| Index: Source/bindings/v8/BindingSecurity.cpp
|
| diff --git a/Source/bindings/v8/BindingSecurity.cpp b/Source/bindings/v8/BindingSecurity.cpp
|
| index ab23d1ff06709172f59e474a3e78a7ec55fee759..fe806340443e94df3ed64136afa8a1edfa3a954e 100644
|
| --- a/Source/bindings/v8/BindingSecurity.cpp
|
| +++ b/Source/bindings/v8/BindingSecurity.cpp
|
| @@ -34,7 +34,6 @@
|
| #include "bindings/v8/V8Binding.h"
|
| #include "core/dom/Document.h"
|
| #include "core/html/HTMLFrameElementBase.h"
|
| -#include "core/html/parser/HTMLParserIdioms.h"
|
| #include "core/page/DOMWindow.h"
|
| #include "core/page/Frame.h"
|
| #include "core/page/Settings.h"
|
| @@ -42,21 +41,39 @@
|
|
|
| namespace WebCore {
|
|
|
| -static bool canAccessDocument(Document* targetDocument, SecurityReportingOption reportingOption = ReportSecurityError)
|
| +static bool isDocumentAccessibleFromDOMWindow(Document* targetDocument, DOMWindow* activeWindow)
|
| {
|
| if (!targetDocument)
|
| return false;
|
|
|
| - DOMWindow* active = activeDOMWindow();
|
| - if (!active)
|
| + if (!activeWindow)
|
| return false;
|
|
|
| - if (active->document()->securityOrigin()->canAccess(targetDocument->securityOrigin()))
|
| + if (activeWindow->document()->securityOrigin()->canAccess(targetDocument->securityOrigin()))
|
| + return true;
|
| +
|
| + return false;
|
| +}
|
| +
|
| +static bool canAccessDocument(Document* targetDocument, ExceptionState& es)
|
| +{
|
| + DOMWindow* activeWindow = activeDOMWindow();
|
| + if (isDocumentAccessibleFromDOMWindow(targetDocument, activeWindow))
|
| + return true;
|
| +
|
| + es.throwSecurityError(targetDocument->domWindow()->sanitizedCrossDomainAccessErrorMessage(activeWindow), targetDocument->domWindow()->crossDomainAccessErrorMessage(activeWindow));
|
| + return false;
|
| +}
|
| +
|
| +static bool canAccessDocument(Document* targetDocument, SecurityReportingOption reportingOption = ReportSecurityError)
|
| +{
|
| + DOMWindow* activeWindow = activeDOMWindow();
|
| + if (isDocumentAccessibleFromDOMWindow(targetDocument, activeWindow))
|
| return true;
|
|
|
| if (reportingOption == ReportSecurityError) {
|
| if (Frame* frame = targetDocument->frame())
|
| - frame->domWindow()->printErrorMessage(targetDocument->domWindow()->crossDomainAccessErrorMessage(active));
|
| + frame->domWindow()->printErrorMessage(targetDocument->domWindow()->crossDomainAccessErrorMessage(activeWindow));
|
| }
|
|
|
| return false;
|
| @@ -67,14 +84,14 @@ bool BindingSecurity::shouldAllowAccessToFrame(Frame* target, SecurityReportingO
|
| return target && canAccessDocument(target->document(), reportingOption);
|
| }
|
|
|
| -bool BindingSecurity::shouldAllowAccessToNode(Node* target)
|
| +bool BindingSecurity::shouldAllowAccessToFrame(Frame* target, ExceptionState& es)
|
| {
|
| - return target && canAccessDocument(target->document());
|
| + return target && canAccessDocument(target->document(), es);
|
| }
|
|
|
| -bool BindingSecurity::allowSettingFrameSrcToJavascriptUrl(HTMLFrameElementBase* frame, const String& value)
|
| +bool BindingSecurity::shouldAllowAccessToNode(Node* target)
|
| {
|
| - return !protocolIsJavaScript(stripLeadingAndTrailingHTMLSpaces(value)) || canAccessDocument(frame->contentDocument());
|
| + return target && canAccessDocument(target->document());
|
| }
|
|
|
| }
|
|
|
Chromium Code Reviews
Issue 22829002:
Throw an exception when denying access to 'Frame's 'location' setter. (Closed)
Base URL: svn://svn.chromium.org/blink/trunk