Chromium Code Reviews Chromium Code Reviews
Issue 2683583003:
Bindings: perform security check before downcasting to LocalDOMWindow. (Closed)
| OLD | NEW |
|---|---|
| 1 {% from 'utilities.cpp.tmpl' import declare_enum_validation_variable, v8_value_t o_local_cpp_value %} | 1 {% from 'utilities.cpp.tmpl' import declare_enum_validation_variable, v8_value_t o_local_cpp_value %} |
| 2 | 2 |
| 3 {##############################################################################} | 3 {##############################################################################} |
| 4 {% macro attribute_getter(attribute, world_suffix) %} | 4 {% macro attribute_getter(attribute, world_suffix) %} |
| 5 static void {{attribute.name}}AttributeGetter{{world_suffix}}( | 5 static void {{attribute.name}}AttributeGetter{{world_suffix}}( |
| 6 {%- if attribute.is_data_type_property %} | 6 {%- if attribute.is_data_type_property %} |
| 7 const v8::PropertyCallbackInfo<v8::Value>& info | 7 const v8::PropertyCallbackInfo<v8::Value>& info |
| 8 {%- else %} | 8 {%- else %} |
| 9 const v8::FunctionCallbackInfo<v8::Value>& info | 9 const v8::FunctionCallbackInfo<v8::Value>& info |
| 10 {%- endif %}) { | 10 {%- endif %}) { |
| (...skipping 25 matching lines...) Expand all Loading... | |
| 36 { | 36 { |
| 37 v8::Local<v8::Value> v8Value = privateSameObject.get(info.GetIsolate()->GetC urrentContext(), holder); | 37 v8::Local<v8::Value> v8Value = privateSameObject.get(info.GetIsolate()->GetC urrentContext(), holder); |
| 38 if (!v8Value.IsEmpty()) { | 38 if (!v8Value.IsEmpty()) { |
| 39 v8SetReturnValue(info, v8Value); | 39 v8SetReturnValue(info, v8Value); |
| 40 return; | 40 return; |
| 41 } | 41 } |
| 42 } | 42 } |
| 43 {% endif %} | 43 {% endif %} |
| 44 | 44 |
| 45 {% if not attribute.is_static %} | 45 {% if not attribute.is_static %} |
| 46 {% if interface_name == 'Window' and not attribute.has_cross_origin_getter %} | 46 {% set local_dom_window_only = interface_name == 'Window' and not attribute.ha s_cross_origin_getter %} |
| 47 {% if local_dom_window_only %} | |
| 48 {% if not attribute.is_check_security_for_receiver %} | |
|
haraken
2017/02/07 15:43:13
Can we avoid 'if not' - 'else'?
dcheng
2017/02/08 01:30:25
Done.
| |
| 47 // Same-origin attribute getters are never exposed via the cross-origin | 49 // Same-origin attribute getters are never exposed via the cross-origin |
| 48 // interceptors. Since same-origin access requires a LocalDOMWindow, it is | 50 // interceptors. Since same-origin access requires a LocalDOMWindow, it is |
| 49 // safe to downcast here. | 51 // safe to downcast here. |
| 50 LocalDOMWindow* impl = toLocalDOMWindow({{v8_class}}::toImpl(holder)); | 52 LocalDOMWindow* impl = toLocalDOMWindow({{v8_class}}::toImpl(holder)); |
| 51 {% else %} | 53 {% else %} |
| 54 {{cpp_class}}* uncheckedImpl = {{v8_class}}::toImpl(holder); | |
| 55 {% endif %}{# not attribute.is_check_security_for_receiver #} | |
| 56 {% else %} | |
| 52 {{cpp_class}}* impl = {{v8_class}}::toImpl(holder); | 57 {{cpp_class}}* impl = {{v8_class}}::toImpl(holder); |
| 53 {% endif %} | 58 {% endif %}{# local_dom_window_only #} |
| 54 {% endif %} | 59 {% endif %}{# not attribute.is_static #} |
| 55 | 60 |
| 56 {% if attribute.cached_attribute_validation_method %} | 61 {% if attribute.cached_attribute_validation_method %} |
| 57 // [CachedAttribute] | 62 // [CachedAttribute] |
| 58 v8::Local<v8::String> propertyName = v8AtomicString(info.GetIsolate(), "{{attr ibute.name}}"); | 63 v8::Local<v8::String> propertyName = v8AtomicString(info.GetIsolate(), "{{attr ibute.name}}"); |
| 59 if (!impl->{{attribute.cached_attribute_validation_method}}()) { | 64 if (!impl->{{attribute.cached_attribute_validation_method}}()) { |
| 60 v8::Local<v8::Value> v8Value = V8HiddenValue::getHiddenValue(ScriptState::fo rFunctionObject(info), holder, propertyName); | 65 v8::Local<v8::Value> v8Value = V8HiddenValue::getHiddenValue(ScriptState::fo rFunctionObject(info), holder, propertyName); |
| 61 if (!v8Value.IsEmpty() && !v8Value->IsUndefined()) { | 66 if (!v8Value.IsEmpty() && !v8Value->IsUndefined()) { |
| 62 v8SetReturnValue(info, v8Value); | 67 v8SetReturnValue(info, v8Value); |
| 63 return; | 68 return; |
| 64 } | 69 } |
| 65 } | 70 } |
| 66 {% endif %} | 71 {% endif %} |
| 67 | 72 |
| 68 {% if attribute.is_check_security_for_receiver and not attribute.is_data_type_ property %} | 73 {% if attribute.is_check_security_for_receiver and not attribute.is_data_type_ property %} |
| 69 // Perform a security check for the receiver object. | 74 // Perform a security check for the receiver object. |
| 70 {{define_exception_state}} | 75 {{define_exception_state}} |
| 76 {% if local_dom_window_only %} | |
| 77 if (!BindingSecurity::shouldAllowAccessTo(currentDOMWindow(info.GetIsolate()), uncheckedImpl, exceptionState)) { | |
| 78 {% else %} | |
| 71 if (!BindingSecurity::shouldAllowAccessTo(currentDOMWindow(info.GetIsolate()), impl, exceptionState)) { | 79 if (!BindingSecurity::shouldAllowAccessTo(currentDOMWindow(info.GetIsolate()), impl, exceptionState)) { |
| 80 {% endif %}{# local_dom_window_only #} | |
| 72 v8SetReturnValueNull(info); | 81 v8SetReturnValueNull(info); |
| 73 return; | 82 return; |
| 74 } | 83 } |
| 84 {% if local_dom_window_only %} | |
| 85 LocalDOMWindow* impl = toLocalDOMWindow(uncheckedImpl); | |
| 86 {% endif %}{# local_dom_window_only #} | |
| 75 {% endif %} | 87 {% endif %} |
| 76 | 88 |
| 77 {% if attribute.is_check_security_for_return_value %} | 89 {% if attribute.is_check_security_for_return_value %} |
| 78 // Perform a security check for the returned object. | 90 // Perform a security check for the returned object. |
| 79 {{define_exception_state}} | 91 {{define_exception_state}} |
| 80 if (!BindingSecurity::shouldAllowAccessTo(currentDOMWindow(info.GetIsolate()), {{attribute.cpp_value}}, exceptionState)) { | 92 if (!BindingSecurity::shouldAllowAccessTo(currentDOMWindow(info.GetIsolate()), {{attribute.cpp_value}}, exceptionState)) { |
| 81 v8SetReturnValueNull(info); | 93 v8SetReturnValueNull(info); |
| 82 return; | 94 return; |
| 83 } | 95 } |
| 84 {% endif %} | 96 {% endif %} |
| (...skipping 197 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 282 {% endif %} | 294 {% endif %} |
| 283 | 295 |
| 284 {% if not attribute.is_static and not attribute.is_replaceable %} | 296 {% if not attribute.is_static and not attribute.is_replaceable %} |
| 285 v8::Local<v8::Object> holder = info.Holder(); | 297 v8::Local<v8::Object> holder = info.Holder(); |
| 286 {% if attribute.is_put_forwards %} | 298 {% if attribute.is_put_forwards %} |
| 287 {{cpp_class}}* proxyImpl = {{v8_class}}::toImpl(holder); | 299 {{cpp_class}}* proxyImpl = {{v8_class}}::toImpl(holder); |
| 288 {{attribute.cpp_type}} impl = WTF::getPtr(proxyImpl->{{attribute.name}}()); | 300 {{attribute.cpp_type}} impl = WTF::getPtr(proxyImpl->{{attribute.name}}()); |
| 289 if (!impl) | 301 if (!impl) |
| 290 return; | 302 return; |
| 291 {% else %} | 303 {% else %} |
| 292 {% if interface_name == 'Window' and not attribute.has_cross_origin_setter %} | 304 {% set local_dom_window_only = interface_name == 'Window' and not attribute.ha s_cross_origin_setter %} |
| 293 // Same-origin attribute setters are never exposed via the cross-origin | 305 {% if local_dom_window_only %} |
| 306 {% if not attribute.is_check_security_for_receiver %} | |
| 307 // Same-origin attributes setters are never exposed via the cross-origin | |
| 294 // interceptors. Since same-origin access requires a LocalDOMWindow, it is | 308 // interceptors. Since same-origin access requires a LocalDOMWindow, it is |
| 295 // safe to downcast here. | 309 // safe to downcast here. |
| 296 LocalDOMWindow* impl = toLocalDOMWindow({{v8_class}}::toImpl(holder)); | 310 LocalDOMWindow* impl = toLocalDOMWindow({{v8_class}}::toImpl(holder)); |
| 297 {% else %} | 311 {% else %} |
| 312 {{cpp_class}}* uncheckedImpl = {{v8_class}}::toImpl(holder); | |
| 313 {% endif %}{# not attribute.is_check_security_for_receiver #} | |
| 314 {% else %} | |
| 298 {{cpp_class}}* impl = {{v8_class}}::toImpl(holder); | 315 {{cpp_class}}* impl = {{v8_class}}::toImpl(holder); |
| 299 {% endif %} | 316 {% endif %}{# local_dom_window_only #} |
| 300 {% endif %} | 317 {% endif %} |
| 301 {% endif %} | 318 {% endif %} |
| 302 | 319 |
| 303 {% if attribute.is_check_security_for_receiver and not attribute.is_data_type_ property %} | 320 {% if attribute.is_check_security_for_receiver and not attribute.is_data_type_ property %} |
| 304 // Perform a security check for the receiver object. | 321 // Perform a security check for the receiver object. |
| 305 {{define_exception_state}} | 322 {{define_exception_state}} |
| 323 {% if local_dom_window_only %} | |
| 324 if (!BindingSecurity::shouldAllowAccessTo(currentDOMWindow(info.GetIsolate()), uncheckedImpl, exceptionState)) { | |
| 325 {% else %} | |
| 306 if (!BindingSecurity::shouldAllowAccessTo(currentDOMWindow(info.GetIsolate()), impl, exceptionState)) { | 326 if (!BindingSecurity::shouldAllowAccessTo(currentDOMWindow(info.GetIsolate()), impl, exceptionState)) { |
| 327 {% endif %}{# local_dom_window_only #} | |
| 307 v8SetReturnValue(info, v8Value); | 328 v8SetReturnValue(info, v8Value); |
| 308 return; | 329 return; |
| 309 } | 330 } |
| 331 {% if local_dom_window_only %} | |
| 332 LocalDOMWindow* impl = toLocalDOMWindow(uncheckedImpl); | |
| 333 {% endif %}{# local_dom_window_only #} | |
| 310 {% endif %} | 334 {% endif %} |
| 311 | 335 |
| 312 {% if attribute.is_check_security_for_return_value %} | 336 {% if attribute.is_check_security_for_return_value %} |
| 313 #error Attribute setter with the security check for the return value is not supp orted. Since the return value is the given value to be set, it\'s meaningless t o perform the security check for the return value. | 337 #error Attribute setter with the security check for the return value is not supp orted. Since the return value is the given value to be set, it\'s meaningless t o perform the security check for the return value. |
| 314 {% endif %} | 338 {% endif %} |
| 315 | 339 |
| 316 {% if attribute.is_custom_element_callbacks or | 340 {% if attribute.is_custom_element_callbacks or |
| 317 (attribute.is_reflect and not (attribute.idl_type == 'DOMString' and is_ node)) %} | 341 (attribute.is_reflect and not (attribute.idl_type == 'DOMString' and is_ node)) %} |
| 318 // Skip on compact node DOMString getters. | 342 // Skip on compact node DOMString getters. |
| 319 V0CustomElementProcessingStack::CallbackDeliveryScope deliveryScope; | 343 V0CustomElementProcessingStack::CallbackDeliveryScope deliveryScope; |
| (...skipping 153 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 473 getter_callback_for_main_world, | 497 getter_callback_for_main_world, |
| 474 setter_callback_for_main_world, | 498 setter_callback_for_main_world, |
| 475 cached_accessor_callback, | 499 cached_accessor_callback, |
| 476 wrapper_type_info, | 500 wrapper_type_info, |
| 477 property_attribute, | 501 property_attribute, |
| 478 property_location(attribute), | 502 property_location(attribute), |
| 479 holder_check, | 503 holder_check, |
| 480 ] %} | 504 ] %} |
| 481 {{'{'}}{{attribute_configuration_list | join(', ')}}{{'}'}} | 505 {{'{'}}{{attribute_configuration_list | join(', ')}}{{'}'}} |
| 482 {%- endmacro %} | 506 {%- endmacro %} |
| OLD | NEW |
