| OLD | NEW |
|---|
| 1 /* | 1 /* |
| 2 * Copyright (C) 2009 Google Inc. All rights reserved. | 2 * Copyright (C) 2009 Google Inc. All rights reserved. |
| 3 * | 3 * |
| 4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
| 5 * modification, are permitted provided that the following conditions are | 5 * modification, are permitted provided that the following conditions are |
| 6 * met: | 6 * met: |
| 7 * | 7 * |
| 8 * * Redistributions of source code must retain the above copyright | 8 * * Redistributions of source code must retain the above copyright |
| 9 * notice, this list of conditions and the following disclaimer. | 9 * notice, this list of conditions and the following disclaimer. |
| 10 * * Redistributions in binary form must reproduce the above | 10 * * Redistributions in binary form must reproduce the above |
| (...skipping 29 matching lines...) Expand all Loading... |
| 40 #include "core/dom/Document.h" | 40 #include "core/dom/Document.h" |
| 41 #include "core/frame/LocalDOMWindow.h" | 41 #include "core/frame/LocalDOMWindow.h" |
| 42 | 42 |
| 43 namespace blink { | 43 namespace blink { |
| 44 | 44 |
| 45 v8::Local<v8::Object> V8DOMWrapper::createWrapper( | 45 v8::Local<v8::Object> V8DOMWrapper::createWrapper( |
| 46 v8::Isolate* isolate, | 46 v8::Isolate* isolate, |
| 47 v8::Local<v8::Object> creationContext, | 47 v8::Local<v8::Object> creationContext, |
| 48 const WrapperTypeInfo* type) { | 48 const WrapperTypeInfo* type) { |
| 49 ASSERT(!type->equals(&V8Window::wrapperTypeInfo)); | 49 ASSERT(!type->equals(&V8Window::wrapperTypeInfo)); |
| 50 // According to https://html.spec.whatwg.org/multipage/browsers.html#security-
location, | 50 // According to |
| 51 // https://html.spec.whatwg.org/multipage/browsers.html#security-location, |
| 51 // cross-origin script access to a few properties of Location is allowed. | 52 // cross-origin script access to a few properties of Location is allowed. |
| 52 // Location already implements the necessary security checks. | 53 // Location already implements the necessary security checks. |
| 53 bool withSecurityCheck = !type->equals(&V8Location::wrapperTypeInfo); | 54 bool withSecurityCheck = !type->equals(&V8Location::wrapperTypeInfo); |
| 54 V8WrapperInstantiationScope scope(creationContext, isolate, | 55 V8WrapperInstantiationScope scope(creationContext, isolate, |
| 55 withSecurityCheck); | 56 withSecurityCheck); |
| 56 | 57 |
| 57 V8PerContextData* perContextData = V8PerContextData::from(scope.context()); | 58 V8PerContextData* perContextData = V8PerContextData::from(scope.context()); |
| 58 v8::Local<v8::Object> wrapper; | 59 v8::Local<v8::Object> wrapper; |
| 59 if (perContextData) { | 60 if (perContextData) { |
| 60 wrapper = perContextData->createWrapperFromCache(type); | 61 wrapper = perContextData->createWrapperFromCache(type); |
| (...skipping 46 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 107 v8::Local<v8::Context> contextForWrapper) { | 108 v8::Local<v8::Context> contextForWrapper) { |
| 108 if (m_context.IsEmpty()) | 109 if (m_context.IsEmpty()) |
| 109 return; | 110 return; |
| 110 // If the context is different, we need to make sure that the current | 111 // If the context is different, we need to make sure that the current |
| 111 // context has access to the creation context. | 112 // context has access to the creation context. |
| 112 Frame* frame = toFrameIfNotDetached(contextForWrapper); | 113 Frame* frame = toFrameIfNotDetached(contextForWrapper); |
| 113 if (!frame) { | 114 if (!frame) { |
| 114 // Sandbox detached frames - they can't create cross origin objects. | 115 // Sandbox detached frames - they can't create cross origin objects. |
| 115 LocalDOMWindow* callingWindow = currentDOMWindow(isolate); | 116 LocalDOMWindow* callingWindow = currentDOMWindow(isolate); |
| 116 DOMWindow* targetWindow = toDOMWindow(contextForWrapper); | 117 DOMWindow* targetWindow = toDOMWindow(contextForWrapper); |
| 117 // TODO(jochen): Currently, Location is the only object for which we can rea
ch this code path. Should be generalized. | 118 // TODO(jochen): Currently, Location is the only object for which we can |
| 119 // reach this code path. Should be generalized. |
| 118 ExceptionState exceptionState(ExceptionState::ConstructionContext, | 120 ExceptionState exceptionState(ExceptionState::ConstructionContext, |
| 119 "Location", contextForWrapper->Global(), | 121 "Location", contextForWrapper->Global(), |
| 120 isolate); | 122 isolate); |
| 121 if (BindingSecurity::shouldAllowAccessToDetachedWindow( | 123 if (BindingSecurity::shouldAllowAccessToDetachedWindow( |
| 122 callingWindow, targetWindow, exceptionState)) | 124 callingWindow, targetWindow, exceptionState)) |
| 123 return; | 125 return; |
| 124 | 126 |
| 125 CHECK_EQ(SecurityError, exceptionState.code()); | 127 CHECK_EQ(SecurityError, exceptionState.code()); |
| 126 return; | 128 return; |
| 127 } | 129 } |
| 128 const DOMWrapperWorld& currentWorld = DOMWrapperWorld::world(m_context); | 130 const DOMWrapperWorld& currentWorld = DOMWrapperWorld::world(m_context); |
| 129 RELEASE_ASSERT(currentWorld.worldId() == | 131 RELEASE_ASSERT(currentWorld.worldId() == |
| 130 DOMWrapperWorld::world(contextForWrapper).worldId()); | 132 DOMWrapperWorld::world(contextForWrapper).worldId()); |
| 131 // TODO(jochen): Add the interface name here once this is generalized. | 133 // TODO(jochen): Add the interface name here once this is generalized. |
| 132 ExceptionState exceptionState(ExceptionState::ConstructionContext, nullptr, | 134 ExceptionState exceptionState(ExceptionState::ConstructionContext, nullptr, |
| 133 contextForWrapper->Global(), isolate); | 135 contextForWrapper->Global(), isolate); |
| 134 if (currentWorld.isMainWorld() && | 136 if (currentWorld.isMainWorld() && |
| 135 !BindingSecurity::shouldAllowAccessToFrame(currentDOMWindow(isolate), | 137 !BindingSecurity::shouldAllowAccessToFrame(currentDOMWindow(isolate), |
| 136 frame, exceptionState)) { | 138 frame, exceptionState)) { |
| 137 CHECK_EQ(SecurityError, exceptionState.code()); | 139 CHECK_EQ(SecurityError, exceptionState.code()); |
| 138 return; | 140 return; |
| 139 } | 141 } |
| 140 } | 142 } |
| 141 | 143 |
| 142 void V8WrapperInstantiationScope::convertException() { | 144 void V8WrapperInstantiationScope::convertException() { |
| 143 v8::Isolate* isolate = m_context->GetIsolate(); | 145 v8::Isolate* isolate = m_context->GetIsolate(); |
| 144 // TODO(jochen): Currently, Location is the only object for which we can reach
this code path. Should be generalized. | 146 // TODO(jochen): Currently, Location is the only object for which we can reach |
| 147 // this code path. Should be generalized. |
| 145 ExceptionState exceptionState(ExceptionState::ConstructionContext, "Location", | 148 ExceptionState exceptionState(ExceptionState::ConstructionContext, "Location", |
| 146 isolate->GetCurrentContext()->Global(), | 149 isolate->GetCurrentContext()->Global(), |
| 147 isolate); | 150 isolate); |
| 148 LocalDOMWindow* callingWindow = currentDOMWindow(isolate); | 151 LocalDOMWindow* callingWindow = currentDOMWindow(isolate); |
| 149 DOMWindow* targetWindow = toDOMWindow(m_context); | 152 DOMWindow* targetWindow = toDOMWindow(m_context); |
| 150 exceptionState.throwSecurityError( | 153 exceptionState.throwSecurityError( |
| 151 targetWindow->sanitizedCrossDomainAccessErrorMessage(callingWindow), | 154 targetWindow->sanitizedCrossDomainAccessErrorMessage(callingWindow), |
| 152 targetWindow->crossDomainAccessErrorMessage(callingWindow)); | 155 targetWindow->crossDomainAccessErrorMessage(callingWindow)); |
| 153 } | 156 } |
| 154 | 157 |
| 155 } // namespace blink | 158 } // namespace blink |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2386173002:
reflow comments in Source/bindings/core/v8 (Closed)
