OLD | NEW |
1 /* | 1 /* |
2 * Copyright (C) 1998, 1999 Torben Weis <weis@kde.org> | 2 * Copyright (C) 1998, 1999 Torben Weis <weis@kde.org> |
3 * 1999 Lars Knoll <knoll@kde.org> | 3 * 1999 Lars Knoll <knoll@kde.org> |
4 * 1999 Antti Koivisto <koivisto@kde.org> | 4 * 1999 Antti Koivisto <koivisto@kde.org> |
5 * 2000 Simon Hausmann <hausmann@kde.org> | 5 * 2000 Simon Hausmann <hausmann@kde.org> |
6 * 2000 Stefan Schimanski <1Stein@gmx.de> | 6 * 2000 Stefan Schimanski <1Stein@gmx.de> |
7 * 2001 George Staikos <staikos@kde.org> | 7 * 2001 George Staikos <staikos@kde.org> |
8 * Copyright (C) 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Apple Inc. All | 8 * Copyright (C) 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Apple Inc. All |
9 * rights reserved. | 9 * rights reserved. |
10 * Copyright (C) 2005 Alexey Proskuryakov <ap@nypop.com> | 10 * Copyright (C) 2005 Alexey Proskuryakov <ap@nypop.com> |
(...skipping 189 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
200 toLocalFrame(this)->document()); | 200 toLocalFrame(this)->document()); |
201 return false; | 201 return false; |
202 } | 202 } |
203 if (!isAllowedNavigation && !errorReason.isNull()) | 203 if (!isAllowedNavigation && !errorReason.isNull()) |
204 printNavigationErrorMessage(targetFrame, errorReason.latin1().data()); | 204 printNavigationErrorMessage(targetFrame, errorReason.latin1().data()); |
205 return isAllowedNavigation; | 205 return isAllowedNavigation; |
206 } | 206 } |
207 | 207 |
208 bool Frame::canNavigateWithoutFramebusting(const Frame& targetFrame, | 208 bool Frame::canNavigateWithoutFramebusting(const Frame& targetFrame, |
209 String& reason) { | 209 String& reason) { |
| 210 if (&targetFrame == this) |
| 211 return true; |
| 212 |
210 if (securityContext()->isSandboxed(SandboxNavigation)) { | 213 if (securityContext()->isSandboxed(SandboxNavigation)) { |
211 // Sandboxed frames can navigate their own children. | 214 if (!targetFrame.tree().isDescendantOf(this) && |
212 if (targetFrame.tree().isDescendantOf(this)) | 215 !targetFrame.isMainFrame()) { |
213 return true; | |
214 | |
215 // They can also navigate popups, if the 'allow-sandbox-escape-via-popup' | |
216 // flag is specified. | |
217 if (targetFrame == targetFrame.tree().top() && | |
218 targetFrame.tree().top() != tree().top() && | |
219 !securityContext()->isSandboxed( | |
220 SandboxPropagatesToAuxiliaryBrowsingContexts)) | |
221 return true; | |
222 | |
223 // Top navigation can be opted-in. | |
224 if (!securityContext()->isSandboxed(SandboxTopNavigation) && | |
225 targetFrame == tree().top()) | |
226 return true; | |
227 | |
228 // Otherwise, block the navigation. | |
229 if (securityContext()->isSandboxed(SandboxTopNavigation) && | |
230 targetFrame == tree().top()) | |
231 reason = | |
232 "The frame attempting navigation of the top-level window is " | |
233 "sandboxed, but the 'allow-top-navigation' flag is not set."; | |
234 else | |
235 reason = | 216 reason = |
236 "The frame attempting navigation is sandboxed, and is therefore " | 217 "The frame attempting navigation is sandboxed, and is therefore " |
237 "disallowed from navigating its ancestors."; | 218 "disallowed from navigating its ancestors."; |
238 return false; | 219 return false; |
| 220 } |
| 221 |
| 222 // Sandboxed frames can also navigate popups, if the |
| 223 // 'allow-sandbox-escape-via-popup' flag is specified, or if |
| 224 // 'allow-popups' flag is specified, or if the |
| 225 if (targetFrame.isMainFrame() && targetFrame != tree().top() && |
| 226 securityContext()->isSandboxed( |
| 227 SandboxPropagatesToAuxiliaryBrowsingContexts) && |
| 228 (securityContext()->isSandboxed(SandboxPopups) || |
| 229 targetFrame.client()->opener() != this)) { |
| 230 reason = |
| 231 "The frame attempting navigation is sandboxed and is trying " |
| 232 "to navigate a popup, but is not the popup's opener and is not " |
| 233 "set to propagate sandboxing to popups."; |
| 234 return false; |
| 235 } |
| 236 |
| 237 // Top navigation is forbidden unless opted-in. allow-top-navigation |
| 238 // will also skips origin checks. |
| 239 if (targetFrame == tree().top()) { |
| 240 if (securityContext()->isSandboxed(SandboxTopNavigation)) { |
| 241 reason = |
| 242 "The frame attempting navigation of the top-level window is " |
| 243 "sandboxed, but the 'allow-top-navigation' flag is not set."; |
| 244 return false; |
| 245 } |
| 246 return true; |
| 247 } |
239 } | 248 } |
240 | 249 |
241 ASSERT(securityContext()->getSecurityOrigin()); | 250 ASSERT(securityContext()->getSecurityOrigin()); |
242 SecurityOrigin& origin = *securityContext()->getSecurityOrigin(); | 251 SecurityOrigin& origin = *securityContext()->getSecurityOrigin(); |
243 | 252 |
244 // This is the normal case. A document can navigate its decendant frames, | 253 // This is the normal case. A document can navigate its decendant frames, |
245 // or, more generally, a document can navigate a frame if the document is | 254 // or, more generally, a document can navigate a frame if the document is |
246 // in the same origin as any of that frame's ancestors (in the frame | 255 // in the same origin as any of that frame's ancestors (in the frame |
247 // hierarchy). | 256 // hierarchy). |
248 // | 257 // |
(...skipping 84 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
333 | 342 |
334 ASSERT(page()); | 343 ASSERT(page()); |
335 | 344 |
336 if (m_owner) | 345 if (m_owner) |
337 m_owner->setContentFrame(*this); | 346 m_owner->setContentFrame(*this); |
338 else | 347 else |
339 page()->setMainFrame(this); | 348 page()->setMainFrame(this); |
340 } | 349 } |
341 | 350 |
342 } // namespace blink | 351 } // namespace blink |
OLD | NEW |