Chromium Code Reviews Chromium Code Reviews
Issue 2439013002:
Implement cross-origin attributes using access check interceptors. (Closed)
| Index: third_party/WebKit/Source/bindings/templates/interface_base.cpp.tmpl |
| diff --git a/third_party/WebKit/Source/bindings/templates/interface_base.cpp.tmpl b/third_party/WebKit/Source/bindings/templates/interface_base.cpp.tmpl |
| index 008729d5f1802e74455337176bb62f3d434a4c67..e875dab35a42a5e3affab2d9afb182c07f1e6574 100644 |
| --- a/third_party/WebKit/Source/bindings/templates/interface_base.cpp.tmpl |
| +++ b/third_party/WebKit/Source/bindings/templates/interface_base.cpp.tmpl |
| @@ -117,28 +117,6 @@ static void (*{{method.name}}MethodForPartialInterface)(const v8::FunctionCallba |
| {% endfor %} |
| {% endfor %} |
| {##############################################################################} |
| -{% block security_check_functions %} |
| -{% if has_access_check_callbacks and not is_partial %} |
| -bool securityCheck(v8::Local<v8::Context> accessingContext, v8::Local<v8::Object> accessedObject, v8::Local<v8::Value> data) |
| -{ |
| - {% if interface_name == 'Window' %} |
| - v8::Isolate* isolate = v8::Isolate::GetCurrent(); |
| - v8::Local<v8::Object> window = V8Window::findInstanceInPrototypeChain(accessedObject, isolate); |
| - if (window.IsEmpty()) |
| - return false; // the frame is gone. |
| - |
| - const DOMWindow* targetWindow = V8Window::toImpl(window); |
| - return BindingSecurity::shouldAllowAccessTo(toLocalDOMWindow(toDOMWindow(accessingContext)), targetWindow, BindingSecurity::ErrorReportOption::DoNotReport); |
| - {% else %}{# if interface_name == 'Window' #} |
| - {# Not 'Window' means it\'s Location. #} |
| - {{cpp_class}}* impl = {{v8_class}}::toImpl(accessedObject); |
| - return BindingSecurity::shouldAllowAccessTo(toLocalDOMWindow(toDOMWindow(accessingContext)), impl, BindingSecurity::ErrorReportOption::DoNotReport); |
| - {% endif %}{# if interface_name == 'Window' #} |
| -} |
| - |
| -{% endif %} |
| -{% endblock %} |
| -{##############################################################################} |
| {# Methods #} |
| {% from 'methods.cpp.tmpl' import generate_method, overload_resolution_method, |
| method_callback, origin_safe_method_getter, generate_constructor, |
| @@ -206,6 +184,99 @@ bool securityCheck(v8::Local<v8::Context> accessingContext, v8::Local<v8::Object |
| {% block indexed_property_setter_callback %}{% endblock %} |
| {% block indexed_property_deleter %}{% endblock %} |
| {% block indexed_property_deleter_callback %}{% endblock %} |
| +{##############################################################################} |
| +{% block security_check_functions %} |
| +{% if has_access_check_callbacks and not is_partial %} |
| +bool securityCheck(v8::Local<v8::Context> accessingContext, v8::Local<v8::Object> accessedObject, v8::Local<v8::Value> data) |
| +{ |
| + {% if interface_name == 'Window' %} |
| + v8::Isolate* isolate = v8::Isolate::GetCurrent(); |
| + v8::Local<v8::Object> window = V8Window::findInstanceInPrototypeChain(accessedObject, isolate); |
| + if (window.IsEmpty()) |
| + return false; // the frame is gone. |
| + |
| + const DOMWindow* targetWindow = V8Window::toImpl(window); |
| + return BindingSecurity::shouldAllowAccessTo(toLocalDOMWindow(toDOMWindow(accessingContext)), targetWindow, BindingSecurity::ErrorReportOption::DoNotReport); |
| + {% else %}{# if interface_name == 'Window' #} |
| + {# Not 'Window' means it\'s Location. #} |
| + {{cpp_class}}* impl = {{v8_class}}::toImpl(accessedObject); |
| + return BindingSecurity::shouldAllowAccessTo(toLocalDOMWindow(toDOMWindow(accessingContext)), impl, BindingSecurity::ErrorReportOption::DoNotReport); |
| + {% endif %}{# if interface_name == 'Window' #} |
| +} |
| + |
| +void crossOriginNamedGetter(v8::Local<v8::Name> name, const v8::PropertyCallbackInfo<v8::Value>& info) |
| +{ |
| +{# TODO(dcheng): This needs to dispatch to methods / properties, not just the named getter. #} |
| +{% if named_property_getter and named_property_getter.is_cross_origin %} |
| + if (!name->IsString()) |
| + return; |
| + const AtomicString& propertyName = toCoreAtomicString(name.As<v8::String>()); |
| + |
| + // TODO(dcheng): Can we / should we use AtomicString here? That means using DEFINE_STATIC_LOCAL here. |
|
dcheng
2016/10/24 07:56:38
This is a easy change, but there's no precedent fo
|
| + static const struct AttributeInfo { |
| + const char* const m_name; |
| + using GetterCallback = void(*)(const v8::PropertyCallbackInfo<v8::Value>&); |
| + const GetterCallback m_getter; |
| + } kAttributeInfoList[] = { |
| + {% for attribute in attributes if attribute.should_be_exposed_to_script and attribute.is_cross_origin %} |
| + {##### TODO(dcheng): raise an exception somewhere? Don't allow world suffixes for CrossOrigin attributes #####} |
| + {% for world_suffix in attribute.world_suffixes %} |
|
dcheng
2016/10/24 07:56:38
There's a lot of different variations here. I thin
|
| + {##### TODO(dcheng): error out on attribute.has_custom_getter? Not needed. Or just support it? #####} |
| + {% if not attribute.constructor_type %} |
| + {"{{attribute.name}}", &{{cpp_class}}V8Internal::{{attribute.name}}AttributeGetter}, |
| + {% elif attribute.needs_constructor_getter_callback %} |
| + {##### TODO(dcheng): Raise an exception here too? #####} |
| + {{constructor_getter_callback(attribute, world_suffix)}} |
| + {% endif %} |
| + {% endfor %} |
| + {% endfor %} |
| + }; |
| + |
| + for (const auto& attribute: kAttributeInfoList) { |
| + if (propertyName == attribute.m_name) { |
| + attribute.m_getter(info); |
| + return; |
| + } |
| + } |
| + |
| + {% if named_property_getter.is_custom %} |
| + {{v8_class}}::namedPropertyGetterCustom(propertyName, info); |
| + {% else %} |
| + {{cpp_class}}V8Internal::namedPropertyGetter(propertyName, info); |
| + {% endif %} |
| +{% endif %} |
| +} |
| + |
| +void crossOriginNamedSetter(v8::Local<v8::Name> name, v8::Local<v8::Value> value, const v8::PropertyCallbackInfo<v8::Value>& info) |
| +{ |
| +{# TODO(dcheng): This needs to dispatch to methods / properties, not just the named setter. #} |
| +{% if named_property_setter and named_property_setter.is_cross_origin %} |
| + if (!name->IsString()) |
| + return; |
| + const AtomicString& propertyName = toCoreAtomicString(name.As<v8::String>()); |
| + |
| + {% if named_property_setter.is_custom %} |
| + {{v8_class}}::namedPropertySetterCustom(propertyName, v8Value, info); |
| + {% else %} |
| + {{cpp_class}}V8Internal::namedPropertySetter(propertyName, v8Value, info); |
| + {% endif %} |
| +{% endif %} |
| +} |
| + |
| +void crossOriginIndexedGetter(uint32_t index, const v8::PropertyCallbackInfo<v8::Value>& info) |
| +{ |
| +{% if indexed_property_getter and indexed_property_getter.is_cross_origin %} |
| + {% if indexed_property_getter.is_custom %} |
| + {{v8_class}}::indexedPropertyGetterCustom(index, info); |
| + {% else %} |
| + {{cpp_class}}V8Internal::indexedPropertyGetter(index, info); |
| + {% endif %} |
| +{% endif %} |
| +} |
| + |
| +{% endif %} |
| +{% endblock %} |
| +{##############################################################################} |
| } // namespace {{cpp_class_or_partial}}V8Internal |
| {% block visit_dom_wrapper %}{% endblock %} |
| @@ -316,7 +387,7 @@ static void install{{v8_class}}Template(v8::Isolate* isolate, const DOMWrapperWo |
| {% endfilter %} |
| {%- if has_access_check_callbacks and not is_partial %}{{newline}} |
| // Cross-origin access check |
| - instanceTemplate->SetAccessCheckCallback({{cpp_class}}V8Internal::securityCheck, v8::External::New(isolate, const_cast<WrapperTypeInfo*>(&{{v8_class}}::wrapperTypeInfo))); |
| + instanceTemplate->SetAccessCheckCallbackAndHandler({{cpp_class}}V8Internal::securityCheck, v8::NamedPropertyHandlerConfiguration({{cpp_class}}V8Internal::crossOriginNamedGetter, {{cpp_class}}V8Internal::crossOriginNamedSetter), v8::IndexedPropertyHandlerConfiguration({{cpp_class}}V8Internal::crossOriginIndexedGetter), v8::External::New(isolate, const_cast<WrapperTypeInfo*>(&{{v8_class}}::wrapperTypeInfo))); |
| {% endif %} |
| {%- for group in attributes | purely_runtime_enabled_attributes | groupby('runtime_feature_name') %}{{newline}} |
