OLD | NEW |
1 /* | 1 /* |
2 * Copyright (C) 2009 Google Inc. All rights reserved. | 2 * Copyright (C) 2009 Google Inc. All rights reserved. |
3 * | 3 * |
4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
5 * modification, are permitted provided that the following conditions are | 5 * modification, are permitted provided that the following conditions are |
6 * met: | 6 * met: |
7 * | 7 * |
8 * * Redistributions of source code must retain the above copyright | 8 * * Redistributions of source code must retain the above copyright |
9 * notice, this list of conditions and the following disclaimer. | 9 * notice, this list of conditions and the following disclaimer. |
10 * * Redistributions in binary form must reproduce the above | 10 * * Redistributions in binary form must reproduce the above |
(...skipping 29 matching lines...) Expand all Loading... |
40 #include "core/dom/Document.h" | 40 #include "core/dom/Document.h" |
41 #include "core/frame/LocalDOMWindow.h" | 41 #include "core/frame/LocalDOMWindow.h" |
42 | 42 |
43 namespace blink { | 43 namespace blink { |
44 | 44 |
45 v8::Local<v8::Object> V8DOMWrapper::createWrapper( | 45 v8::Local<v8::Object> V8DOMWrapper::createWrapper( |
46 v8::Isolate* isolate, | 46 v8::Isolate* isolate, |
47 v8::Local<v8::Object> creationContext, | 47 v8::Local<v8::Object> creationContext, |
48 const WrapperTypeInfo* type) { | 48 const WrapperTypeInfo* type) { |
49 ASSERT(!type->equals(&V8Window::wrapperTypeInfo)); | 49 ASSERT(!type->equals(&V8Window::wrapperTypeInfo)); |
50 // According to https://html.spec.whatwg.org/multipage/browsers.html#security-
location, | 50 // According to |
| 51 // https://html.spec.whatwg.org/multipage/browsers.html#security-location, |
51 // cross-origin script access to a few properties of Location is allowed. | 52 // cross-origin script access to a few properties of Location is allowed. |
52 // Location already implements the necessary security checks. | 53 // Location already implements the necessary security checks. |
53 bool withSecurityCheck = !type->equals(&V8Location::wrapperTypeInfo); | 54 bool withSecurityCheck = !type->equals(&V8Location::wrapperTypeInfo); |
54 V8WrapperInstantiationScope scope(creationContext, isolate, | 55 V8WrapperInstantiationScope scope(creationContext, isolate, |
55 withSecurityCheck); | 56 withSecurityCheck); |
56 | 57 |
57 V8PerContextData* perContextData = V8PerContextData::from(scope.context()); | 58 V8PerContextData* perContextData = V8PerContextData::from(scope.context()); |
58 v8::Local<v8::Object> wrapper; | 59 v8::Local<v8::Object> wrapper; |
59 if (perContextData) { | 60 if (perContextData) { |
60 wrapper = perContextData->createWrapperFromCache(type); | 61 wrapper = perContextData->createWrapperFromCache(type); |
(...skipping 46 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
107 v8::Local<v8::Context> contextForWrapper) { | 108 v8::Local<v8::Context> contextForWrapper) { |
108 if (m_context.IsEmpty()) | 109 if (m_context.IsEmpty()) |
109 return; | 110 return; |
110 // If the context is different, we need to make sure that the current | 111 // If the context is different, we need to make sure that the current |
111 // context has access to the creation context. | 112 // context has access to the creation context. |
112 Frame* frame = toFrameIfNotDetached(contextForWrapper); | 113 Frame* frame = toFrameIfNotDetached(contextForWrapper); |
113 if (!frame) { | 114 if (!frame) { |
114 // Sandbox detached frames - they can't create cross origin objects. | 115 // Sandbox detached frames - they can't create cross origin objects. |
115 LocalDOMWindow* callingWindow = currentDOMWindow(isolate); | 116 LocalDOMWindow* callingWindow = currentDOMWindow(isolate); |
116 DOMWindow* targetWindow = toDOMWindow(contextForWrapper); | 117 DOMWindow* targetWindow = toDOMWindow(contextForWrapper); |
117 // TODO(jochen): Currently, Location is the only object for which we can rea
ch this code path. Should be generalized. | 118 // TODO(jochen): Currently, Location is the only object for which we can |
| 119 // reach this code path. Should be generalized. |
118 ExceptionState exceptionState(ExceptionState::ConstructionContext, | 120 ExceptionState exceptionState(ExceptionState::ConstructionContext, |
119 "Location", contextForWrapper->Global(), | 121 "Location", contextForWrapper->Global(), |
120 isolate); | 122 isolate); |
121 if (BindingSecurity::shouldAllowAccessToDetachedWindow( | 123 if (BindingSecurity::shouldAllowAccessToDetachedWindow( |
122 callingWindow, targetWindow, exceptionState)) | 124 callingWindow, targetWindow, exceptionState)) |
123 return; | 125 return; |
124 | 126 |
125 CHECK_EQ(SecurityError, exceptionState.code()); | 127 CHECK_EQ(SecurityError, exceptionState.code()); |
126 return; | 128 return; |
127 } | 129 } |
128 const DOMWrapperWorld& currentWorld = DOMWrapperWorld::world(m_context); | 130 const DOMWrapperWorld& currentWorld = DOMWrapperWorld::world(m_context); |
129 RELEASE_ASSERT(currentWorld.worldId() == | 131 RELEASE_ASSERT(currentWorld.worldId() == |
130 DOMWrapperWorld::world(contextForWrapper).worldId()); | 132 DOMWrapperWorld::world(contextForWrapper).worldId()); |
131 // TODO(jochen): Add the interface name here once this is generalized. | 133 // TODO(jochen): Add the interface name here once this is generalized. |
132 ExceptionState exceptionState(ExceptionState::ConstructionContext, nullptr, | 134 ExceptionState exceptionState(ExceptionState::ConstructionContext, nullptr, |
133 contextForWrapper->Global(), isolate); | 135 contextForWrapper->Global(), isolate); |
134 if (currentWorld.isMainWorld() && | 136 if (currentWorld.isMainWorld() && |
135 !BindingSecurity::shouldAllowAccessToFrame(currentDOMWindow(isolate), | 137 !BindingSecurity::shouldAllowAccessToFrame(currentDOMWindow(isolate), |
136 frame, exceptionState)) { | 138 frame, exceptionState)) { |
137 CHECK_EQ(SecurityError, exceptionState.code()); | 139 CHECK_EQ(SecurityError, exceptionState.code()); |
138 return; | 140 return; |
139 } | 141 } |
140 } | 142 } |
141 | 143 |
142 void V8WrapperInstantiationScope::convertException() { | 144 void V8WrapperInstantiationScope::convertException() { |
143 v8::Isolate* isolate = m_context->GetIsolate(); | 145 v8::Isolate* isolate = m_context->GetIsolate(); |
144 // TODO(jochen): Currently, Location is the only object for which we can reach
this code path. Should be generalized. | 146 // TODO(jochen): Currently, Location is the only object for which we can reach |
| 147 // this code path. Should be generalized. |
145 ExceptionState exceptionState(ExceptionState::ConstructionContext, "Location", | 148 ExceptionState exceptionState(ExceptionState::ConstructionContext, "Location", |
146 isolate->GetCurrentContext()->Global(), | 149 isolate->GetCurrentContext()->Global(), |
147 isolate); | 150 isolate); |
148 LocalDOMWindow* callingWindow = currentDOMWindow(isolate); | 151 LocalDOMWindow* callingWindow = currentDOMWindow(isolate); |
149 DOMWindow* targetWindow = toDOMWindow(m_context); | 152 DOMWindow* targetWindow = toDOMWindow(m_context); |
150 exceptionState.throwSecurityError( | 153 exceptionState.throwSecurityError( |
151 targetWindow->sanitizedCrossDomainAccessErrorMessage(callingWindow), | 154 targetWindow->sanitizedCrossDomainAccessErrorMessage(callingWindow), |
152 targetWindow->crossDomainAccessErrorMessage(callingWindow)); | 155 targetWindow->crossDomainAccessErrorMessage(callingWindow)); |
153 } | 156 } |
154 | 157 |
155 } // namespace blink | 158 } // namespace blink |
OLD | NEW |