| OLD | NEW |
|---|
| 1 /* | 1 /* |
| 2 * Copyright (C) 2008, 2009, 2011 Google Inc. All rights reserved. | 2 * Copyright (C) 2008, 2009, 2011 Google Inc. All rights reserved. |
| 3 * | 3 * |
| 4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
| 5 * modification, are permitted provided that the following conditions are | 5 * modification, are permitted provided that the following conditions are |
| 6 * met: | 6 * met: |
| 7 * | 7 * |
| 8 * * Redistributions of source code must retain the above copyright | 8 * * Redistributions of source code must retain the above copyright |
| 9 * notice, this list of conditions and the following disclaimer. | 9 * notice, this list of conditions and the following disclaimer. |
| 10 * * Redistributions in binary form must reproduce the above | 10 * * Redistributions in binary form must reproduce the above |
| (...skipping 453 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 464 // origins that should only allow access to themselves. In this | 464 // origins that should only allow access to themselves. In this |
| 465 // case, we use the global object as the security token to avoid | 465 // case, we use the global object as the security token to avoid |
| 466 // calling canAccess when a script accesses its own objects. | 466 // calling canAccess when a script accesses its own objects. |
| 467 v8::HandleScope handleScope(m_isolate); | 467 v8::HandleScope handleScope(m_isolate); |
| 468 v8::Local<v8::Context> context = m_scriptState->context(); | 468 v8::Local<v8::Context> context = m_scriptState->context(); |
| 469 if (token.isEmpty() || token == "null") { | 469 if (token.isEmpty() || token == "null") { |
| 470 context->UseDefaultSecurityToken(); | 470 context->UseDefaultSecurityToken(); |
| 471 return; | 471 return; |
| 472 } | 472 } |
| 473 | 473 |
| 474 if (m_world->isPrivateScriptIsolatedWorld()) { | 474 if (m_world->isIsolatedWorld()) { |
| 475 token = "private-script://" + token; | |
| 476 } else if (m_world->isIsolatedWorld()) { | |
| 477 SecurityOrigin* frameSecurityOrigin = | 475 SecurityOrigin* frameSecurityOrigin = |
| 478 m_frame->securityContext()->getSecurityOrigin(); | 476 m_frame->securityContext()->getSecurityOrigin(); |
| 479 String frameSecurityToken = frameSecurityOrigin->toString(); | 477 String frameSecurityToken = frameSecurityOrigin->toString(); |
| 480 // We need to check the return value of domainWasSetInDOM() on the | 478 // We need to check the return value of domainWasSetInDOM() on the |
| 481 // frame's SecurityOrigin because, if that's the case, only | 479 // frame's SecurityOrigin because, if that's the case, only |
| 482 // SecurityOrigin::m_domain would have been modified. | 480 // SecurityOrigin::m_domain would have been modified. |
| 483 // m_domain is not used by SecurityOrigin::toString(), so we would end | 481 // m_domain is not used by SecurityOrigin::toString(), so we would end |
| 484 // up generating the same token that was already set. | 482 // up generating the same token that was already set. |
| 485 if (frameSecurityOrigin->domainWasSetInDOM() || | 483 if (frameSecurityOrigin->domainWasSetInDOM() || |
| 486 frameSecurityToken.isEmpty() || frameSecurityToken == "null") { | 484 frameSecurityToken.isEmpty() || frameSecurityToken == "null") { |
| (...skipping 101 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 588 .ToChecked(); | 586 .ToChecked(); |
| 589 } | 587 } |
| 590 | 588 |
| 591 void WindowProxy::updateSecurityOrigin(SecurityOrigin* origin) { | 589 void WindowProxy::updateSecurityOrigin(SecurityOrigin* origin) { |
| 592 if (!isContextInitialized()) | 590 if (!isContextInitialized()) |
| 593 return; | 591 return; |
| 594 setSecurityToken(origin); | 592 setSecurityToken(origin); |
| 595 } | 593 } |
| 596 | 594 |
| 597 } // namespace blink | 595 } // namespace blink |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2571063002:
Remove Blink-in-JS (Closed)
