "bindings/v8/V8GCController.h"
#include "bindings/v8/V8PerContextData.h"
#include "core/dom/Document.h"
+#include "core/dom/ExceptionCode.h"
#include "core/inspector/ScriptCallStack.h"
#include "core/page/ConsoleTypes.h"
#include "core/page/ContentSecurityPolicy.h"
@@ -103,6 +104,11 @@ static void failedAccessCheckCallbackInMainThread(v8::Local<v8::Object> host, v8
return;
DOMWindow* targetWindow = target->document()->domWindow();
targetWindow->printErrorMessage(targetWindow->crossDomainAccessErrorMessage(activeDOMWindow()));
+
+ // Throw an exception for failed-access checks against Location objects, otherwise write to the console.
+ WrapperTypeInfo* typeInfo = WrapperTypeInfo::unwrap(data);
+ if (V8Location::info.equals(typeInfo))
+ setDOMException(SecurityError, v8::Isolate::GetCurrent());
abarth-chromium 2013/07/12 22:57:08 Why only location? Why not have every security vi
}
static bool codeGenerationCheckCallbackInMainThread(v8::Local<v8::Context> context)
« no previous file with comments | « LayoutTests/http/tests/security/xssAuditor/xss-protection-parsing-04-expected.txt ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698