third_party/WebKit/Source/bindings/scripts/v8_attributes.py - Issue 2439013002: Implement cross-origin attributes using access check interceptors.

Unified Diff: third_party/WebKit/Source/bindings/scripts/v8_attributes.py

Issue 2439013002: Implement cross-origin attributes using access check interceptors. (Closed)

Patch Set: Address feedback and fix cross-origin location set Created 4 years, 1 month ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

« third_party/WebKit/Source/bindings/IDLExtendedAttributes.txt ('K') | « third_party/WebKit/Source/bindings/core/v8/WindowProxy.cpp ('k') | third_party/WebKit/Source/bindings/scripts/v8_interface.py » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

Index: third_party/WebKit/Source/bindings/scripts/v8_attributes.py

diff --git a/third_party/WebKit/Source/bindings/scripts/v8_attributes.py b/third_party/WebKit/Source/bindings/scripts/v8_attributes.py

index d28bb73b68382f9b7faf5127494a391d5881177a..5100dc8da228c2b0754d3b45c2d05c0b85cac273 100644

--- a/third_party/WebKit/Source/bindings/scripts/v8_attributes.py

+++ b/third_party/WebKit/Source/bindings/scripts/v8_attributes.py

@@ -68,14 +68,19 @@ def attribute_context(interface, attribute, interfaces):

includes.add('core/inspector/ConsoleMessage.h')

# [CheckSecurity]

- is_do_not_check_security = 'DoNotCheckSecurity' in extended_attributes

+ is_cross_origin = 'CrossOrigin' in extended_attributes

+ # TODO(dcheng): It doesn't seem to make sense for this to be mutually

+ # exclusive from CrossOrigin.

is_check_security_for_receiver = (

has_extended_attribute_value(interface, 'CheckSecurity', 'Receiver') and

- not is_do_not_check_security)

+ not is_cross_origin)

is_check_security_for_return_value = (

has_extended_attribute_value(attribute, 'CheckSecurity', 'ReturnValue'))

if is_check_security_for_receiver or is_check_security_for_return_value:

includes.add('bindings/core/v8/BindingSecurity.h')

+ # [CrossOrigin]

+ if has_extended_attribute_value(attribute, 'CrossOrigin', 'Setter'):

+ includes.add('bindings/core/v8/V8CrossOriginSetterInfo.h')

# [Constructor]

# TODO(yukishiino): Constructors are much like methods although constructors

# are not methods. Constructors must be data-type properties, and we can

@@ -133,6 +138,10 @@ def attribute_context(interface, attribute, interfaces):

'enum_type': idl_type.enum_type,

'enum_values': idl_type.enum_values,

'exposed_test': v8_utilities.exposed(attribute, interface), # [Exposed]

+ 'has_cross_origin_getter':

+ has_extended_attribute_value(attribute, 'CrossOrigin', None) or

+ has_extended_attribute_value(attribute, 'CrossOrigin', 'Getter'),

+ 'has_cross_origin_setter': has_extended_attribute_value(attribute, 'CrossOrigin', 'Setter'),

'has_custom_getter': has_custom_getter(attribute),

'has_custom_setter': has_custom_setter(attribute),

'has_setter': has_setter(interface, attribute),

@@ -532,18 +541,10 @@ def has_setter(interface, attribute):

return is_writable(attribute)

-# [DoNotCheckSecurity], [Unforgeable]

+# [Unforgeable]

def access_control_list(interface, attribute):

extended_attributes = attribute.extended_attributes

access_control = []

- if 'DoNotCheckSecurity' in extended_attributes:

- do_not_check_security = extended_attributes['DoNotCheckSecurity']

- if do_not_check_security == 'Setter':

- access_control.append('v8::ALL_CAN_WRITE')

- else:

- access_control.append('v8::ALL_CAN_READ')

- if has_setter(interface, attribute):

- access_control.append('v8::ALL_CAN_WRITE')

if is_unforgeable(interface, attribute):

access_control.append('v8::PROHIBITS_OVERWRITING')

return access_control or ['v8::DEFAULT']