Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(124)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: third_party/WebKit/Source/bindings/core/v8/BindingSecurity.cpp

Issue 2705783004: Throw security errors for attribute access on detached windows. (Closed)
Patch Set: Created 3 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« third_party/WebKit/LayoutTests/http/tests/security/detached-cross-frame-access.html ('K') | « third_party/WebKit/LayoutTests/http/tests/security/detached-cross-frame-access-expected.txt ('k') | third_party/WebKit/Source/bindings/core/v8/V8Initializer.cpp » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: third_party/WebKit/Source/bindings/core/v8/BindingSecurity.cpp
diff --git a/third_party/WebKit/Source/bindings/core/v8/BindingSecurity.cpp b/third_party/WebKit/Source/bindings/core/v8/BindingSecurity.cpp
index 516ef4dff5498d95b703de67ff7f23e7350fcaca..34ea4a8c9c93209ba95580505a6bad81add8ff39 100644
--- a/third_party/WebKit/Source/bindings/core/v8/BindingSecurity.cpp
+++ b/third_party/WebKit/Source/bindings/core/v8/BindingSecurity.cpp
@@ -254,21 +254,27 @@ bool BindingSecurity::shouldAllowNamedAccessTo(const DOMWindow* accessingWindow,
void BindingSecurity::failedAccessCheckFor(v8::Isolate* isolate,
const Frame* target) {
- // TODO(dcheng): See if this null check can be removed or hoisted to a
- // different location.
- if (!target)
- return;
-
- DOMWindow* targetWindow = target->domWindow();
-
// TODO(dcheng): Add ContextType, interface name, and property name as
// arguments, so the generated exception can be more descriptive.
ExceptionState exceptionState(isolate, ExceptionState::UnknownContext,
nullptr, nullptr);
+
+ LocalDOMWindow* callingWindow = currentDOMWindow(isolate);
haraken 2017/02/19 09:14:10 Nit: callingWindow => currentWindow (We removed t
dcheng 2017/02/19 09:19:46 Yeah, the reason I named it like this is for consi
+ if (!target) {
+ const SecurityOrigin* activeOrigin =
+ callingWindow->document()->getSecurityOrigin();
+ String message = "Blocked a frame with origin \"" +
+ activeOrigin->toString() +
+ "\" from accessing a detached cross-origin frame";
+ exceptionState.throwSecurityError(message, message);
+ return;
+ }
+
+ DOMWindow* targetWindow = target->domWindow();
+
exceptionState.throwSecurityError(
- targetWindow->sanitizedCrossDomainAccessErrorMessage(
- currentDOMWindow(isolate)),
- targetWindow->crossDomainAccessErrorMessage(currentDOMWindow(isolate)));
+ targetWindow->sanitizedCrossDomainAccessErrorMessage(callingWindow),
+ targetWindow->crossDomainAccessErrorMessage(callingWindow));
}
} // namespace blink
« third_party/WebKit/LayoutTests/http/tests/security/detached-cross-frame-access.html ('K') | « third_party/WebKit/LayoutTests/http/tests/security/detached-cross-frame-access-expected.txt ('k') | third_party/WebKit/Source/bindings/core/v8/V8Initializer.cpp » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698