Chromium Code Reviews Chromium Code Reviews
Issue 2705783004:
Throw security errors for attribute access on detached windows. (Closed)
| OLD | NEW |
|---|---|
| 1 /* | 1 /* |
| 2 * Copyright (C) 2009 Google Inc. All rights reserved. | 2 * Copyright (C) 2009 Google Inc. All rights reserved. |
| 3 * | 3 * |
| 4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
| 5 * modification, are permitted provided that the following conditions are | 5 * modification, are permitted provided that the following conditions are |
| 6 * met: | 6 * met: |
| 7 * | 7 * |
| 8 * * Redistributions of source code must retain the above copyright | 8 * * Redistributions of source code must retain the above copyright |
| 9 * notice, this list of conditions and the following disclaimer. | 9 * notice, this list of conditions and the following disclaimer. |
| 10 * * Redistributions in binary form must reproduce the above | 10 * * Redistributions in binary form must reproduce the above |
| (...skipping 236 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 247 // Note that there is no need to call back | 247 // Note that there is no need to call back |
| 248 // FrameLoader::didAccessInitialDocument() because |targetWindow| must be | 248 // FrameLoader::didAccessInitialDocument() because |targetWindow| must be |
| 249 // a child window inside iframe or frame and it doesn't have a URL bar, | 249 // a child window inside iframe or frame and it doesn't have a URL bar, |
| 250 // so there is no need to worry about URL spoofing. | 250 // so there is no need to worry about URL spoofing. |
| 251 | 251 |
| 252 return true; | 252 return true; |
| 253 } | 253 } |
| 254 | 254 |
| 255 void BindingSecurity::failedAccessCheckFor(v8::Isolate* isolate, | 255 void BindingSecurity::failedAccessCheckFor(v8::Isolate* isolate, |
| 256 const Frame* target) { | 256 const Frame* target) { |
| 257 // TODO(dcheng): See if this null check can be removed or hoisted to a | |
| 258 // different location. | |
| 259 if (!target) | |
| 260 return; | |
| 261 | |
| 262 DOMWindow* targetWindow = target->domWindow(); | |
| 263 | |
| 264 // TODO(dcheng): Add ContextType, interface name, and property name as | 257 // TODO(dcheng): Add ContextType, interface name, and property name as |
| 265 // arguments, so the generated exception can be more descriptive. | 258 // arguments, so the generated exception can be more descriptive. |
| 266 ExceptionState exceptionState(isolate, ExceptionState::UnknownContext, | 259 ExceptionState exceptionState(isolate, ExceptionState::UnknownContext, |
| 267 nullptr, nullptr); | 260 nullptr, nullptr); |
| 261 | |
| 262 LocalDOMWindow* callingWindow = currentDOMWindow(isolate); | |
|
haraken
2017/02/19 09:14:10
Nit: callingWindow => currentWindow
(We removed t
dcheng
2017/02/19 09:19:46
Yeah, the reason I named it like this is for consi
| |
| 263 if (!target) { | |
| 264 const SecurityOrigin* activeOrigin = | |
| 265 callingWindow->document()->getSecurityOrigin(); | |
| 266 String message = "Blocked a frame with origin \"" + | |
| 267 activeOrigin->toString() + | |
| 268 "\" from accessing a detached cross-origin frame"; | |
| 269 exceptionState.throwSecurityError(message, message); | |
| 270 return; | |
| 271 } | |
| 272 | |
| 273 DOMWindow* targetWindow = target->domWindow(); | |
| 274 | |
| 268 exceptionState.throwSecurityError( | 275 exceptionState.throwSecurityError( |
| 269 targetWindow->sanitizedCrossDomainAccessErrorMessage( | 276 targetWindow->sanitizedCrossDomainAccessErrorMessage(callingWindow), |
| 270 currentDOMWindow(isolate)), | 277 targetWindow->crossDomainAccessErrorMessage(callingWindow)); |
| 271 targetWindow->crossDomainAccessErrorMessage(currentDOMWindow(isolate))); | |
| 272 } | 278 } |
| 273 | 279 |
| 274 } // namespace blink | 280 } // namespace blink |
| OLD | NEW |
