binding: Moves the check for the first access to the initial document into BindingSecurity.

third_party/WebKit/Source/bindings/templates/interface_base.cpp

 {% include 'copyright_block.txt' %}
 #include "{{v8_class_or_partial}}.h"
 
 {% for filename in cpp_includes if filename != '%s.h' % cpp_class_or_partial %}
 #include "{{filename}}"
 {% endfor %}
 
 namespace blink {
 {% set to_active_scriptwrappable = '%s::toActiveScriptWrappable' % v8_class
                                    if active_scriptwrappable else '0' %}
@@ skipping 70 matching lines @@
 {% block security_check_functions %}
 {% if has_access_check_callbacks and not is_partial %}
 bool securityCheck(v8::Local<v8::Context> accessingContext, v8::Local<v8::Object> accessedObject, v8::Local<v8::Value> data)
 {
     {% if interface_name == 'Window' %}
     v8::Isolate* isolate = v8::Isolate::GetCurrent();
     v8::Local<v8::Object> window = V8Window::findInstanceInPrototypeChain(accessedObject, isolate);
     if (window.IsEmpty())
         return false; // the frame is gone.
 
-    DOMWindow* targetWindow = V8Window::toImpl(window);
-    ASSERT(targetWindow);
-    if (!targetWindow->isLocalDOMWindow())
-        return false;
-
-    LocalFrame* targetFrame = toLocalDOMWindow(targetWindow)->frame();
-    if (!targetFrame)
-        return false;
-
-    // Notify the loader's client if the initial document has been accessed.
-    if (targetFrame->loader().stateMachine()->isDisplayingInitialEmptyDocument())
-        targetFrame->loader().didAccessInitialDocument();

[haraken, 2016/08/13 02:29:36]

You're saying that this CL will call didAccessInitialDocument more often, but
that's not necessarily the case here. Before this CL, didAccessInitialDocument
was called for an access where shouldAllowAccessTo returns false. After this CL,
didAccessInitialDocument is called only when shouldAllowAccessTo returns true.

The change looks good to me but just want to confirm that that is your
intention.

[Yuki, 2016/08/15 03:42:58]

You're right.  Not necessarily, but it's intentional.  If a window does not have
access to another window, there must be no chance to modify the initial document
of another window.  So, there is no need to call didAccessInitialDocument.

Having said that, it's also true that there are more call sites of
BindingSecurity::shouldAllowAccessTo() than the call sites of securityCheck().

-
+    const DOMWindow* targetWindow = V8Window::toImpl(window);
     return BindingSecurity::shouldAllowAccessTo(isolate, toLocalDOMWindow(toDOMWindow(accessingContext)), targetWindow, DoNotReportSecurityError);
     {% else %}{# if interface_name == 'Window' #}
     {# Not 'Window' means it\'s Location. #}
     {{cpp_class}}* impl = {{v8_class}}::toImpl(accessedObject);
     return BindingSecurity::shouldAllowAccessTo(v8::Isolate::GetCurrent(), toLocalDOMWindow(toDOMWindow(accessingContext)), impl, DoNotReportSecurityError);
     {% endif %}{# if interface_name == 'Window' #}
 }
 
 {% endif %}
 {% endblock %}
@@ skipping 316 matching lines @@
 {{method_implemented_in_private_script(method)}}
 {% endfor %}
 {% for attribute in attributes if attribute.is_implemented_in_private_script %}
 {{attribute_getter_implemented_in_private_script(attribute)}}
 {% if attribute.has_setter %}
 {{attribute_setter_implemented_in_private_script(attribute)}}
 {% endif %}
 {% endfor %}
 {% block partial_interface %}{% endblock %}
 } // namespace blink