| Index: Source/bindings/v8/BindingSecurity.cpp
|
| diff --git a/Source/bindings/v8/BindingSecurity.cpp b/Source/bindings/v8/BindingSecurity.cpp
|
| index fe806340443e94df3ed64136afa8a1edfa3a954e..ab23d1ff06709172f59e474a3e78a7ec55fee759 100644
|
| --- a/Source/bindings/v8/BindingSecurity.cpp
|
| +++ b/Source/bindings/v8/BindingSecurity.cpp
|
| @@ -34,6 +34,7 @@
|
| #include "bindings/v8/V8Binding.h"
|
| #include "core/dom/Document.h"
|
| #include "core/html/HTMLFrameElementBase.h"
|
| +#include "core/html/parser/HTMLParserIdioms.h"
|
| #include "core/page/DOMWindow.h"
|
| #include "core/page/Frame.h"
|
| #include "core/page/Settings.h"
|
| @@ -41,39 +42,21 @@
|
|
|
| namespace WebCore {
|
|
|
| -static bool isDocumentAccessibleFromDOMWindow(Document* targetDocument, DOMWindow* activeWindow)
|
| +static bool canAccessDocument(Document* targetDocument, SecurityReportingOption reportingOption = ReportSecurityError)
|
| {
|
| if (!targetDocument)
|
| return false;
|
|
|
| - if (!activeWindow)
|
| + DOMWindow* active = activeDOMWindow();
|
| + if (!active)
|
| return false;
|
|
|
| - if (activeWindow->document()->securityOrigin()->canAccess(targetDocument->securityOrigin()))
|
| - return true;
|
| -
|
| - return false;
|
| -}
|
| -
|
| -static bool canAccessDocument(Document* targetDocument, ExceptionState& es)
|
| -{
|
| - DOMWindow* activeWindow = activeDOMWindow();
|
| - if (isDocumentAccessibleFromDOMWindow(targetDocument, activeWindow))
|
| - return true;
|
| -
|
| - es.throwSecurityError(targetDocument->domWindow()->sanitizedCrossDomainAccessErrorMessage(activeWindow), targetDocument->domWindow()->crossDomainAccessErrorMessage(activeWindow));
|
| - return false;
|
| -}
|
| -
|
| -static bool canAccessDocument(Document* targetDocument, SecurityReportingOption reportingOption = ReportSecurityError)
|
| -{
|
| - DOMWindow* activeWindow = activeDOMWindow();
|
| - if (isDocumentAccessibleFromDOMWindow(targetDocument, activeWindow))
|
| + if (active->document()->securityOrigin()->canAccess(targetDocument->securityOrigin()))
|
| return true;
|
|
|
| if (reportingOption == ReportSecurityError) {
|
| if (Frame* frame = targetDocument->frame())
|
| - frame->domWindow()->printErrorMessage(targetDocument->domWindow()->crossDomainAccessErrorMessage(activeWindow));
|
| + frame->domWindow()->printErrorMessage(targetDocument->domWindow()->crossDomainAccessErrorMessage(active));
|
| }
|
|
|
| return false;
|
| @@ -84,14 +67,14 @@ bool BindingSecurity::shouldAllowAccessToFrame(Frame* target, SecurityReportingO
|
| return target && canAccessDocument(target->document(), reportingOption);
|
| }
|
|
|
| -bool BindingSecurity::shouldAllowAccessToFrame(Frame* target, ExceptionState& es)
|
| +bool BindingSecurity::shouldAllowAccessToNode(Node* target)
|
| {
|
| - return target && canAccessDocument(target->document(), es);
|
| + return target && canAccessDocument(target->document());
|
| }
|
|
|
| -bool BindingSecurity::shouldAllowAccessToNode(Node* target)
|
| +bool BindingSecurity::allowSettingFrameSrcToJavascriptUrl(HTMLFrameElementBase* frame, const String& value)
|
| {
|
| - return target && canAccessDocument(target->document());
|
| + return !protocolIsJavaScript(stripLeadingAndTrailingHTMLSpaces(value)) || canAccessDocument(frame->contentDocument());
|
| }
|
|
|
| }
|
|
|
Chromium Code Reviews
Issue 22887017:
Revert "Throw an exception when denying access to 'Frame's 'location' setter." (Closed)
Base URL: svn://svn.chromium.org/blink/trunk