Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(182)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: third_party/WebKit/Source/bindings/templates/attributes.cpp.tmpl

Issue 2683583003: Bindings: perform security check before downcasting to LocalDOMWindow. (Closed)
Patch Set: Created 3 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « no previous file | third_party/WebKit/Source/bindings/templates/methods.cpp.tmpl » ('j') | third_party/WebKit/Source/bindings/templates/methods.cpp.tmpl » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: third_party/WebKit/Source/bindings/templates/attributes.cpp.tmpl
diff --git a/third_party/WebKit/Source/bindings/templates/attributes.cpp.tmpl b/third_party/WebKit/Source/bindings/templates/attributes.cpp.tmpl
index 8859c99a18ff1fd75d57130a632231878dab7a15..b6d99ab2aa65c3af4ab8396b13db434eee1472cf 100644
--- a/third_party/WebKit/Source/bindings/templates/attributes.cpp.tmpl
+++ b/third_party/WebKit/Source/bindings/templates/attributes.cpp.tmpl
@@ -43,15 +43,20 @@ const v8::FunctionCallbackInfo<v8::Value>& info
{% endif %}
{% if not attribute.is_static %}
- {% if interface_name == 'Window' and not attribute.has_cross_origin_getter %}
+ {% set local_dom_window_only = interface_name == 'Window' and not attribute.has_cross_origin_getter %}
+ {% if local_dom_window_only %}
+ {% if not attribute.is_check_security_for_receiver %}
haraken 2017/02/07 15:43:13 Can we avoid 'if not' - 'else'?
dcheng 2017/02/08 01:30:25 Done.
// Same-origin attribute getters are never exposed via the cross-origin
// interceptors. Since same-origin access requires a LocalDOMWindow, it is
// safe to downcast here.
LocalDOMWindow* impl = toLocalDOMWindow({{v8_class}}::toImpl(holder));
{% else %}
+ {{cpp_class}}* uncheckedImpl = {{v8_class}}::toImpl(holder);
+ {% endif %}{# not attribute.is_check_security_for_receiver #}
+ {% else %}
{{cpp_class}}* impl = {{v8_class}}::toImpl(holder);
- {% endif %}
- {% endif %}
+ {% endif %}{# local_dom_window_only #}
+ {% endif %}{# not attribute.is_static #}
{% if attribute.cached_attribute_validation_method %}
// [CachedAttribute]
@@ -68,10 +73,17 @@ const v8::FunctionCallbackInfo<v8::Value>& info
{% if attribute.is_check_security_for_receiver and not attribute.is_data_type_property %}
// Perform a security check for the receiver object.
{{define_exception_state}}
+ {% if local_dom_window_only %}
+ if (!BindingSecurity::shouldAllowAccessTo(currentDOMWindow(info.GetIsolate()), uncheckedImpl, exceptionState)) {
+ {% else %}
if (!BindingSecurity::shouldAllowAccessTo(currentDOMWindow(info.GetIsolate()), impl, exceptionState)) {
+ {% endif %}{# local_dom_window_only #}
v8SetReturnValueNull(info);
return;
}
+ {% if local_dom_window_only %}
+ LocalDOMWindow* impl = toLocalDOMWindow(uncheckedImpl);
+ {% endif %}{# local_dom_window_only #}
{% endif %}
{% if attribute.is_check_security_for_return_value %}
@@ -289,24 +301,36 @@ v8::Local<v8::Value> v8Value, const v8::FunctionCallbackInfo<v8::Value>& info
if (!impl)
return;
{% else %}
- {% if interface_name == 'Window' and not attribute.has_cross_origin_setter %}
- // Same-origin attribute setters are never exposed via the cross-origin
+ {% set local_dom_window_only = interface_name == 'Window' and not attribute.has_cross_origin_setter %}
+ {% if local_dom_window_only %}
+ {% if not attribute.is_check_security_for_receiver %}
+ // Same-origin attributes setters are never exposed via the cross-origin
// interceptors. Since same-origin access requires a LocalDOMWindow, it is
// safe to downcast here.
LocalDOMWindow* impl = toLocalDOMWindow({{v8_class}}::toImpl(holder));
{% else %}
+ {{cpp_class}}* uncheckedImpl = {{v8_class}}::toImpl(holder);
+ {% endif %}{# not attribute.is_check_security_for_receiver #}
+ {% else %}
{{cpp_class}}* impl = {{v8_class}}::toImpl(holder);
- {% endif %}
+ {% endif %}{# local_dom_window_only #}
{% endif %}
{% endif %}
{% if attribute.is_check_security_for_receiver and not attribute.is_data_type_property %}
// Perform a security check for the receiver object.
{{define_exception_state}}
+ {% if local_dom_window_only %}
+ if (!BindingSecurity::shouldAllowAccessTo(currentDOMWindow(info.GetIsolate()), uncheckedImpl, exceptionState)) {
+ {% else %}
if (!BindingSecurity::shouldAllowAccessTo(currentDOMWindow(info.GetIsolate()), impl, exceptionState)) {
+ {% endif %}{# local_dom_window_only #}
v8SetReturnValue(info, v8Value);
return;
}
+ {% if local_dom_window_only %}
+ LocalDOMWindow* impl = toLocalDOMWindow(uncheckedImpl);
+ {% endif %}{# local_dom_window_only #}
{% endif %}
{% if attribute.is_check_security_for_return_value %}
« no previous file with comments | « no previous file | third_party/WebKit/Source/bindings/templates/methods.cpp.tmpl » ('j') | third_party/WebKit/Source/bindings/templates/methods.cpp.tmpl » ('J')

Powered by Google App Engine
This is Rietveld 408576698