| OLD | NEW |
|---|
| 1 // Copyright 2016 The Chromium Authors. All rights reserved. | 1 // Copyright 2016 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "modules/payments/PaymentRequest.h" | 5 #include "modules/payments/PaymentRequest.h" |
| 6 | 6 |
| 7 #include "bindings/core/v8/ExceptionState.h" | 7 #include "bindings/core/v8/ExceptionState.h" |
| 8 #include "bindings/core/v8/JSONValuesForV8.h" | 8 #include "bindings/core/v8/JSONValuesForV8.h" |
| 9 #include "bindings/core/v8/ScriptPromiseResolver.h" | 9 #include "bindings/core/v8/ScriptPromiseResolver.h" |
| 10 #include "bindings/core/v8/ScriptState.h" | 10 #include "bindings/core/v8/ScriptState.h" |
| 11 #include "bindings/modules/v8/V8PaymentDetails.h" | 11 #include "bindings/modules/v8/V8PaymentDetails.h" |
| 12 #include "core/EventTypeNames.h" | 12 #include "core/EventTypeNames.h" |
| 13 #include "core/dom/DOMException.h" | 13 #include "core/dom/DOMException.h" |
| 14 #include "core/dom/ExceptionCode.h" | 14 #include "core/dom/ExceptionCode.h" |
| 15 #include "core/events/Event.h" | 15 #include "core/events/Event.h" |
| 16 #include "core/events/EventQueue.h" | 16 #include "core/events/EventQueue.h" |
| 17 #include "core/frame/FrameOwner.h" |
| 18 #include "core/html/HTMLIFrameElement.h" |
| 17 #include "modules/EventTargetModulesNames.h" | 19 #include "modules/EventTargetModulesNames.h" |
| 20 #include "modules/payments/HTMLIFrameElementPayments.h" |
| 18 #include "modules/payments/PaymentAddress.h" | 21 #include "modules/payments/PaymentAddress.h" |
| 19 #include "modules/payments/PaymentItem.h" | 22 #include "modules/payments/PaymentItem.h" |
| 20 #include "modules/payments/PaymentRequestUpdateEvent.h" | 23 #include "modules/payments/PaymentRequestUpdateEvent.h" |
| 21 #include "modules/payments/PaymentResponse.h" | 24 #include "modules/payments/PaymentResponse.h" |
| 22 #include "modules/payments/PaymentShippingOption.h" | 25 #include "modules/payments/PaymentShippingOption.h" |
| 23 #include "modules/payments/PaymentsValidators.h" | 26 #include "modules/payments/PaymentsValidators.h" |
| 24 #include "mojo/public/cpp/bindings/interface_request.h" | 27 #include "mojo/public/cpp/bindings/interface_request.h" |
| 25 #include "mojo/public/cpp/bindings/wtf_array.h" | 28 #include "mojo/public/cpp/bindings/wtf_array.h" |
| 26 #include "platform/mojo/MojoHelper.h" | 29 #include "platform/mojo/MojoHelper.h" |
| 27 #include "public/platform/InterfaceProvider.h" | 30 #include "public/platform/InterfaceProvider.h" |
| (...skipping 393 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 421 | 424 |
| 422 mojom::blink::PaymentDetailsPtr maybeKeepShippingOptions( | 425 mojom::blink::PaymentDetailsPtr maybeKeepShippingOptions( |
| 423 mojom::blink::PaymentDetailsPtr details, | 426 mojom::blink::PaymentDetailsPtr details, |
| 424 bool keep) { | 427 bool keep) { |
| 425 if (!keep) | 428 if (!keep) |
| 426 details->shipping_options.resize(0); | 429 details->shipping_options.resize(0); |
| 427 | 430 |
| 428 return details; | 431 return details; |
| 429 } | 432 } |
| 430 | 433 |
| 434 bool allowedToUsePaymentRequest(const Frame* frame) { |
| 435 // To determine whether a Document object |document| is allowed to use the |
| 436 // feature indicated by attribute name |allowpaymentrequest|, run these steps: |
| 437 |
| 438 // 1. If |document| has no browsing context, then return false. |
| 439 if (!frame) |
| 440 return false; |
| 441 |
| 442 // 2. If |document|'s browsing context is a top-level browsing context, then |
| 443 // return true. |
| 444 if (frame->isMainFrame()) |
| 445 return true; |
| 446 |
| 447 // 3. If |document|'s browsing context has a browsing context container that |
| 448 // is an iframe element with an |allowpaymentrequest| attribute specified, and |
| 449 // whose node document is allowed to use the feature indicated by |
| 450 // |allowpaymentrequest|, then return true. |
| 451 HTMLFrameOwnerElement* ownerElement = toHTMLFrameOwnerElement(frame->owner()); |
| 452 if (ownerElement && isHTMLIFrameElement(ownerElement)) { |
| 453 HTMLIFrameElement* iframe = toHTMLIFrameElement(ownerElement); |
| 454 if (HTMLIFrameElementPayments::from(*iframe).allowPaymentRequest(*iframe)) |
| 455 return allowedToUsePaymentRequest(frame->tree().parent()); |
| 456 } |
| 457 |
| 458 // 4. Return false. |
| 459 return false; |
| 460 } |
| 461 |
| 431 } // namespace | 462 } // namespace |
| 432 | 463 |
| 433 PaymentRequest* PaymentRequest::create( | 464 PaymentRequest* PaymentRequest::create( |
| 434 ScriptState* scriptState, | 465 ScriptState* scriptState, |
| 435 const HeapVector<PaymentMethodData>& methodData, | 466 const HeapVector<PaymentMethodData>& methodData, |
| 436 const PaymentDetails& details, | 467 const PaymentDetails& details, |
| 437 ExceptionState& exceptionState) { | 468 ExceptionState& exceptionState) { |
| 438 return new PaymentRequest(scriptState, methodData, details, PaymentOptions(), | 469 return new PaymentRequest(scriptState, methodData, details, PaymentOptions(), |
| 439 exceptionState); | 470 exceptionState); |
| 440 } | 471 } |
| (...skipping 160 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 601 validateAndConvertPaymentMethodData(methodData, &validatedMethodData, | 632 validateAndConvertPaymentMethodData(methodData, &validatedMethodData, |
| 602 exceptionState); | 633 exceptionState); |
| 603 if (exceptionState.hadException()) | 634 if (exceptionState.hadException()) |
| 604 return; | 635 return; |
| 605 | 636 |
| 606 if (!scriptState->getExecutionContext()->isSecureContext()) { | 637 if (!scriptState->getExecutionContext()->isSecureContext()) { |
| 607 exceptionState.throwSecurityError("Must be in a secure context"); | 638 exceptionState.throwSecurityError("Must be in a secure context"); |
| 608 return; | 639 return; |
| 609 } | 640 } |
| 610 | 641 |
| 611 if (!scriptState->domWindow()->frame() || | 642 if (!allowedToUsePaymentRequest(scriptState->domWindow()->frame())) { |
| 612 !scriptState->domWindow()->frame()->isMainFrame()) { | |
| 613 exceptionState.throwSecurityError( | 643 exceptionState.throwSecurityError( |
| 614 "Must be in a top-level browsing context"); | 644 "Must be in a top-level browsing context or an iframe needs to specify " |
| 645 "'allowpaymentrequest' explicitly"); |
| 615 return; | 646 return; |
| 616 } | 647 } |
| 617 | 648 |
| 618 bool keepShippingOptions = validatePaymentDetails(details, exceptionState); | 649 bool keepShippingOptions = validatePaymentDetails(details, exceptionState); |
| 619 if (exceptionState.hadException()) | 650 if (exceptionState.hadException()) |
| 620 return; | 651 return; |
| 621 | 652 |
| 622 if (details.hasError() && !details.error().isEmpty()) { | 653 if (details.hasError() && !details.error().isEmpty()) { |
| 623 exceptionState.throwTypeError("Error value should be empty"); | 654 exceptionState.throwTypeError("Error value should be empty"); |
| 624 return; | 655 return; |
| (...skipping 186 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 811 m_completeTimer.stop(); | 842 m_completeTimer.stop(); |
| 812 m_completeResolver.clear(); | 843 m_completeResolver.clear(); |
| 813 m_showResolver.clear(); | 844 m_showResolver.clear(); |
| 814 m_abortResolver.clear(); | 845 m_abortResolver.clear(); |
| 815 if (m_clientBinding.is_bound()) | 846 if (m_clientBinding.is_bound()) |
| 816 m_clientBinding.Close(); | 847 m_clientBinding.Close(); |
| 817 m_paymentProvider.reset(); | 848 m_paymentProvider.reset(); |
| 818 } | 849 } |
| 819 | 850 |
| 820 } // namespace blink | 851 } // namespace blink |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2394473002:
iframes with allowpaymentrequest attribute are allowed to make payment requests. (Closed)
