| OLD | NEW |
|---|
| 1 // Copyright 2016 The Chromium Authors. All rights reserved. | 1 // Copyright 2016 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "modules/payments/PaymentRequest.h" | 5 #include "modules/payments/PaymentRequest.h" |
| 6 | 6 |
| 7 #include "bindings/core/v8/ExceptionState.h" | 7 #include "bindings/core/v8/ExceptionState.h" |
| 8 #include "bindings/core/v8/JSONValuesForV8.h" | 8 #include "bindings/core/v8/JSONValuesForV8.h" |
| 9 #include "bindings/core/v8/ScriptPromiseResolver.h" | 9 #include "bindings/core/v8/ScriptPromiseResolver.h" |
| 10 #include "bindings/core/v8/ScriptState.h" | 10 #include "bindings/core/v8/ScriptState.h" |
| 11 #include "bindings/modules/v8/V8PaymentDetails.h" | 11 #include "bindings/modules/v8/V8PaymentDetails.h" |
| 12 #include "core/EventTypeNames.h" | 12 #include "core/EventTypeNames.h" |
| 13 #include "core/dom/DOMException.h" | 13 #include "core/dom/DOMException.h" |
| 14 #include "core/dom/ExceptionCode.h" | 14 #include "core/dom/ExceptionCode.h" |
| 15 #include "core/events/Event.h" | 15 #include "core/events/Event.h" |
| 16 #include "core/events/EventQueue.h" | 16 #include "core/events/EventQueue.h" |
| 17 #include "core/frame/FrameOwner.h" |
| 17 #include "modules/EventTargetModulesNames.h" | 18 #include "modules/EventTargetModulesNames.h" |
| 18 #include "modules/payments/PaymentAddress.h" | 19 #include "modules/payments/PaymentAddress.h" |
| 19 #include "modules/payments/PaymentItem.h" | 20 #include "modules/payments/PaymentItem.h" |
| 20 #include "modules/payments/PaymentRequestUpdateEvent.h" | 21 #include "modules/payments/PaymentRequestUpdateEvent.h" |
| 21 #include "modules/payments/PaymentResponse.h" | 22 #include "modules/payments/PaymentResponse.h" |
| 22 #include "modules/payments/PaymentShippingOption.h" | 23 #include "modules/payments/PaymentShippingOption.h" |
| 23 #include "modules/payments/PaymentsValidators.h" | 24 #include "modules/payments/PaymentsValidators.h" |
| 24 #include "mojo/public/cpp/bindings/interface_request.h" | 25 #include "mojo/public/cpp/bindings/interface_request.h" |
| 25 #include "mojo/public/cpp/bindings/wtf_array.h" | 26 #include "mojo/public/cpp/bindings/wtf_array.h" |
| 26 #include "platform/mojo/MojoHelper.h" | 27 #include "platform/mojo/MojoHelper.h" |
| (...skipping 375 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 402 static const char* const validValues[] = { | 403 static const char* const validValues[] = { |
| 403 "shipping", "delivery", "pickup", | 404 "shipping", "delivery", "pickup", |
| 404 }; | 405 }; |
| 405 for (size_t i = 0; i < WTF_ARRAY_LENGTH(validValues); i++) { | 406 for (size_t i = 0; i < WTF_ARRAY_LENGTH(validValues); i++) { |
| 406 if (shippingType == validValues[i]) | 407 if (shippingType == validValues[i]) |
| 407 return shippingType; | 408 return shippingType; |
| 408 } | 409 } |
| 409 return validValues[0]; | 410 return validValues[0]; |
| 410 } | 411 } |
| 411 | 412 |
| 413 bool allowedToUsePaymentRequest(const Frame* frame) { |
| 414 // To determine whether a Document object |document| is allowed to use the |
| 415 // feature indicated by attribute name |allowpaymentrequest|, run these steps: |
| 416 |
| 417 // 1. If |document| has no browsing context, then return false. |
| 418 if (!frame) |
| 419 return false; |
| 420 |
| 421 // 2. If |document|'s browsing context is a top-level browsing context, then |
| 422 // return true. |
| 423 if (frame->isMainFrame()) |
| 424 return true; |
| 425 |
| 426 // 3. If |document|'s browsing context has a browsing context container that |
| 427 // is an iframe element with an |allowpaymentrequest| attribute specified, and |
| 428 // whose node document is allowed to use the feature indicated by |
| 429 // |allowpaymentrequest|, then return true. |
| 430 if (frame->owner() && frame->owner()->allowPaymentRequest()) |
| 431 return allowedToUsePaymentRequest(frame->tree().parent()); |
| 432 |
| 433 // 4. Return false. |
| 434 return false; |
| 435 } |
| 436 |
| 412 } // namespace | 437 } // namespace |
| 413 | 438 |
| 414 PaymentRequest* PaymentRequest::create( | 439 PaymentRequest* PaymentRequest::create( |
| 415 ScriptState* scriptState, | 440 ScriptState* scriptState, |
| 416 const HeapVector<PaymentMethodData>& methodData, | 441 const HeapVector<PaymentMethodData>& methodData, |
| 417 const PaymentDetails& details, | 442 const PaymentDetails& details, |
| 418 ExceptionState& exceptionState) { | 443 ExceptionState& exceptionState) { |
| 419 return new PaymentRequest(scriptState, methodData, details, PaymentOptions(), | 444 return new PaymentRequest(scriptState, methodData, details, PaymentOptions(), |
| 420 exceptionState); | 445 exceptionState); |
| 421 } | 446 } |
| (...skipping 155 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 577 validateAndConvertPaymentMethodData(methodData, &validatedMethodData, | 602 validateAndConvertPaymentMethodData(methodData, &validatedMethodData, |
| 578 exceptionState); | 603 exceptionState); |
| 579 if (exceptionState.hadException()) | 604 if (exceptionState.hadException()) |
| 580 return; | 605 return; |
| 581 | 606 |
| 582 if (!scriptState->getExecutionContext()->isSecureContext()) { | 607 if (!scriptState->getExecutionContext()->isSecureContext()) { |
| 583 exceptionState.throwSecurityError("Must be in a secure context"); | 608 exceptionState.throwSecurityError("Must be in a secure context"); |
| 584 return; | 609 return; |
| 585 } | 610 } |
| 586 | 611 |
| 587 if (!scriptState->domWindow()->frame() || | 612 if (!allowedToUsePaymentRequest(scriptState->domWindow()->frame())) { |
| 588 !scriptState->domWindow()->frame()->isMainFrame()) { | |
| 589 exceptionState.throwSecurityError( | 613 exceptionState.throwSecurityError( |
| 590 "Must be in a top-level browsing context"); | 614 "Must be in a top-level browsing context or an iframe needs to specify " |
| 615 "'allowpaymentrequest' explicitly"); |
| 591 return; | 616 return; |
| 592 } | 617 } |
| 593 | 618 |
| 594 PaymentDetails fixedDetails(details); | 619 PaymentDetails fixedDetails(details); |
| 595 validateAndFixupPaymentDetails(fixedDetails, exceptionState); | 620 validateAndFixupPaymentDetails(fixedDetails, exceptionState); |
| 596 if (exceptionState.hadException()) | 621 if (exceptionState.hadException()) |
| 597 return; | 622 return; |
| 598 | 623 |
| 599 if (fixedDetails.hasError() && !fixedDetails.error().isEmpty()) { | 624 if (fixedDetails.hasError() && !fixedDetails.error().isEmpty()) { |
| 600 exceptionState.throwTypeError("Error value should be empty"); | 625 exceptionState.throwTypeError("Error value should be empty"); |
| (...skipping 185 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 786 m_completeTimer.stop(); | 811 m_completeTimer.stop(); |
| 787 m_completeResolver.clear(); | 812 m_completeResolver.clear(); |
| 788 m_showResolver.clear(); | 813 m_showResolver.clear(); |
| 789 m_abortResolver.clear(); | 814 m_abortResolver.clear(); |
| 790 if (m_clientBinding.is_bound()) | 815 if (m_clientBinding.is_bound()) |
| 791 m_clientBinding.Close(); | 816 m_clientBinding.Close(); |
| 792 m_paymentProvider.reset(); | 817 m_paymentProvider.reset(); |
| 793 } | 818 } |
| 794 | 819 |
| 795 } // namespace blink | 820 } // namespace blink |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2394473002:
iframes with allowpaymentrequest attribute are allowed to make payment requests. (Closed)
