reflow comments in core/frame

third_party/WebKit/Source/core/frame/DOMWindow.cpp

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "core/frame/DOMWindow.h"
 
 #include "core/dom/Document.h"
 #include "core/dom/ExceptionCode.h"
 #include "core/dom/ExecutionContext.h"
 #include "core/dom/SecurityContext.h"
@@ skipping 116 matching lines @@
 }
 
 bool DOMWindow::isInsecureScriptAccess(LocalDOMWindow& callingWindow,
                                        const String& urlString) {
   if (!protocolIsJavaScript(urlString))
     return false;
 
   // If this DOMWindow isn't currently active in the Frame, then there's no
   // way we should allow the access.
   if (isCurrentlyDisplayedInFrame()) {
-    // FIXME: Is there some way to eliminate the need for a separate "callingWindow == this" check?
+    // FIXME: Is there some way to eliminate the need for a separate
+    // "callingWindow == this" check?
     if (&callingWindow == this)
       return false;
 
-    // FIXME: The name canAccess seems to be a roundabout way to ask "can execute script".
-    // Can we name the SecurityOrigin function better to make this more clear?
+    // FIXME: The name canAccess seems to be a roundabout way to ask "can
+    // execute script".  Can we name the SecurityOrigin function better to make
+    // this more clear?
     if (callingWindow.document()->getSecurityOrigin()->canAccessCheckSuborigins(
             frame()->securityContext()->getSecurityOrigin()))
       return false;
   }
 
   callingWindow.printErrorMessage(
       crossDomainAccessErrorMessage(&callingWindow));
   return true;
 }
 
 void DOMWindow::resetLocation() {
-  // Location needs to be reset manually because it doesn't inherit from DOMWindowProperty.
-  // DOMWindowProperty is local-only, and Location needs to support remote windows, too.
+  // Location needs to be reset manually because it doesn't inherit from
+  // DOMWindowProperty.  DOMWindowProperty is local-only, and Location needs to
+  // support remote windows, too.
   if (m_location) {
     m_location->reset();
     m_location = nullptr;
   }
 }
 
 bool DOMWindow::isSecureContext() const {
   if (!frame())
     return false;
 
@@ skipping 67 matching lines @@
                sourceDocument->url()))
     UseCounter::count(frame(), UseCounter::PostMessageFromInsecureToSecure);
 
   MessageEvent* event =
       MessageEvent::create(std::move(channels), std::move(message),
                            sourceOrigin, String(), source, sourceSuborigin);
 
   schedulePostMessage(event, std::move(target), sourceDocument);
 }
 
-// FIXME: Once we're throwing exceptions for cross-origin access violations, we will always sanitize the target
-// frame details, so we can safely combine 'crossDomainAccessErrorMessage' with this method after considering
-// exactly which details may be exposed to JavaScript.
+// FIXME: Once we're throwing exceptions for cross-origin access violations, we
+// will always sanitize the target frame details, so we can safely combine
+// 'crossDomainAccessErrorMessage' with this method after considering exactly
+// which details may be exposed to JavaScript.
 //
 // http://crbug.com/17325
 String DOMWindow::sanitizedCrossDomainAccessErrorMessage(
     const LocalDOMWindow* callingWindow) const {
   if (!callingWindow || !callingWindow->document() || !frame())
     return String();
 
   const KURL& callingWindowURL = callingWindow->document()->url();
   if (callingWindowURL.isNull())
     return String();
 
   const SecurityOrigin* activeOrigin =
       callingWindow->document()->getSecurityOrigin();
   String message = "Blocked a frame with origin \"" + activeOrigin->toString() +
                    "\" from accessing a cross-origin frame.";
 
-  // FIXME: Evaluate which details from 'crossDomainAccessErrorMessage' may safely be reported to JavaScript.
+  // FIXME: Evaluate which details from 'crossDomainAccessErrorMessage' may
+  // safely be reported to JavaScript.
 
   return message;
 }
 
 String DOMWindow::crossDomainAccessErrorMessage(
     const LocalDOMWindow* callingWindow) const {
   if (!callingWindow || !callingWindow->document() || !frame())
     return String();
 
   const KURL& callingWindowURL = callingWindow->document()->url();
   if (callingWindowURL.isNull())
     return String();
 
-  // FIXME: This message, and other console messages, have extra newlines. Should remove them.
+  // FIXME: This message, and other console messages, have extra newlines.
+  // Should remove them.
   const SecurityOrigin* activeOrigin =
       callingWindow->document()->getSecurityOrigin();
   const SecurityOrigin* targetOrigin =
       frame()->securityContext()->getSecurityOrigin();
   // It's possible for a remote frame to be same origin with respect to a
   // local frame, but it must still be treated as a disallowed cross-domain
   // access. See https://crbug.com/601629.
   ASSERT(frame()->isRemoteFrame() ||
          !activeOrigin->canAccessCheckSuborigins(targetOrigin));
 
   String message = "Blocked a frame with origin \"" + activeOrigin->toString() +
                    "\" from accessing a frame with origin \"" +
                    targetOrigin->toString() + "\". ";
 
-  // Sandbox errors: Use the origin of the frames' location, rather than their actual origin (since we know that at least one will be "null").
+  // Sandbox errors: Use the origin of the frames' location, rather than their
+  // actual origin (since we know that at least one will be "null").
   KURL activeURL = callingWindow->document()->url();
   // TODO(alexmos): RemoteFrames do not have a document, and their URLs
   // aren't replicated.  For now, construct the URL using the replicated
   // origin for RemoteFrames. If the target frame is remote and sandboxed,
   // there isn't anything else to show other than "null" for its origin.
   KURL targetURL = isLocalDOMWindow() ? document()->url()
                                       : KURL(KURL(), targetOrigin->toString());
   if (frame()->securityContext()->isSandboxed(SandboxOrigin) ||
       callingWindow->document()->isSandboxed(SandboxOrigin)) {
     message = "Blocked a frame at \"" +
               SecurityOrigin::create(activeURL)->toString() +
               "\" from accessing a frame at \"" +
               SecurityOrigin::create(targetURL)->toString() + "\". ";
     if (frame()->securityContext()->isSandboxed(SandboxOrigin) &&
         callingWindow->document()->isSandboxed(SandboxOrigin))
       return "Sandbox access violation: " + message +
              " Both frames are sandboxed and lack the \"allow-same-origin\" "
              "flag.";
     if (frame()->securityContext()->isSandboxed(SandboxOrigin))
       return "Sandbox access violation: " + message +
              " The frame being accessed is sandboxed and lacks the "
              "\"allow-same-origin\" flag.";
     return "Sandbox access violation: " + message +
            " The frame requesting access is sandboxed and lacks the "
            "\"allow-same-origin\" flag.";
   }
 
-  // Protocol errors: Use the URL's protocol rather than the origin's protocol so that we get a useful message for non-heirarchal URLs like 'data:'.
+  // Protocol errors: Use the URL's protocol rather than the origin's protocol
+  // so that we get a useful message for non-heirarchal URLs like 'data:'.
   if (targetOrigin->protocol() != activeOrigin->protocol())
     return message + " The frame requesting access has a protocol of \"" +
            activeURL.protocol() +
            "\", the frame being accessed has a protocol of \"" +
            targetURL.protocol() + "\". Protocols must match.\n";
 
   // 'document.domain' errors.
   if (targetOrigin->domainWasSetInDOM() && activeOrigin->domainWasSetInDOM())
     return message +
            "The frame requesting access set \"document.domain\" to \"" +
@@ skipping 93 matching lines @@
 
   page->focusController().focusDocumentView(frame(), true /* notifyEmbedder */);
 }
 
 DEFINE_TRACE(DOMWindow) {
   visitor->trace(m_location);
   EventTargetWithInlineData::trace(visitor);
 }
 
 }  // namespace blink