Index: third_party/WebKit/Source/bindings/core/v8/V8EventListener.cpp |
diff --git a/third_party/WebKit/Source/bindings/core/v8/V8EventListener.cpp b/third_party/WebKit/Source/bindings/core/v8/V8EventListener.cpp |
index c5abb09462df0bec23651cd59469a6adfb875328..938face7ae0bde35868b21952aa8850791af9c01 100644 |
--- a/third_party/WebKit/Source/bindings/core/v8/V8EventListener.cpp |
+++ b/third_party/WebKit/Source/bindings/core/v8/V8EventListener.cpp |
@@ -30,6 +30,7 @@ |
#include "bindings/core/v8/V8EventListener.h" |
+#include "bindings/core/v8/BindingSecurity.h" |
#include "bindings/core/v8/ScriptController.h" |
#include "bindings/core/v8/V8Binding.h" |
#include "core/dom/Document.h" |
@@ -100,20 +101,27 @@ v8::Local<v8::Value> V8EventListener::callListenerFunction( |
if (!frame) |
return v8::Local<v8::Value>(); |
- // TODO(jochen): Consider moving this check into canExecuteScripts. |
- // http://crbug.com/608641 |
- if (scriptState->world().isMainWorld() && |
- !scriptState->getExecutionContext()->canExecuteScripts( |
- AboutToExecuteScript)) |
- return v8::Local<v8::Value>(); |
+ if (scriptState->world().isMainWorld()) { |
+ // TODO(jochen): Consider moving this check into canExecuteScripts. |
+ // http://crbug.com/608641 |
+ if (!scriptState->getExecutionContext()->canExecuteScripts( |
+ AboutToExecuteScript)) { |
+ return v8::Local<v8::Value>(); |
+ } |
+ |
+ CHECK(BindingSecurity::shouldAllowAccessToFrame( |
+ toDOMWindow(handlerFunction->CreationContext())->toLocalDOMWindow(), |
+ frame, BindingSecurity::ErrorReportOption::DoNotReport)); |
haraken
2017/02/20 10:01:55
Another idea would be to move the CHECK into V8Scr
|
+ } |
v8::Local<v8::Value> parameters[1] = {jsEvent}; |
v8::Local<v8::Value> result; |
if (!V8ScriptRunner::callFunction(handlerFunction, frame->document(), |
receiver, WTF_ARRAY_LENGTH(parameters), |
parameters, scriptState->isolate()) |
- .ToLocal(&result)) |
+ .ToLocal(&result)) { |
return v8::Local<v8::Value>(); |
+ } |
return result; |
} |