Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(148)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: Source/bindings/v8/BindingSecurity.cpp

Issue 22887017: Revert "Throw an exception when denying access to 'Frame's 'location' setter." (Closed) Base URL: svn://svn.chromium.org/blink/trunk
Patch Set: Created 7 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « Source/bindings/v8/BindingSecurity.h ('k') | Source/bindings/v8/ExceptionState.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * Copyright (C) 2009 Google Inc. All rights reserved. 2 * Copyright (C) 2009 Google Inc. All rights reserved.
3 * 3 *
4 * Redistribution and use in source and binary forms, with or without 4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions are 5 * modification, are permitted provided that the following conditions are
6 * met: 6 * met:
7 * 7 *
8 * * Redistributions of source code must retain the above copyright 8 * * Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer. 9 * notice, this list of conditions and the following disclaimer.
10 * * Redistributions in binary form must reproduce the above 10 * * Redistributions in binary form must reproduce the above
(...skipping 16 matching lines...) Expand all
27 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 27 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
28 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 28 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
29 */ 29 */
30 30
31 #include "config.h" 31 #include "config.h"
32 #include "bindings/v8/BindingSecurity.h" 32 #include "bindings/v8/BindingSecurity.h"
33 33
34 #include "bindings/v8/V8Binding.h" 34 #include "bindings/v8/V8Binding.h"
35 #include "core/dom/Document.h" 35 #include "core/dom/Document.h"
36 #include "core/html/HTMLFrameElementBase.h" 36 #include "core/html/HTMLFrameElementBase.h"
37 #include "core/html/parser/HTMLParserIdioms.h"
37 #include "core/page/DOMWindow.h" 38 #include "core/page/DOMWindow.h"
38 #include "core/page/Frame.h" 39 #include "core/page/Frame.h"
39 #include "core/page/Settings.h" 40 #include "core/page/Settings.h"
40 #include "weborigin/SecurityOrigin.h" 41 #include "weborigin/SecurityOrigin.h"
41 42
42 namespace WebCore { 43 namespace WebCore {
43 44
44 static bool isDocumentAccessibleFromDOMWindow(Document* targetDocument, DOMWindo w* activeWindow) 45 static bool canAccessDocument(Document* targetDocument, SecurityReportingOption reportingOption = ReportSecurityError)
45 { 46 {
46 if (!targetDocument) 47 if (!targetDocument)
47 return false; 48 return false;
48 49
49 if (!activeWindow) 50 DOMWindow* active = activeDOMWindow();
51 if (!active)
50 return false; 52 return false;
51 53
52 if (activeWindow->document()->securityOrigin()->canAccess(targetDocument->se curityOrigin())) 54 if (active->document()->securityOrigin()->canAccess(targetDocument->security Origin()))
53 return true;
54
55 return false;
56 }
57
58 static bool canAccessDocument(Document* targetDocument, ExceptionState& es)
59 {
60 DOMWindow* activeWindow = activeDOMWindow();
61 if (isDocumentAccessibleFromDOMWindow(targetDocument, activeWindow))
62 return true;
63
64 es.throwSecurityError(targetDocument->domWindow()->sanitizedCrossDomainAcces sErrorMessage(activeWindow), targetDocument->domWindow()->crossDomainAccessError Message(activeWindow));
65 return false;
66 }
67
68 static bool canAccessDocument(Document* targetDocument, SecurityReportingOption reportingOption = ReportSecurityError)
69 {
70 DOMWindow* activeWindow = activeDOMWindow();
71 if (isDocumentAccessibleFromDOMWindow(targetDocument, activeWindow))
72 return true; 55 return true;
73 56
74 if (reportingOption == ReportSecurityError) { 57 if (reportingOption == ReportSecurityError) {
75 if (Frame* frame = targetDocument->frame()) 58 if (Frame* frame = targetDocument->frame())
76 frame->domWindow()->printErrorMessage(targetDocument->domWindow()->c rossDomainAccessErrorMessage(activeWindow)); 59 frame->domWindow()->printErrorMessage(targetDocument->domWindow()->c rossDomainAccessErrorMessage(active));
77 } 60 }
78 61
79 return false; 62 return false;
80 } 63 }
81 64
82 bool BindingSecurity::shouldAllowAccessToFrame(Frame* target, SecurityReportingO ption reportingOption) 65 bool BindingSecurity::shouldAllowAccessToFrame(Frame* target, SecurityReportingO ption reportingOption)
83 { 66 {
84 return target && canAccessDocument(target->document(), reportingOption); 67 return target && canAccessDocument(target->document(), reportingOption);
85 } 68 }
86 69
87 bool BindingSecurity::shouldAllowAccessToFrame(Frame* target, ExceptionState& es )
88 {
89 return target && canAccessDocument(target->document(), es);
90 }
91
92 bool BindingSecurity::shouldAllowAccessToNode(Node* target) 70 bool BindingSecurity::shouldAllowAccessToNode(Node* target)
93 { 71 {
94 return target && canAccessDocument(target->document()); 72 return target && canAccessDocument(target->document());
95 } 73 }
96 74
75 bool BindingSecurity::allowSettingFrameSrcToJavascriptUrl(HTMLFrameElementBase* frame, const String& value)
76 {
77 return !protocolIsJavaScript(stripLeadingAndTrailingHTMLSpaces(value)) || ca nAccessDocument(frame->contentDocument());
97 } 78 }
79
80 }
OLDNEW
« no previous file with comments | « Source/bindings/v8/BindingSecurity.h ('k') | Source/bindings/v8/ExceptionState.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698