| Index: third_party/WebKit/Source/bindings/core/v8/BindingSecurity.cpp
|
| diff --git a/third_party/WebKit/Source/bindings/core/v8/BindingSecurity.cpp b/third_party/WebKit/Source/bindings/core/v8/BindingSecurity.cpp
|
| index d766a75057ce9ccea677efcd91801854f19d7242..262a72b858007671fcb9d7bcc1fa8cdcf476f9a7 100644
|
| --- a/third_party/WebKit/Source/bindings/core/v8/BindingSecurity.cpp
|
| +++ b/third_party/WebKit/Source/bindings/core/v8/BindingSecurity.cpp
|
| @@ -42,20 +42,36 @@
|
|
|
| namespace blink {
|
|
|
| -static bool isOriginAccessibleFromDOMWindow(const SecurityOrigin* targetOrigin, const LocalDOMWindow* accessingWindow)
|
| -{
|
| - return accessingWindow && accessingWindow->document()->getSecurityOrigin()->canAccessCheckSuborigins(targetOrigin);
|
| -}
|
| +namespace {
|
|
|
| -static bool canAccessFrame(v8::Isolate* isolate, const LocalDOMWindow* accessingWindow, const SecurityOrigin* targetFrameOrigin, const DOMWindow* targetWindow, ExceptionState& exceptionState)
|
| +bool canAccessFrameInternal(const LocalDOMWindow* accessingWindow, const SecurityOrigin* targetFrameOrigin, const DOMWindow* targetWindow)
|
| {
|
| - ASSERT_WITH_SECURITY_IMPLICATION(!(targetWindow && targetWindow->frame()) || targetWindow == targetWindow->frame()->domWindow());
|
| + SECURITY_CHECK(!(targetWindow && targetWindow->frame())
|
| + || targetWindow == targetWindow->frame()->domWindow());
|
|
|
| // It's important to check that targetWindow is a LocalDOMWindow: it's
|
| // possible for a remote frame and local frame to have the same security
|
| // origin, depending on the model being used to allocate Frames between
|
| // processes. See https://crbug.com/601629.
|
| - if (targetWindow && targetWindow->isLocalDOMWindow() && isOriginAccessibleFromDOMWindow(targetFrameOrigin, accessingWindow))
|
| + if (!(accessingWindow && targetWindow && targetWindow->isLocalDOMWindow()))
|
| + return false;
|
| +
|
| + const SecurityOrigin* accessingOrigin =
|
| + accessingWindow->document()->getSecurityOrigin();
|
| + if (!accessingOrigin->canAccessCheckSuborigins(targetFrameOrigin))
|
| + return false;
|
| +
|
| + // Notify the loader's client if the initial document has been accessed.
|
| + LocalFrame* targetFrame = toLocalDOMWindow(targetWindow)->frame();
|
| + if (targetFrame->loader().stateMachine()->isDisplayingInitialEmptyDocument())
|
| + targetFrame->loader().didAccessInitialDocument();
|
| +
|
| + return true;
|
| +}
|
| +
|
| +bool canAccessFrame(const LocalDOMWindow* accessingWindow, const SecurityOrigin* targetFrameOrigin, const DOMWindow* targetWindow, ExceptionState& exceptionState)
|
| +{
|
| + if (canAccessFrameInternal(accessingWindow, targetFrameOrigin, targetWindow))
|
| return true;
|
|
|
| if (targetWindow)
|
| @@ -63,29 +79,25 @@ static bool canAccessFrame(v8::Isolate* isolate, const LocalDOMWindow* accessing
|
| return false;
|
| }
|
|
|
| -static bool canAccessFrame(v8::Isolate* isolate, const LocalDOMWindow* accessingWindow, SecurityOrigin* targetFrameOrigin, const DOMWindow* targetWindow, SecurityReportingOption reportingOption = ReportSecurityError)
|
| +bool canAccessFrame(const LocalDOMWindow* accessingWindow, SecurityOrigin* targetFrameOrigin, const DOMWindow* targetWindow, SecurityReportingOption reportingOption = ReportSecurityError)
|
| {
|
| - ASSERT_WITH_SECURITY_IMPLICATION(!(targetWindow && targetWindow->frame()) || targetWindow == targetWindow->frame()->domWindow());
|
| -
|
| - // It's important to check that targetWindow is a LocalDOMWindow: it's
|
| - // possible for a remote frame and local frame to have the same security
|
| - // origin, depending on the model being used to allocate Frames between
|
| - // processes. See https://crbug.com/601629.
|
| - if (targetWindow->isLocalDOMWindow() && isOriginAccessibleFromDOMWindow(targetFrameOrigin, accessingWindow))
|
| + if (canAccessFrameInternal(accessingWindow, targetFrameOrigin, targetWindow))
|
| return true;
|
|
|
| - if (reportingOption == ReportSecurityError && targetWindow)
|
| + if (accessingWindow && targetWindow && reportingOption == ReportSecurityError)
|
| accessingWindow->printErrorMessage(targetWindow->crossDomainAccessErrorMessage(accessingWindow));
|
| return false;
|
| }
|
|
|
| +} // namespace
|
| +
|
| bool BindingSecurity::shouldAllowAccessTo(v8::Isolate* isolate, const LocalDOMWindow* accessingWindow, const DOMWindow* target, ExceptionState& exceptionState)
|
| {
|
| ASSERT(target);
|
| const Frame* frame = target->frame();
|
| if (!frame || !frame->securityContext())
|
| return false;
|
| - return canAccessFrame(isolate, accessingWindow, frame->securityContext()->getSecurityOrigin(), target, exceptionState);
|
| + return canAccessFrame(accessingWindow, frame->securityContext()->getSecurityOrigin(), target, exceptionState);
|
| }
|
|
|
| bool BindingSecurity::shouldAllowAccessTo(v8::Isolate* isolate, const LocalDOMWindow* accessingWindow, const DOMWindow* target, SecurityReportingOption reportingOption)
|
| @@ -94,7 +106,7 @@ bool BindingSecurity::shouldAllowAccessTo(v8::Isolate* isolate, const LocalDOMWi
|
| const Frame* frame = target->frame();
|
| if (!frame || !frame->securityContext())
|
| return false;
|
| - return canAccessFrame(isolate, accessingWindow, frame->securityContext()->getSecurityOrigin(), target, reportingOption);
|
| + return canAccessFrame(accessingWindow, frame->securityContext()->getSecurityOrigin(), target, reportingOption);
|
| }
|
|
|
| bool BindingSecurity::shouldAllowAccessTo(v8::Isolate* isolate, const LocalDOMWindow* accessingWindow, const EventTarget* target, ExceptionState& exceptionState)
|
| @@ -110,7 +122,7 @@ bool BindingSecurity::shouldAllowAccessTo(v8::Isolate* isolate, const LocalDOMWi
|
| const Frame* frame = window->frame();
|
| if (!frame || !frame->securityContext())
|
| return false;
|
| - return canAccessFrame(isolate, accessingWindow, frame->securityContext()->getSecurityOrigin(), window, exceptionState);
|
| + return canAccessFrame(accessingWindow, frame->securityContext()->getSecurityOrigin(), window, exceptionState);
|
| }
|
|
|
| bool BindingSecurity::shouldAllowAccessTo(v8::Isolate* isolate, const LocalDOMWindow* accessingWindow, const Location* target, ExceptionState& exceptionState)
|
| @@ -119,7 +131,7 @@ bool BindingSecurity::shouldAllowAccessTo(v8::Isolate* isolate, const LocalDOMWi
|
| const Frame* frame = target->frame();
|
| if (!frame || !frame->securityContext())
|
| return false;
|
| - return canAccessFrame(isolate, accessingWindow, frame->securityContext()->getSecurityOrigin(), frame->domWindow(), exceptionState);
|
| + return canAccessFrame(accessingWindow, frame->securityContext()->getSecurityOrigin(), frame->domWindow(), exceptionState);
|
| }
|
|
|
| bool BindingSecurity::shouldAllowAccessTo(v8::Isolate* isolate, const LocalDOMWindow* accessingWindow, const Location* target, SecurityReportingOption reportingOption)
|
| @@ -128,7 +140,7 @@ bool BindingSecurity::shouldAllowAccessTo(v8::Isolate* isolate, const LocalDOMWi
|
| const Frame* frame = target->frame();
|
| if (!frame || !frame->securityContext())
|
| return false;
|
| - return canAccessFrame(isolate, accessingWindow, frame->securityContext()->getSecurityOrigin(), frame->domWindow(), reportingOption);
|
| + return canAccessFrame(accessingWindow, frame->securityContext()->getSecurityOrigin(), frame->domWindow(), reportingOption);
|
| }
|
|
|
| bool BindingSecurity::shouldAllowAccessTo(v8::Isolate* isolate, v8::Local<v8::Context> context, const ExecutionContext* executionContext, const MainThreadWorkletGlobalScope* workletGlobalScope, SecurityReportingOption reportingOption)
|
| @@ -145,7 +157,7 @@ bool BindingSecurity::shouldAllowAccessTo(v8::Isolate* isolate, v8::Local<v8::Co
|
| if (!workletGlobalScopeFrame || !workletGlobalScopeFrame->securityContext())
|
| return false;
|
|
|
| - return domWindow && canAccessFrame(isolate, toLocalDOMWindow(domWindow), workletGlobalScopeFrame->securityContext()->getSecurityOrigin(), workletGlobalScopeFrame->domWindow(), reportingOption);
|
| + return domWindow && canAccessFrame(toLocalDOMWindow(domWindow), workletGlobalScopeFrame->securityContext()->getSecurityOrigin(), workletGlobalScopeFrame->domWindow(), reportingOption);
|
| }
|
|
|
| bool BindingSecurity::shouldAllowAccessTo(v8::Isolate* isolate, v8::Local<v8::Context> calling, v8::Local<v8::Context> target, SecurityReportingOption reportingOption)
|
| @@ -170,21 +182,21 @@ bool BindingSecurity::shouldAllowAccessTo(v8::Isolate* isolate, const LocalDOMWi
|
| {
|
| if (!target)
|
| return false;
|
| - return canAccessFrame(isolate, accessingWindow, target->document().getSecurityOrigin(), target->document().domWindow(), exceptionState);
|
| + return canAccessFrame(accessingWindow, target->document().getSecurityOrigin(), target->document().domWindow(), exceptionState);
|
| }
|
|
|
| bool BindingSecurity::shouldAllowAccessTo(v8::Isolate* isolate, const LocalDOMWindow* accessingWindow, const Node* target, SecurityReportingOption reportingOption)
|
| {
|
| if (!target)
|
| return false;
|
| - return canAccessFrame(isolate, accessingWindow, target->document().getSecurityOrigin(), target->document().domWindow(), reportingOption);
|
| + return canAccessFrame(accessingWindow, target->document().getSecurityOrigin(), target->document().domWindow(), reportingOption);
|
| }
|
|
|
| bool BindingSecurity::shouldAllowAccessToFrame(v8::Isolate* isolate, const LocalDOMWindow* accessingWindow, const Frame* target, SecurityReportingOption reportingOption)
|
| {
|
| if (!target || !target->securityContext())
|
| return false;
|
| - return canAccessFrame(isolate, accessingWindow, target->securityContext()->getSecurityOrigin(), target->domWindow(), reportingOption);
|
| + return canAccessFrame(accessingWindow, target->securityContext()->getSecurityOrigin(), target->domWindow(), reportingOption);
|
| }
|
|
|
| } // namespace blink
|
|
|
Chromium Code Reviews
Issue 2209303002:
binding: Moves the check for the first access to the initial document into BindingSecurity. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master