Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(911)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: third_party/WebKit/Source/modules/payments/PaymentRequest.cpp

Issue 2394473002: iframes with allowpaymentrequest attribute are allowed to make payment requests. (Closed)
Patch Set: Created 4 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« third_party/WebKit/Source/core/html/HTMLIFrameElement.idl ('K') | « third_party/WebKit/Source/core/html/HTMLIFrameElement.idl ('k') | third_party/WebKit/Source/web/FrameLoaderClientImpl.cpp » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: third_party/WebKit/Source/modules/payments/PaymentRequest.cpp
diff --git a/third_party/WebKit/Source/modules/payments/PaymentRequest.cpp b/third_party/WebKit/Source/modules/payments/PaymentRequest.cpp
index bf26a120ac4021fd6f8eeb16573ed382e1799c7c..35fd772ef118f0c68a9c17fe33ff5e8468ddde30 100644
--- a/third_party/WebKit/Source/modules/payments/PaymentRequest.cpp
+++ b/third_party/WebKit/Source/modules/payments/PaymentRequest.cpp
@@ -14,6 +14,7 @@
#include "core/dom/ExceptionCode.h"
#include "core/events/Event.h"
#include "core/events/EventQueue.h"
+#include "core/frame/FrameOwner.h"
#include "modules/EventTargetModulesNames.h"
#include "modules/payments/PaymentAddress.h"
#include "modules/payments/PaymentItem.h"
@@ -407,6 +408,30 @@ String getValidShippingType(const String& shippingType) {
return validValues[0];
}
+bool allowedToUsePaymentRequest(const Frame* frame) {
+ // To determine whether a Document object |document| is allowed to use the
+ // feature indicated by attribute name |allowpaymentrequest|, run these steps:
+
+ // 1. If |document| has no browsing context, then return false.
+ if (!frame)
+ return false;
+
+ // 2. If |document|'s browsing context is a top-level browsing context, then
+ // return true.
+ if (frame->isMainFrame())
+ return true;
+
+ // 3. If |document|'s browsing context has a browsing context container that
+ // is an iframe element with an |allowpaymentrequest| attribute specified, and
+ // whose node document is allowed to use the feature indicated by
+ // |allowpaymentrequest|, then return true.
+ if (frame->owner() && frame->owner()->allowPaymentRequest())
+ return allowedToUsePaymentRequest(frame->tree().parent());
+
+ // 4. Return false.
+ return false;
+}
+
} // namespace
PaymentRequest* PaymentRequest::create(
@@ -582,10 +607,10 @@ PaymentRequest::PaymentRequest(ScriptState* scriptState,
return;
}
- if (!scriptState->domWindow()->frame() ||
- !scriptState->domWindow()->frame()->isMainFrame()) {
+ if (!allowedToUsePaymentRequest(scriptState->domWindow()->frame())) {
exceptionState.throwSecurityError(
- "Must be in a top-level browsing context");
+ "Must be in a top-level browsing context or an iframe needs to specify "
+ "'allowpaymentrequest' explicitly");
return;
}
« third_party/WebKit/Source/core/html/HTMLIFrameElement.idl ('K') | « third_party/WebKit/Source/core/html/HTMLIFrameElement.idl ('k') | third_party/WebKit/Source/web/FrameLoaderClientImpl.cpp » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698