Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1)

Unified Diff: third_party/WebKit/Source/bindings/core/v8/V8EventListener.cpp

Issue 2706813002: CHECK correct context usage in V8ScriptRunner::callFunction (Closed)
Patch Set: Created 3 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
Index: third_party/WebKit/Source/bindings/core/v8/V8EventListener.cpp
diff --git a/third_party/WebKit/Source/bindings/core/v8/V8EventListener.cpp b/third_party/WebKit/Source/bindings/core/v8/V8EventListener.cpp
index c5abb09462df0bec23651cd59469a6adfb875328..938face7ae0bde35868b21952aa8850791af9c01 100644
--- a/third_party/WebKit/Source/bindings/core/v8/V8EventListener.cpp
+++ b/third_party/WebKit/Source/bindings/core/v8/V8EventListener.cpp
@@ -30,6 +30,7 @@
#include "bindings/core/v8/V8EventListener.h"
+#include "bindings/core/v8/BindingSecurity.h"
#include "bindings/core/v8/ScriptController.h"
#include "bindings/core/v8/V8Binding.h"
#include "core/dom/Document.h"
@@ -100,20 +101,27 @@ v8::Local<v8::Value> V8EventListener::callListenerFunction(
if (!frame)
return v8::Local<v8::Value>();
- // TODO(jochen): Consider moving this check into canExecuteScripts.
- // http://crbug.com/608641
- if (scriptState->world().isMainWorld() &&
- !scriptState->getExecutionContext()->canExecuteScripts(
- AboutToExecuteScript))
- return v8::Local<v8::Value>();
+ if (scriptState->world().isMainWorld()) {
+ // TODO(jochen): Consider moving this check into canExecuteScripts.
+ // http://crbug.com/608641
+ if (!scriptState->getExecutionContext()->canExecuteScripts(
+ AboutToExecuteScript)) {
+ return v8::Local<v8::Value>();
+ }
+
+ CHECK(BindingSecurity::shouldAllowAccessToFrame(
+ toDOMWindow(handlerFunction->CreationContext())->toLocalDOMWindow(),
+ frame, BindingSecurity::ErrorReportOption::DoNotReport));
haraken 2017/02/20 10:01:55 Another idea would be to move the CHECK into V8Scr
+ }
v8::Local<v8::Value> parameters[1] = {jsEvent};
v8::Local<v8::Value> result;
if (!V8ScriptRunner::callFunction(handlerFunction, frame->document(),
receiver, WTF_ARRAY_LENGTH(parameters),
parameters, scriptState->isolate())
- .ToLocal(&result))
+ .ToLocal(&result)) {
return v8::Local<v8::Value>();
+ }
return result;
}

Powered by Google App Engine
This is Rietveld 408576698