Rework security checks to be based on Window rather than Frame.

third_party/WebKit/Source/bindings/core/v8/BindingSecurity.h

 /*
  * Copyright (C) 2009 Google Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions are
  * met:
  *
  *     * Redistributions of source code must retain the above copyright
  * notice, this list of conditions and the following disclaimer.
  *     * Redistributions in binary form must reproduce the above
@@ skipping 26 matching lines @@
 
 namespace blink {
 
 class DOMWindow;
 class EventTarget;
 class ExceptionState;
 class Frame;
 class LocalDOMWindow;
 class Location;
 class Node;
+struct WrapperTypeInfo;
 
 class CORE_EXPORT BindingSecurity {
   STATIC_ONLY(BindingSecurity);
 
  public:
   enum class ErrorReportOption {
     DoNotReport,
     Report,
   };
 
@@ skipping 41 matching lines @@
                                   const Node* target,
                                   ExceptionState&);
   static bool shouldAllowAccessTo(const LocalDOMWindow* accessingWindow,
                                   const Node* target,
                                   ErrorReportOption);
 
   // These overloads should be used only when checking a general access from
   // one context to another context.  For access to a receiver object or
   // returned object, you should use the above overloads.
   static bool shouldAllowAccessToFrame(const LocalDOMWindow* accessingWindow,
-                                       const Frame* target,
+                                       const Frame& target,
                                        ExceptionState&);
   static bool shouldAllowAccessToFrame(const LocalDOMWindow* accessingWindow,
-                                       const Frame* target,
+                                       const Frame& target,
                                        ErrorReportOption);
-  // This overload must be used only for detached windows.
-  static bool shouldAllowAccessToDetachedWindow(
-      const LocalDOMWindow* accessingWindow,
-      const DOMWindow* target,
-      ExceptionState&);
 
-  static void failedAccessCheckFor(v8::Isolate*, const Frame* target);
+  static void failedAccessCheckFor(v8::Isolate*,
+                                   const WrapperTypeInfo*,
+                                   v8::Local<v8::Object> host);

[dcheng, 2017/03/06 06:59:47]

These additional parameters are so we can lookup the corresponding DOM
implementation, whether it's from v8's access check failed callback, or manual
invocations elsewhere in bindings code.

 
  private:
   // Returns true if |accessingWindow| is allowed named access to |targetWindow|
   // because they're the same origin.  Note that named access should be allowed
   // even if they're cross origin as long as the browsing context name matches
   // the browsing context container's name.
   //
   // Unlike shouldAllowAccessTo, this function returns true even when
   // |accessingWindow| or |targetWindow| is a RemoteDOMWindow, but remember that
   // only limited operations are allowed on a RemoteDOMWindow.
   //
   // This function should be only used from V8Window::namedPropertyGetterCustom.
   friend class V8Window;
   static bool shouldAllowNamedAccessTo(const DOMWindow* accessingWindow,
                                        const DOMWindow* targetWindow);
 };
 
 }  // namespace blink
 
 #endif  // BindingSecurity_h