service worker: Don't control a subframe of an insecure context

third_party/WebKit/Source/core/dom/Document.cpp

 /*
  * Copyright (C) 1999 Lars Knoll (knoll@kde.org)
  *           (C) 1999 Antti Koivisto (koivisto@kde.org)
  *           (C) 2001 Dirk Mueller (mueller@kde.org)
  *           (C) 2006 Alexey Proskuryakov (ap@webkit.org)
  * Copyright (C) 2004, 2005, 2006, 2007, 2008, 2009, 2011, 2012 Apple Inc. All rights reserved.
  * Copyright (C) 2008, 2009 Torch Mobile Inc. All rights reserved. (http://www.torchmobile.com/)
  * Copyright (C) 2008, 2009, 2011, 2012 Google Inc. All rights reserved.
  * Copyright (C) 2010 Nokia Corporation and/or its subsidiary(-ies)
  * Copyright (C) Research In Motion Limited 2010-2011. All rights reserved.
@@ skipping 336 matching lines @@
     return toLayoutPart(layoutObject)->widget();
 }
 
 static bool acceptsEditingFocus(const Element& element)
 {
     DCHECK(element.hasEditableStyle());
 
     return element.document().frame() && element.rootEditableElement();
 }
 
-static bool isOriginPotentiallyTrustworthy(SecurityOrigin* origin, String* errorMessage)
-{
-    if (origin->isPotentiallyTrustworthy())
-        return true;
-    if (errorMessage)
-        *errorMessage = origin->isPotentiallyTrustworthyErrorMessage();
-    return false;
-}
-
 uint64_t Document::s_globalTreeVersion = 0;
 
 static bool s_threadedParsingEnabledForTesting = true;
 
 using WeakDocumentSet = PersistentHeapHashSet<WeakMember<Document>>;
 
 static WeakDocumentSet& liveDocumentSet()
 {
     DEFINE_STATIC_LOCAL(WeakDocumentSet, set, ());
     return set;
@@ skipping 2966 matching lines @@
     // Additionally, with
     //   <iframe src="scheme-has-exception://host">
     //     <iframe src="http://host"></iframe>
     //     <iframe sandbox src="http://host"></iframe>
     //   </iframe>
     // both inner iframes would fail the check, even though the outermost iframe
     // passes.
     //
     // In all cases, a frame must be potentially trustworthy in addition to
     // having an exception listed in order for the exception to be granted.
-    if (!isOriginPotentiallyTrustworthy(getSecurityOrigin(), errorMessage))
+    if (!getSecurityOrigin()->isPotentiallyTrustworthy()) {
+        if (errorMessage)
+            *errorMessage = SecurityOrigin::isPotentiallyTrustworthyErrorMessage();
         return false;
+    }
 
     if (SchemeRegistry::schemeShouldBypassSecureContextCheck(getSecurityOrigin()->protocol()))
         return true;
 
     if (privilegeContextCheck == StandardSecureContextCheck) {
-        if (!m_frame)
-            return true;
-        Frame* parent = m_frame->tree().parent();
-        while (parent) {
-            if (!isOriginPotentiallyTrustworthy(parent->securityContext()->getSecurityOrigin(), errorMessage))
-                return false;
-            parent = parent->tree().parent();
+        Frame* parent = m_frame ? m_frame->tree().parent() : nullptr;
+        if (parent && !parent->canHaveSecureChild()) {
+            if (errorMessage)
+                *errorMessage = SecurityOrigin::isPotentiallyTrustworthyErrorMessage();
+            return false;
         }
     }
     return true;
 }
 
 StyleSheetList& Document::styleSheets()
 {
     if (!m_styleSheetList)
         m_styleSheetList = StyleSheetList::create(this);
     return *m_styleSheetList;
@@ skipping 2623 matching lines @@
 #ifndef NDEBUG
 using namespace blink;
 void showLiveDocumentInstances()
 {
     WeakDocumentSet& set = liveDocumentSet();
     fprintf(stderr, "There are %u documents currently alive:\n", set.size());
     for (Document* document : set)
         fprintf(stderr, "- Document %p URL: %s\n", document, document->url().getString().utf8().data());
 }
 #endif