| OLD | NEW |
|---|
| 1 // Copyright 2016 The Chromium Authors. All rights reserved. | 1 // Copyright 2016 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "modules/payments/PaymentRequest.h" | 5 #include "modules/payments/PaymentRequest.h" |
| 6 | 6 |
| 7 #include "bindings/core/v8/ExceptionState.h" | 7 #include "bindings/core/v8/ExceptionState.h" |
| 8 #include "bindings/core/v8/JSONValuesForV8.h" | 8 #include "bindings/core/v8/JSONValuesForV8.h" |
| 9 #include "bindings/core/v8/ScriptPromiseResolver.h" | 9 #include "bindings/core/v8/ScriptPromiseResolver.h" |
| 10 #include "bindings/core/v8/ScriptState.h" | 10 #include "bindings/core/v8/ScriptState.h" |
| 11 #include "bindings/modules/v8/V8PaymentDetails.h" | 11 #include "bindings/modules/v8/V8PaymentDetails.h" |
| 12 #include "core/EventTypeNames.h" | 12 #include "core/EventTypeNames.h" |
| 13 #include "core/dom/DOMException.h" | 13 #include "core/dom/DOMException.h" |
| 14 #include "core/dom/ExceptionCode.h" | 14 #include "core/dom/ExceptionCode.h" |
| 15 #include "core/events/Event.h" | 15 #include "core/events/Event.h" |
| 16 #include "core/events/EventQueue.h" | 16 #include "core/events/EventQueue.h" |
| 17 #include "core/frame/FrameOwner.h" |
| 17 #include "modules/EventTargetModulesNames.h" | 18 #include "modules/EventTargetModulesNames.h" |
| 18 #include "modules/payments/PaymentAddress.h" | 19 #include "modules/payments/PaymentAddress.h" |
| 19 #include "modules/payments/PaymentItem.h" | 20 #include "modules/payments/PaymentItem.h" |
| 20 #include "modules/payments/PaymentRequestUpdateEvent.h" | 21 #include "modules/payments/PaymentRequestUpdateEvent.h" |
| 21 #include "modules/payments/PaymentResponse.h" | 22 #include "modules/payments/PaymentResponse.h" |
| 22 #include "modules/payments/PaymentShippingOption.h" | 23 #include "modules/payments/PaymentShippingOption.h" |
| 23 #include "modules/payments/PaymentsValidators.h" | 24 #include "modules/payments/PaymentsValidators.h" |
| 24 #include "mojo/public/cpp/bindings/interface_request.h" | 25 #include "mojo/public/cpp/bindings/interface_request.h" |
| 25 #include "mojo/public/cpp/bindings/wtf_array.h" | 26 #include "mojo/public/cpp/bindings/wtf_array.h" |
| 26 #include "platform/mojo/MojoHelper.h" | 27 #include "platform/mojo/MojoHelper.h" |
| (...skipping 373 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 400 static const char* const validValues[] = { | 401 static const char* const validValues[] = { |
| 401 "shipping", "delivery", "pickup", | 402 "shipping", "delivery", "pickup", |
| 402 }; | 403 }; |
| 403 for (size_t i = 0; i < WTF_ARRAY_LENGTH(validValues); i++) { | 404 for (size_t i = 0; i < WTF_ARRAY_LENGTH(validValues); i++) { |
| 404 if (shippingType == validValues[i]) | 405 if (shippingType == validValues[i]) |
| 405 return shippingType; | 406 return shippingType; |
| 406 } | 407 } |
| 407 return validValues[0]; | 408 return validValues[0]; |
| 408 } | 409 } |
| 409 | 410 |
| 411 bool allowedToUsePaymentRequest(const Frame* frame) { |
| 412 // To determine whether a Document object |document| is allowed to use the |
| 413 // feature indicated by attribute name |allowpaymentrequest|, run these steps: |
| 414 |
| 415 // 1. If |document| has no browsing context, then return false. |
| 416 if (!frame) |
| 417 return false; |
| 418 |
| 419 // 2. If |document|'s browsing context is a top-level browsing context, then |
| 420 // return true. |
| 421 if (frame->isMainFrame()) |
| 422 return true; |
| 423 |
| 424 // 3. If |document|'s browsing context has a browsing context container that |
| 425 // is an iframe element with an |allowpaymentrequest| attribute specified, and |
| 426 // whose node document is allowed to use the feature indicated by |
| 427 // |allowpaymentrequest|, then return true. |
| 428 if (frame->owner() && frame->owner()->allowPaymentRequest()) |
| 429 return allowedToUsePaymentRequest(frame->tree().parent()); |
| 430 |
| 431 // 4. Return false. |
| 432 return false; |
| 433 } |
| 434 |
| 410 } // namespace | 435 } // namespace |
| 411 | 436 |
| 412 PaymentRequest* PaymentRequest::create( | 437 PaymentRequest* PaymentRequest::create( |
| 413 ScriptState* scriptState, | 438 ScriptState* scriptState, |
| 414 const HeapVector<PaymentMethodData>& methodData, | 439 const HeapVector<PaymentMethodData>& methodData, |
| 415 const PaymentDetails& details, | 440 const PaymentDetails& details, |
| 416 ExceptionState& exceptionState) { | 441 ExceptionState& exceptionState) { |
| 417 return new PaymentRequest(scriptState, methodData, details, PaymentOptions(), | 442 return new PaymentRequest(scriptState, methodData, details, PaymentOptions(), |
| 418 exceptionState); | 443 exceptionState); |
| 419 } | 444 } |
| (...skipping 155 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 575 validateAndConvertPaymentMethodData(methodData, &validatedMethodData, | 600 validateAndConvertPaymentMethodData(methodData, &validatedMethodData, |
| 576 exceptionState); | 601 exceptionState); |
| 577 if (exceptionState.hadException()) | 602 if (exceptionState.hadException()) |
| 578 return; | 603 return; |
| 579 | 604 |
| 580 if (!scriptState->getExecutionContext()->isSecureContext()) { | 605 if (!scriptState->getExecutionContext()->isSecureContext()) { |
| 581 exceptionState.throwSecurityError("Must be in a secure context"); | 606 exceptionState.throwSecurityError("Must be in a secure context"); |
| 582 return; | 607 return; |
| 583 } | 608 } |
| 584 | 609 |
| 585 if (!scriptState->domWindow()->frame() || | 610 if (!allowedToUsePaymentRequest(scriptState->domWindow()->frame())) { |
| 586 !scriptState->domWindow()->frame()->isMainFrame()) { | |
| 587 exceptionState.throwSecurityError( | 611 exceptionState.throwSecurityError( |
| 588 "Must be in a top-level browsing context"); | 612 "Must be in a top-level browsing context or an iframe needs to specify " |
| 613 "'allowpaymentrequest' explicitly"); |
| 589 return; | 614 return; |
| 590 } | 615 } |
| 591 | 616 |
| 592 validatePaymentDetails(details, exceptionState); | 617 validatePaymentDetails(details, exceptionState); |
| 593 if (exceptionState.hadException()) | 618 if (exceptionState.hadException()) |
| 594 return; | 619 return; |
| 595 | 620 |
| 596 if (details.hasError() && !details.error().isEmpty()) { | 621 if (details.hasError() && !details.error().isEmpty()) { |
| 597 exceptionState.throwTypeError("Error value should be empty"); | 622 exceptionState.throwTypeError("Error value should be empty"); |
| 598 return; | 623 return; |
| (...skipping 184 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 783 m_completeTimer.stop(); | 808 m_completeTimer.stop(); |
| 784 m_completeResolver.clear(); | 809 m_completeResolver.clear(); |
| 785 m_showResolver.clear(); | 810 m_showResolver.clear(); |
| 786 m_abortResolver.clear(); | 811 m_abortResolver.clear(); |
| 787 if (m_clientBinding.is_bound()) | 812 if (m_clientBinding.is_bound()) |
| 788 m_clientBinding.Close(); | 813 m_clientBinding.Close(); |
| 789 m_paymentProvider.reset(); | 814 m_paymentProvider.reset(); |
| 790 } | 815 } |
| 791 | 816 |
| 792 } // namespace blink | 817 } // namespace blink |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2394473002:
iframes with allowpaymentrequest attribute are allowed to make payment requests. (Closed)
