third_party/WebKit/Source/bindings/core/v8/BindingSecurity.cpp - Issue 2439013002: Implement cross-origin attributes using access check interceptors.

Side by Side Diff: third_party/WebKit/Source/bindings/core/v8/BindingSecurity.cpp

Issue 2439013002: Implement cross-origin attributes using access check interceptors. (Closed)

Patch Set: etc2 Created 4 years ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

« third_party/WebKit/LayoutTests/http/tests/security/w3c/cross-origin-objects-expected.txt ('K') | « third_party/WebKit/Source/bindings/core/v8/BindingSecurity.h ('k') | third_party/WebKit/Source/bindings/core/v8/V8CrossOriginSetterInfo.h » ('j') | third_party/WebKit/Source/bindings/templates/interface_base.cpp.tmpl » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

OLD	NEW
1 /*	1 /*

2 * Copyright (C) 2009 Google Inc. All rights reserved.	2 * Copyright (C) 2009 Google Inc. All rights reserved.

3 *	3 *

4 * Redistribution and use in source and binary forms, with or without	4 * Redistribution and use in source and binary forms, with or without

5 * modification, are permitted provided that the following conditions are	5 * modification, are permitted provided that the following conditions are

6 * met:	6 * met:

7 *	7 *

8 * * Redistributions of source code must retain the above copyright	8 * * Redistributions of source code must retain the above copyright

9 * notice, this list of conditions and the following disclaimer.	9 * notice, this list of conditions and the following disclaimer.

10 * * Redistributions in binary form must reproduce the above	10 * * Redistributions in binary form must reproduce the above

(...skipping 12 matching lines...) Expand all Loading...
23 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT	23 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT

24 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	24 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,

25 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	25 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY

26 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT	26 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT

27 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	27 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE

28 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.	28 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

29 */	29 */

30	30

31 #include "bindings/core/v8/BindingSecurity.h"	31 #include "bindings/core/v8/BindingSecurity.h"

32	32

	33 #include "bindings/core/v8/ExceptionState.h"

33 #include "bindings/core/v8/V8Binding.h"	34 #include "bindings/core/v8/V8Binding.h"

34 #include "core/dom/Document.h"	35 #include "core/dom/Document.h"

35 #include "core/frame/LocalDOMWindow.h"	36 #include "core/frame/LocalDOMWindow.h"

36 #include "core/frame/LocalFrame.h"	37 #include "core/frame/LocalFrame.h"

37 #include "core/frame/Location.h"	38 #include "core/frame/Location.h"

38 #include "core/frame/Settings.h"	39 #include "core/frame/Settings.h"

39 #include "core/html/HTMLFrameElementBase.h"	40 #include "core/html/HTMLFrameElementBase.h"

40 #include "core/workers/MainThreadWorkletGlobalScope.h"	41 #include "core/workers/MainThreadWorkletGlobalScope.h"

41 #include "platform/weborigin/SecurityOrigin.h"	42 #include "platform/weborigin/SecurityOrigin.h"

42	43

(...skipping 172 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
215 CHECK(target && !target->frame())	216 CHECK(target && !target->frame())

216 << "This version of shouldAllowAccessToFrame() must be used only for "	217 << "This version of shouldAllowAccessToFrame() must be used only for "

217 << "detached windows.";	218 << "detached windows.";

218 if (!target->document())	219 if (!target->document())

219 return false;	220 return false;

220 return canAccessFrame(accessingWindow,	221 return canAccessFrame(accessingWindow,

221 target->document()->getSecurityOrigin(), target,	222 target->document()->getSecurityOrigin(), target,

222 exceptionState);	223 exceptionState);

223 }	224 }

224	225

	226 void BindingSecurity::failedAccessCheckFor(v8::Isolate* isolate,

	227 const Frame* target) {

	228 // TODO(dcheng): See if this null check can be removed or hoisted to a

	229 // different location.

	230 if (!target)
	dcheng 2016/12/07 08:19:08 This is probably needed, but I'd like to confirm i This is probably needed, but I'd like to confirm in a followup.
	231 return;

	232

	233 DOMWindow* targetWindow = target->domWindow();

	234

	235 // FIXME: We should modify V8 to pass in more contextual information (context,

	236 // property, and object).

	237 ExceptionState exceptionState(ExceptionState::UnknownContext, 0, 0,

	238 isolate->GetCurrentContext()->Global(),

	239 isolate);

	240 exceptionState.throwSecurityError(

	241 targetWindow->sanitizedCrossDomainAccessErrorMessage(

	242 currentDOMWindow(isolate)),

	243 targetWindow->crossDomainAccessErrorMessage(currentDOMWindow(isolate)));

	244 }

	245

225 } // namespace blink	246 } // namespace blink

OLD	NEW