| OLD | NEW |
|---|
| 1 /* | 1 /* |
| 2 * Copyright (C) 2009 Google Inc. All rights reserved. | 2 * Copyright (C) 2009 Google Inc. All rights reserved. |
| 3 * | 3 * |
| 4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
| 5 * modification, are permitted provided that the following conditions are | 5 * modification, are permitted provided that the following conditions are |
| 6 * met: | 6 * met: |
| 7 * | 7 * |
| 8 * * Redistributions of source code must retain the above copyright | 8 * * Redistributions of source code must retain the above copyright |
| 9 * notice, this list of conditions and the following disclaimer. | 9 * notice, this list of conditions and the following disclaimer. |
| 10 * * Redistributions in binary form must reproduce the above | 10 * * Redistributions in binary form must reproduce the above |
| (...skipping 34 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 45 class LocalDOMWindow; | 45 class LocalDOMWindow; |
| 46 class Location; | 46 class Location; |
| 47 class MainThreadWorkletGlobalScope; | 47 class MainThreadWorkletGlobalScope; |
| 48 class Node; | 48 class Node; |
| 49 | 49 |
| 50 enum SecurityReportingOption { | 50 enum SecurityReportingOption { |
| 51 DoNotReportSecurityError, | 51 DoNotReportSecurityError, |
| 52 ReportSecurityError, | 52 ReportSecurityError, |
| 53 }; | 53 }; |
| 54 | 54 |
| 55 // TODO(yukishiino): Remove the first argument of v8::Isolate*. These functions |
| 56 // just check if it's accessible or not, and never create anything. So there is |
| 57 // no need to pass the isolate. |
| 55 class CORE_EXPORT BindingSecurity { | 58 class CORE_EXPORT BindingSecurity { |
| 56 STATIC_ONLY(BindingSecurity); | 59 STATIC_ONLY(BindingSecurity); |
| 57 public: | 60 public: |
| 58 // Check if the caller (|accessingWindow|) is allowed to access the JS | 61 // Check if the caller (|accessingWindow|) is allowed to access the JS |
| 59 // receiver object (|target|), where the receiver object is the JS object | 62 // receiver object (|target|), where the receiver object is the JS object |
| 60 // for which the DOM attribute or DOM operation is being invoked (in the | 63 // for which the DOM attribute or DOM operation is being invoked (in the |
| 61 // form of receiver.domAttr or receiver.domOp()). | 64 // form of receiver.domAttr or receiver.domOp()). |
| 62 // Note that only Window and Location objects are cross-origin accessible | 65 // Note that only Window and Location objects are cross-origin accessible |
| 63 // and that EventTarget interface is the parent interface of Window | 66 // and that EventTarget interface is the parent interface of Window |
| 64 // interface. So the receiver object must be of type DOMWindow, | 67 // interface. So the receiver object must be of type DOMWindow, |
| (...skipping 26 matching lines...) Expand all Loading... |
| 91 // it's not null. | 94 // it's not null. |
| 92 // | 95 // |
| 93 // Node | 96 // Node |
| 94 static bool shouldAllowAccessTo(v8::Isolate*, const LocalDOMWindow* accessin
gWindow, const Node* target, ExceptionState&); | 97 static bool shouldAllowAccessTo(v8::Isolate*, const LocalDOMWindow* accessin
gWindow, const Node* target, ExceptionState&); |
| 95 static bool shouldAllowAccessTo(v8::Isolate*, const LocalDOMWindow* accessin
gWindow, const Node* target, SecurityReportingOption); | 98 static bool shouldAllowAccessTo(v8::Isolate*, const LocalDOMWindow* accessin
gWindow, const Node* target, SecurityReportingOption); |
| 96 }; | 99 }; |
| 97 | 100 |
| 98 } // namespace blink | 101 } // namespace blink |
| 99 | 102 |
| 100 #endif | 103 #endif |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2209303002:
binding: Moves the check for the first access to the initial document into BindingSecurity. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master