OLD | NEW |
1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "core/frame/DOMWindow.h" | 5 #include "core/frame/DOMWindow.h" |
6 | 6 |
7 #include "bindings/core/v8/ScriptCallStack.h" | 7 #include "bindings/core/v8/ScriptCallStack.h" |
8 #include "core/dom/Document.h" | 8 #include "core/dom/Document.h" |
9 #include "core/dom/ExceptionCode.h" | 9 #include "core/dom/ExceptionCode.h" |
10 #include "core/dom/ExecutionContext.h" | 10 #include "core/dom/ExecutionContext.h" |
11 #include "core/dom/SecurityContext.h" | 11 #include "core/dom/SecurityContext.h" |
12 #include "core/events/MessageEvent.h" | 12 #include "core/events/MessageEvent.h" |
13 #include "core/frame/Frame.h" | 13 #include "core/frame/Frame.h" |
14 #include "core/frame/FrameClient.h" | 14 #include "core/frame/FrameClient.h" |
15 #include "core/frame/FrameConsole.h" | 15 #include "core/frame/FrameConsole.h" |
16 #include "core/frame/LocalDOMWindow.h" | 16 #include "core/frame/LocalDOMWindow.h" |
17 #include "core/frame/Location.h" | 17 #include "core/frame/Location.h" |
| 18 #include "core/frame/RemoteDOMWindow.h" |
18 #include "core/frame/RemoteFrame.h" | 19 #include "core/frame/RemoteFrame.h" |
19 #include "core/frame/Settings.h" | 20 #include "core/frame/Settings.h" |
20 #include "core/frame/UseCounter.h" | 21 #include "core/frame/UseCounter.h" |
21 #include "core/input/EventHandler.h" | 22 #include "core/input/EventHandler.h" |
22 #include "core/inspector/ConsoleMessageStorage.h" | 23 #include "core/inspector/ConsoleMessageStorage.h" |
23 #include "core/inspector/InspectorInstrumentation.h" | 24 #include "core/inspector/InspectorInstrumentation.h" |
24 #include "core/loader/FrameLoaderClient.h" | 25 #include "core/loader/FrameLoaderClient.h" |
25 #include "core/loader/MixedContentChecker.h" | 26 #include "core/loader/MixedContentChecker.h" |
26 #include "core/page/ChromeClient.h" | 27 #include "core/page/ChromeClient.h" |
27 #include "core/page/FocusController.h" | 28 #include "core/page/FocusController.h" |
(...skipping 185 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
213 String sourceOrigin = (hasSuborigin && securityOrigin->suborigin()->policyCo
ntains(unsafeSendOpt)) ? securityOrigin->toPhysicalOriginString() : securityOrig
in->toString(); | 214 String sourceOrigin = (hasSuborigin && securityOrigin->suborigin()->policyCo
ntains(unsafeSendOpt)) ? securityOrigin->toPhysicalOriginString() : securityOrig
in->toString(); |
214 String sourceSuborigin = hasSuborigin ? securityOrigin->suborigin()->name()
: String(); | 215 String sourceSuborigin = hasSuborigin ? securityOrigin->suborigin()->name()
: String(); |
215 | 216 |
216 KURL targetUrl = isLocalDOMWindow() ? document()->url() : KURL(KURL(), frame
()->securityContext()->getSecurityOrigin()->toString()); | 217 KURL targetUrl = isLocalDOMWindow() ? document()->url() : KURL(KURL(), frame
()->securityContext()->getSecurityOrigin()->toString()); |
217 if (MixedContentChecker::isMixedContent(sourceDocument->getSecurityOrigin(),
targetUrl)) | 218 if (MixedContentChecker::isMixedContent(sourceDocument->getSecurityOrigin(),
targetUrl)) |
218 UseCounter::count(frame(), UseCounter::PostMessageFromSecureToInsecure); | 219 UseCounter::count(frame(), UseCounter::PostMessageFromSecureToInsecure); |
219 else if (MixedContentChecker::isMixedContent(frame()->securityContext()->get
SecurityOrigin(), sourceDocument->url())) | 220 else if (MixedContentChecker::isMixedContent(frame()->securityContext()->get
SecurityOrigin(), sourceDocument->url())) |
220 UseCounter::count(frame(), UseCounter::PostMessageFromInsecureToSecure); | 221 UseCounter::count(frame(), UseCounter::PostMessageFromInsecureToSecure); |
221 | 222 |
222 MessageEvent* event = MessageEvent::create(std::move(channels), message, sou
rceOrigin, String(), source, sourceSuborigin); | 223 MessageEvent* event = MessageEvent::create(std::move(channels), message, sou
rceOrigin, String(), source, sourceSuborigin); |
223 // Give the embedder a chance to intercept this postMessage. If the | |
224 // target is a remote frame, the message will be forwarded through the | |
225 // browser process. | |
226 if (frame()->client()->willCheckAndDispatchMessageEvent(target.get(), event,
source->document()->frame())) | |
227 return; | |
228 | 224 |
229 // Capture stack trace only when inspector front-end is loaded as it may be
time consuming. | 225 schedulePostMessage(event, std::move(target), sourceDocument); |
230 RefPtr<ScriptCallStack> stackTrace; | |
231 if (InspectorInstrumentation::consoleAgentEnabled(sourceDocument)) | |
232 stackTrace = ScriptCallStack::capture(); | |
233 | |
234 blink::toLocalDOMWindow(this)->schedulePostMessage(event, target.get(), stac
kTrace.release()); | |
235 } | 226 } |
236 | 227 |
237 // FIXME: Once we're throwing exceptions for cross-origin access violations, we
will always sanitize the target | 228 // FIXME: Once we're throwing exceptions for cross-origin access violations, we
will always sanitize the target |
238 // frame details, so we can safely combine 'crossDomainAccessErrorMessage' with
this method after considering | 229 // frame details, so we can safely combine 'crossDomainAccessErrorMessage' with
this method after considering |
239 // exactly which details may be exposed to JavaScript. | 230 // exactly which details may be exposed to JavaScript. |
240 // | 231 // |
241 // http://crbug.com/17325 | 232 // http://crbug.com/17325 |
242 String DOMWindow::sanitizedCrossDomainAccessErrorMessage(const LocalDOMWindow* c
allingWindow) const | 233 String DOMWindow::sanitizedCrossDomainAccessErrorMessage(const LocalDOMWindow* c
allingWindow) const |
243 { | 234 { |
244 if (!callingWindow || !callingWindow->document() || !frame()) | 235 if (!callingWindow || !callingWindow->document() || !frame()) |
(...skipping 132 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
377 page->focusController().focusDocumentView(frame(), true /* notifyEmbedder */
); | 368 page->focusController().focusDocumentView(frame(), true /* notifyEmbedder */
); |
378 } | 369 } |
379 | 370 |
380 DEFINE_TRACE(DOMWindow) | 371 DEFINE_TRACE(DOMWindow) |
381 { | 372 { |
382 visitor->trace(m_location); | 373 visitor->trace(m_location); |
383 EventTargetWithInlineData::trace(visitor); | 374 EventTargetWithInlineData::trace(visitor); |
384 } | 375 } |
385 | 376 |
386 } // namespace blink | 377 } // namespace blink |
OLD | NEW |