| OLD | NEW |
|---|
| 1 {% from 'utilities.cpp.tmpl' import declare_enum_validation_variable, v8_value_t
o_local_cpp_value %} | 1 {% from 'utilities.cpp.tmpl' import declare_enum_validation_variable, v8_value_t
o_local_cpp_value %} |
| 2 | 2 |
| 3 {##############################################################################} | 3 {##############################################################################} |
| 4 {% macro generate_method(method, world_suffix) %} | 4 {% macro generate_method(method, world_suffix) %} |
| 5 static void {{method.name}}{{method.overload_index}}Method{{world_suffix}}(const
v8::FunctionCallbackInfo<v8::Value>& info) { | 5 static void {{method.name}}{{method.overload_index}}Method{{world_suffix}}(const
v8::FunctionCallbackInfo<v8::Value>& info) { |
| 6 {% filter format_remove_duplicates([ | 6 {% filter format_remove_duplicates([ |
| 7 'ExceptionState exceptionState', | 7 'ExceptionState exceptionState', |
| 8 'ScriptState* scriptState = ']) %} | 8 'ScriptState* scriptState = ']) %} |
| 9 {% set define_exception_state -%} | 9 {% set define_exception_state -%} |
| 10 ExceptionState exceptionState(info.GetIsolate(), ExceptionState::ExecutionCont
ext, "{{interface_name}}", "{{method.name}}"); | 10 ExceptionState exceptionState(info.GetIsolate(), ExceptionState::ExecutionCont
ext, "{{interface_name}}", "{{method.name}}"); |
| (...skipping 11 matching lines...) Expand all Loading... |
| 22 | 22 |
| 23 {% if not method.is_static %} | 23 {% if not method.is_static %} |
| 24 {% if method.returns_promise %} | 24 {% if method.returns_promise %} |
| 25 // V8DOMConfiguration::DoNotCheckHolder | 25 // V8DOMConfiguration::DoNotCheckHolder |
| 26 // Make sure that info.Holder() really points to an instance of the type. | 26 // Make sure that info.Holder() really points to an instance of the type. |
| 27 if (!{{v8_class}}::hasInstance(info.Holder(), info.GetIsolate())) { | 27 if (!{{v8_class}}::hasInstance(info.Holder(), info.GetIsolate())) { |
| 28 {{throw_type_error(method, '"Illegal invocation"')}} | 28 {{throw_type_error(method, '"Illegal invocation"')}} |
| 29 return; | 29 return; |
| 30 } | 30 } |
| 31 {% endif %} | 31 {% endif %} |
| 32 {% if interface_name == 'Window' and not method.is_cross_origin %} | 32 {% set local_dom_window_only = interface_name == 'Window' and not method.is_cr
oss_origin %} |
| 33 {% if local_dom_window_only %} |
| 34 {% if method.is_check_security_for_receiver %} |
| 35 {{cpp_class}}* uncheckedImpl = {{v8_class}}::toImpl(info.Holder()); |
| 36 {% else %} |
| 33 // Same-origin methods are never exposed via the cross-origin interceptors. | 37 // Same-origin methods are never exposed via the cross-origin interceptors. |
| 34 // Since same-origin access requires a LocalDOMWindow, it is safe to downcast | 38 // Since same-origin access requires a LocalDOMWindow, it is safe to downcast |
| 35 // here. | 39 // here. |
| 36 LocalDOMWindow* impl = toLocalDOMWindow({{v8_class}}::toImpl(info.Holder())); | 40 LocalDOMWindow* impl = toLocalDOMWindow({{v8_class}}::toImpl(info.Holder())); |
| 41 {% endif %}{# method.is_check_security_for_receiver #} |
| 37 {% else %} | 42 {% else %} |
| 38 {{cpp_class}}* impl = {{v8_class}}::toImpl(info.Holder()); | 43 {{cpp_class}}* impl = {{v8_class}}::toImpl(info.Holder()); |
| 39 {% endif %} | 44 {% endif %}{# local_dom_window_only #} |
| 40 {% endif %} | 45 {% endif %}{# not method.is_static #} |
| 41 | 46 |
| 42 {# Security checks #} | 47 {# Security checks #} |
| 43 {% if method.is_check_security_for_receiver %} | 48 {% if method.is_check_security_for_receiver %} |
| 44 {{define_exception_state}} | 49 {{define_exception_state}} |
| 45 {% if interface_name == 'EventTarget' %} | 50 {% if interface_name == 'EventTarget' %} |
| 46 // Performance hack for EventTarget. Checking whether it's a Window or not | 51 // Performance hack for EventTarget. Checking whether it's a Window or not |
| 47 // prior to the call to BindingSecurity::shouldAllowAccessTo increases 30% | 52 // prior to the call to BindingSecurity::shouldAllowAccessTo increases 30% |
| 48 // of speed performance on Android Nexus 7 as of Dec 2015. ALWAYS_INLINE | 53 // of speed performance on Android Nexus 7 as of Dec 2015. ALWAYS_INLINE |
| 49 // didn't work in this case. | 54 // didn't work in this case. |
| 50 if (const DOMWindow* window = impl->toDOMWindow()) { | 55 if (const DOMWindow* window = impl->toDOMWindow()) { |
| 51 if (!BindingSecurity::shouldAllowAccessTo(currentDOMWindow(info.GetIsolate()
), window, exceptionState)) { | 56 if (!BindingSecurity::shouldAllowAccessTo(currentDOMWindow(info.GetIsolate()
), window, exceptionState)) { |
| 52 return; | 57 return; |
| 53 } | 58 } |
| 54 } | 59 } |
| 55 {% else %}{# interface_name == 'EventTarget' #} | 60 {% else %}{# interface_name == 'EventTarget' #} |
| 61 {% if local_dom_window_only %} |
| 62 if (!BindingSecurity::shouldAllowAccessTo(currentDOMWindow(info.GetIsolate()),
uncheckedImpl, exceptionState)) { |
| 63 {% else %} |
| 56 if (!BindingSecurity::shouldAllowAccessTo(currentDOMWindow(info.GetIsolate()),
impl, exceptionState)) { | 64 if (!BindingSecurity::shouldAllowAccessTo(currentDOMWindow(info.GetIsolate()),
impl, exceptionState)) { |
| 65 {% endif %}{# local_dom_window_only #} |
| 57 return; | 66 return; |
| 58 } | 67 } |
| 68 {% if local_dom_window_only %} |
| 69 LocalDOMWindow* impl = toLocalDOMWindow(uncheckedImpl); |
| 70 {% endif %}{# local_dom_window_only #} |
| 59 {% endif %}{# interface_name == 'EventTarget' #} | 71 {% endif %}{# interface_name == 'EventTarget' #} |
| 60 {% endif %} | 72 {% endif %}{# method.is_check_security_for_receiver #} |
| 61 {% if method.is_check_security_for_return_value %} | 73 {% if method.is_check_security_for_return_value %} |
| 62 {{define_exception_state}} | 74 {{define_exception_state}} |
| 63 if (!BindingSecurity::shouldAllowAccessTo(currentDOMWindow(info.GetIsolate()),
{{method.cpp_value}}, exceptionState)) { | 75 if (!BindingSecurity::shouldAllowAccessTo(currentDOMWindow(info.GetIsolate()),
{{method.cpp_value}}, exceptionState)) { |
| 64 v8SetReturnValueNull(info); | 76 v8SetReturnValueNull(info); |
| 65 return; | 77 return; |
| 66 } | 78 } |
| 67 {% endif %} | 79 {% endif %} |
| 68 | 80 |
| 69 {% if 'scriptState' in function_call %} | 81 {% if 'scriptState' in function_call %} |
| 70 {% if method.is_static %} | 82 {% if method.is_static %} |
| (...skipping 575 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 646 if method.overloads else | 658 if method.overloads else |
| 647 method.runtime_enabled_feature_name) %} | 659 method.runtime_enabled_feature_name) %} |
| 648 const V8DOMConfiguration::MethodConfiguration {{method.name}}MethodConfiguration
= {{method_configuration(method)}}; | 660 const V8DOMConfiguration::MethodConfiguration {{method.name}}MethodConfiguration
= {{method_configuration(method)}}; |
| 649 V8DOMConfiguration::installMethod(isolate, world, v8::Local<v8::Object>(), proto
typeObject, interfaceObject, signature, {{method.name}}MethodConfiguration); | 661 V8DOMConfiguration::installMethod(isolate, world, v8::Local<v8::Object>(), proto
typeObject, interfaceObject, signature, {{method.name}}MethodConfiguration); |
| 650 {% endfilter %}{# runtime_enabled() #} | 662 {% endfilter %}{# runtime_enabled() #} |
| 651 {% endfilter %}{# exposed() #} | 663 {% endfilter %}{# exposed() #} |
| 652 {% endfilter %}{# secure_context() #} | 664 {% endfilter %}{# secure_context() #} |
| 653 {% endfor %} | 665 {% endfor %} |
| 654 {% endif %} | 666 {% endif %} |
| 655 {%- endmacro %} | 667 {%- endmacro %} |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2683583003:
Bindings: perform security check before downcasting to LocalDOMWindow. (Closed)
