Chromium Code Reviews Chromium Code Reviews
Issue 2439013002:
Implement cross-origin attributes using access check interceptors. (Closed)
| Index: third_party/WebKit/Source/bindings/templates/interface_base.cpp.tmpl |
| diff --git a/third_party/WebKit/Source/bindings/templates/interface_base.cpp.tmpl b/third_party/WebKit/Source/bindings/templates/interface_base.cpp.tmpl |
| index 0f9744bdcef8aea0ab3eb9ab6bc50b8f58166fa8..ec5049bf68d38ce017b65f3b4a6768ed9b27322b 100644 |
| --- a/third_party/WebKit/Source/bindings/templates/interface_base.cpp.tmpl |
| +++ b/third_party/WebKit/Source/bindings/templates/interface_base.cpp.tmpl |
| @@ -117,30 +117,9 @@ static void (*{{method.name}}MethodForPartialInterface)(const v8::FunctionCallba |
| {% endfor %} |
| {% endfor %} |
| {##############################################################################} |
| -{% block security_check_functions %} |
| -{% if has_access_check_callbacks and not is_partial %} |
| -bool securityCheck(v8::Local<v8::Context> accessingContext, v8::Local<v8::Object> accessedObject, v8::Local<v8::Value> data) { |
| - {% if interface_name == 'Window' %} |
| - v8::Isolate* isolate = v8::Isolate::GetCurrent(); |
| - v8::Local<v8::Object> window = V8Window::findInstanceInPrototypeChain(accessedObject, isolate); |
| - if (window.IsEmpty()) |
| - return false; // the frame is gone. |
| - |
| - const DOMWindow* targetWindow = V8Window::toImpl(window); |
| - return BindingSecurity::shouldAllowAccessTo(toLocalDOMWindow(toDOMWindow(accessingContext)), targetWindow, BindingSecurity::ErrorReportOption::DoNotReport); |
| - {% else %}{# if interface_name == 'Window' #} |
| - {# Not 'Window' means it\'s Location. #} |
| - {{cpp_class}}* impl = {{v8_class}}::toImpl(accessedObject); |
| - return BindingSecurity::shouldAllowAccessTo(toLocalDOMWindow(toDOMWindow(accessingContext)), impl, BindingSecurity::ErrorReportOption::DoNotReport); |
| - {% endif %}{# if interface_name == 'Window' #} |
| -} |
| - |
| -{% endif %} |
| -{% endblock %} |
| -{##############################################################################} |
| {# Methods #} |
| {% from 'methods.cpp.tmpl' import generate_method, overload_resolution_method, |
| - method_callback, origin_safe_method_getter, generate_constructor, |
| + method_callback, cross_origin_method_getter, generate_constructor, |
| method_implemented_in_private_script, generate_post_message_impl, |
| runtime_determined_length_method, runtime_determined_maxarg_method |
| with context %} |
| @@ -172,8 +151,8 @@ bool securityCheck(v8::Local<v8::Context> accessingContext, v8::Local<v8::Object |
| {{method_callback(method, world_suffix)}} |
| {% endif %} |
| {% endif %} |
| -{% if method.is_do_not_check_security and method.visible %} |
| -{{origin_safe_method_getter(method, world_suffix)}} |
| +{% if method.is_cross_origin and method.visible %} |
| +{{cross_origin_method_getter(method, world_suffix)}} |
| {% endif %} |
| {% endfor %} |
| {% endfor %} |
| @@ -181,7 +160,6 @@ bool securityCheck(v8::Local<v8::Context> accessingContext, v8::Local<v8::Object |
| {{generate_method(iterator_method)}} |
| {{method_callback(iterator_method)}} |
| {% endif %} |
| -{% block origin_safe_method_setter %}{% endblock %} |
| {# Constructors #} |
| {% for constructor in constructors %} |
| {{generate_constructor(constructor)}} |
| @@ -205,6 +183,109 @@ bool securityCheck(v8::Local<v8::Context> accessingContext, v8::Local<v8::Object |
| {% block indexed_property_setter_callback %}{% endblock %} |
| {% block indexed_property_deleter %}{% endblock %} |
| {% block indexed_property_deleter_callback %}{% endblock %} |
| +{##############################################################################} |
| +{% block security_check_functions %} |
|
dcheng
2016/11/02 01:46:42
This block is moved so it can reference the genera
|
| +{% if has_access_check_callbacks and not is_partial %} |
| +bool securityCheck(v8::Local<v8::Context> accessingContext, v8::Local<v8::Object> accessedObject, v8::Local<v8::Value> data) { |
| + {% if interface_name == 'Window' %} |
| + v8::Isolate* isolate = v8::Isolate::GetCurrent(); |
| + v8::Local<v8::Object> window = V8Window::findInstanceInPrototypeChain(accessedObject, isolate); |
| + if (window.IsEmpty()) |
| + return false; // the frame is gone. |
| + |
| + const DOMWindow* targetWindow = V8Window::toImpl(window); |
| + return BindingSecurity::shouldAllowAccessTo(toLocalDOMWindow(toDOMWindow(accessingContext)), targetWindow, BindingSecurity::ErrorReportOption::DoNotReport); |
| + {% else %}{# if interface_name == 'Window' #} |
| + {# Not 'Window' means it\'s Location. #} |
| + {{cpp_class}}* impl = {{v8_class}}::toImpl(accessedObject); |
| + return BindingSecurity::shouldAllowAccessTo(toLocalDOMWindow(toDOMWindow(accessingContext)), impl, BindingSecurity::ErrorReportOption::DoNotReport); |
| + {% endif %}{# if interface_name == 'Window' #} |
| +} |
| + |
| +{% if has_cross_origin_named_getter %} |
| +void crossOriginNamedGetter(v8::Local<v8::Name> name, const v8::PropertyCallbackInfo<v8::Value>& info) { |
| + if (!name->IsString()) |
| + return; |
| + const AtomicString& propertyName = toCoreAtomicString(name.As<v8::String>()); |
| + |
| + // TODO(dcheng): Can we / should we use AtomicString here? That means using DEFINE_STATIC_LOCAL here. |
| + static const struct AttributeInfo { |
| + const char* const name; |
| + using GetterCallback = void(*)(const v8::PropertyCallbackInfo<v8::Value>&); |
| + const GetterCallback getter; |
| + } kAttributeInfoList[] = { |
| + {##### Cross-origin attributes #####} |
| + {##### TODO(dcheng): Should another layer assert that should_be_exposed_to_script is true and world_suffixes == ['']? #####} |
| + {% for attribute in attributes if attribute.has_cross_origin_getter %} |
| + {##### TODO(dcheng): error out on attribute.has_custom_getter and attribute.constructor_type? #####} |
|
dcheng
2016/11/02 01:46:42
For all these TODOs, I'm open to the best way to p
|
| + {"{{attribute.name}}", &{{cpp_class}}V8Internal::{{attribute.name}}AttributeGetter}, |
| + {% endfor %} |
| + {##### Cross-origin methods #####} |
| + {##### TODO(dcheng): Should another layer assert that method.visible is true? #####} |
| + {% for method in methods if method.is_cross_origin %} |
| + {"{{method.name}}", &{{cpp_class}}V8Internal::{{method.name}}CrossOriginMethodGetter}, |
| + {% endfor %} |
| + }; |
| + |
| + for (const auto& attribute: kAttributeInfoList) { |
| + if (propertyName == attribute.name) { |
| + attribute.getter(info); |
| + return; |
| + } |
| + } |
| + |
| + {% if named_property_getter and named_property_getter.is_cross_origin %} |
| + {% if named_property_getter.is_custom %} |
| + {{v8_class}}::namedPropertyGetterCustom(propertyName, info); |
| + {% else %} |
| + {{cpp_class}}V8Internal::namedPropertyGetter(propertyName, info); |
| + {% endif %} |
| + {% endif %} |
| +} |
| +{% endif %} |
| + |
| +{% if has_cross_origin_named_setter %} |
| +void crossOriginNamedSetter(v8::Local<v8::Name> name, v8::Local<v8::Value> value, const v8::PropertyCallbackInfo<v8::Value>& info) { |
| + if (!name->IsString()) |
| + return; |
| + const AtomicString& propertyName = toCoreAtomicString(name.As<v8::String>()); |
| + |
| + // TODO(dcheng): Can we / should we use AtomicString here? That means using DEFINE_STATIC_LOCAL here. |
| + static const struct AttributeInfo { |
| + const char* const name; |
| + using SetterCallback = void(*)(v8::Local<v8::Value>, const V8CrossOriginSetterInfo&); |
| + const SetterCallback setter; |
| + } kAttributeInfoList[] = { |
| + {##### Cross-origin attributes #####} |
| + {##### TODO(dcheng): Should another layer assert that should_be_exposed_to_script is true and world_suffixes == ['']? #####} |
| + {% for attribute in attributes if attribute.has_cross_origin_setter %} |
| + {##### TODO(dcheng): error out on attribute.has_custom_setter? #####} |
| + {"{{attribute.name}}", &{{cpp_class}}V8Internal::{{attribute.name}}AttributeSetter}, |
| + {% endfor %} |
| + }; |
| + |
| + for (const auto& attribute: kAttributeInfoList) { |
| + if (propertyName == attribute.name) { |
| + attribute.setter(value, V8CrossOriginSetterInfo(info.GetIsolate(), info.Holder())); |
| + return; |
| + } |
| + } |
| +} |
| +{% endif %} |
| + |
| +{% if has_cross_origin_indexed_getter %} |
| +void crossOriginIndexedGetter(uint32_t index, const v8::PropertyCallbackInfo<v8::Value>& info) { |
| + {% if indexed_property_getter.is_custom %} |
| + {{v8_class}}::indexedPropertyGetterCustom(index, info); |
| + {% else %} |
| + {{cpp_class}}V8Internal::indexedPropertyGetter(index, info); |
| + {% endif %} |
| +} |
| +{% endif %} |
| + |
| +{% endif %} |
| +{% endblock %} |
| +{##############################################################################} |
| } // namespace {{cpp_class_or_partial}}V8Internal |
| {% block visit_dom_wrapper %}{% endblock %} |
| @@ -314,7 +395,10 @@ static void install{{v8_class}}Template(v8::Isolate* isolate, const DOMWrapperWo |
| {% endfilter %} |
| {%- if has_access_check_callbacks and not is_partial %}{{newline}} |
| // Cross-origin access check |
| - instanceTemplate->SetAccessCheckCallback({{cpp_class}}V8Internal::securityCheck, v8::External::New(isolate, const_cast<WrapperTypeInfo*>(&{{v8_class}}::wrapperTypeInfo))); |
| + {% set cross_origin_named_getter = '%sV8Internal::crossOriginNamedGetter' % cpp_class if has_cross_origin_named_getter else 'nullptr' %} |
| + {% set cross_origin_named_setter = '%sV8Internal::crossOriginNamedSetter' % cpp_class if has_cross_origin_named_setter else 'nullptr' %} |
| + {% set cross_origin_indexed_getter = '%sV8Internal::crossOriginIndexedGetter' % cpp_class if has_cross_origin_indexed_getter else 'nullptr' %} |
| + instanceTemplate->SetAccessCheckCallbackAndHandler({{cpp_class}}V8Internal::securityCheck, v8::NamedPropertyHandlerConfiguration({{cross_origin_named_getter}}, {{cross_origin_named_setter}}), v8::IndexedPropertyHandlerConfiguration({{cross_origin_indexed_getter}}), v8::External::New(isolate, const_cast<WrapperTypeInfo*>(&{{v8_class}}::wrapperTypeInfo))); |
| {% endif %} |
| {%- for group in attributes | purely_runtime_enabled_attributes | groupby('runtime_feature_name') %}{{newline}} |
| @@ -371,11 +455,7 @@ static void install{{v8_class}}Template(v8::Isolate* isolate, const DOMWrapperWo |
| if method.overloads else method.exposed_test) %} |
| {% filter runtime_enabled(method.overloads.runtime_enabled_function_all |
| if method.overloads else method.runtime_enabled_function) %} |
| - {% if method.is_do_not_check_security %} |
| - {{install_do_not_check_security_method(method, '', 'instanceTemplate', 'prototypeTemplate') | indent(2)}} |
| - {% else %} |
| {{install_custom_signature(method, 'instanceTemplate', 'prototypeTemplate', 'interfaceTemplate', 'signature') | indent(2)}} |
| - {% endif %} |
| {% endfilter %} |
| {% endfilter %} |
| {% endfor %} |
