Chromium Code Reviews Chromium Code Reviews
Issue 2706923002:
Rework security checks to be based on Window rather than Frame. (Closed)
| OLD | NEW |
|---|---|
| 1 /* | 1 /* |
| 2 * Copyright (C) 2009 Google Inc. All rights reserved. | 2 * Copyright (C) 2009 Google Inc. All rights reserved. |
| 3 * | 3 * |
| 4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
| 5 * modification, are permitted provided that the following conditions are | 5 * modification, are permitted provided that the following conditions are |
| 6 * met: | 6 * met: |
| 7 * | 7 * |
| 8 * * Redistributions of source code must retain the above copyright | 8 * * Redistributions of source code must retain the above copyright |
| 9 * notice, this list of conditions and the following disclaimer. | 9 * notice, this list of conditions and the following disclaimer. |
| 10 * * Redistributions in binary form must reproduce the above | 10 * * Redistributions in binary form must reproduce the above |
| (...skipping 20 matching lines...) Expand all Loading... | |
| 31 #ifndef BindingSecurity_h | 31 #ifndef BindingSecurity_h |
| 32 #define BindingSecurity_h | 32 #define BindingSecurity_h |
| 33 | 33 |
| 34 #include "core/CoreExport.h" | 34 #include "core/CoreExport.h" |
| 35 #include "v8/include/v8.h" | 35 #include "v8/include/v8.h" |
| 36 #include "wtf/Allocator.h" | 36 #include "wtf/Allocator.h" |
| 37 | 37 |
| 38 namespace blink { | 38 namespace blink { |
| 39 | 39 |
| 40 class DOMWindow; | 40 class DOMWindow; |
| 41 class EventTarget; | |
| 42 class ExceptionState; | 41 class ExceptionState; |
| 43 class Frame; | 42 class Frame; |
| 44 class LocalDOMWindow; | 43 class LocalDOMWindow; |
| 45 class Location; | 44 class Location; |
| 46 class Node; | 45 class Node; |
| 46 struct WrapperTypeInfo; | |
| 47 | 47 |
| 48 class CORE_EXPORT BindingSecurity { | 48 class CORE_EXPORT BindingSecurity { |
| 49 STATIC_ONLY(BindingSecurity); | 49 STATIC_ONLY(BindingSecurity); |
| 50 | 50 |
| 51 public: | 51 public: |
| 52 enum class ErrorReportOption { | 52 enum class ErrorReportOption { |
| 53 DoNotReport, | 53 DoNotReport, |
| 54 Report, | 54 Report, |
| 55 }; | 55 }; |
| 56 | 56 |
| 57 // Check if the caller (|accessingWindow|) is allowed to access the JS | 57 // Check if the caller (|accessingWindow|) is allowed to access the JS |
| 58 // receiver object (|target|), where the receiver object is the JS object | 58 // receiver object (|target|), where the receiver object is the JS object |
| 59 // for which the DOM attribute or DOM operation is being invoked (in the | 59 // for which the DOM attribute or DOM operation is being invoked (in the |
| 60 // form of receiver.domAttr or receiver.domOp()). | 60 // form of receiver.domAttr or receiver.domOp()). |
| 61 // Note that only Window and Location objects are cross-origin accessible | 61 // Note that only Window and Location objects are cross-origin accessible, so |
| 62 // and that EventTarget interface is the parent interface of Window | 62 // the receiver object must be of type DOMWindow or Location. |
| 63 // interface. So the receiver object must be of type DOMWindow, | |
| 64 // EventTarget, or Location. | |
| 65 // | 63 // |
| 66 // DOMWindow | 64 // DOMWindow |
| 67 static bool shouldAllowAccessTo(const LocalDOMWindow* accessingWindow, | 65 static bool shouldAllowAccessTo(const LocalDOMWindow* accessingWindow, |
| 68 const DOMWindow* target, | 66 const DOMWindow* target, |
| 69 ExceptionState&); | 67 ExceptionState&); |
| 70 static bool shouldAllowAccessTo(const LocalDOMWindow* accessingWindow, | 68 static bool shouldAllowAccessTo(const LocalDOMWindow* accessingWindow, |
| 71 const DOMWindow* target, | 69 const DOMWindow* target, |
| 72 ErrorReportOption); | 70 ErrorReportOption); |
| 73 // EventTarget (as the parent of DOMWindow) | 71 |
| 74 static bool shouldAllowAccessTo( | |
| 75 const LocalDOMWindow* accessingWindow, | |
| 76 const EventTarget* target, | |
| 77 ExceptionState&); // NOLINT(readability/parameter_name) | |
| 78 // Location | 72 // Location |
| 79 static bool shouldAllowAccessTo(const LocalDOMWindow* accessingWindow, | 73 static bool shouldAllowAccessTo(const LocalDOMWindow* accessingWindow, |
| 80 const Location* target, | 74 const Location* target, |
| 81 ExceptionState&); | 75 ExceptionState&); |
| 82 static bool shouldAllowAccessTo(const LocalDOMWindow* accessingWindow, | 76 static bool shouldAllowAccessTo(const LocalDOMWindow* accessingWindow, |
| 83 const Location* target, | 77 const Location* target, |
| 84 ErrorReportOption); | 78 ErrorReportOption); |
| 85 | 79 |
| 86 // Check if the caller (|accessingWindow|) is allowed to access the JS | 80 // Check if the caller (|accessingWindow|) is allowed to access the JS |
| 87 // returned object (|target|), where the returned object is the JS object | 81 // returned object (|target|), where the returned object is the JS object |
| (...skipping 15 matching lines...) Expand all Loading... | |
| 103 | 97 |
| 104 // These overloads should be used only when checking a general access from | 98 // These overloads should be used only when checking a general access from |
| 105 // one context to another context. For access to a receiver object or | 99 // one context to another context. For access to a receiver object or |
| 106 // returned object, you should use the above overloads. | 100 // returned object, you should use the above overloads. |
| 107 static bool shouldAllowAccessToFrame(const LocalDOMWindow* accessingWindow, | 101 static bool shouldAllowAccessToFrame(const LocalDOMWindow* accessingWindow, |
| 108 const Frame* target, | 102 const Frame* target, |
| 109 ExceptionState&); | 103 ExceptionState&); |
| 110 static bool shouldAllowAccessToFrame(const LocalDOMWindow* accessingWindow, | 104 static bool shouldAllowAccessToFrame(const LocalDOMWindow* accessingWindow, |
| 111 const Frame* target, | 105 const Frame* target, |
| 112 ErrorReportOption); | 106 ErrorReportOption); |
| 113 // This overload must be used only for detached windows. | |
| 114 static bool shouldAllowAccessToDetachedWindow( | |
| 115 const LocalDOMWindow* accessingWindow, | |
| 116 const DOMWindow* target, | |
| 117 ExceptionState&); | |
| 118 | 107 |
| 119 static void failedAccessCheckFor(v8::Isolate*, const Frame* target); | 108 static void failedAccessCheckFor(v8::Isolate*, |
| 109 const WrapperTypeInfo*, | |
| 110 v8::Local<v8::Object> host); | |
|
haraken
2017/03/07 08:53:57
host => holder
dcheng
2017/03/07 09:06:46
Done.
| |
| 120 | 111 |
| 121 private: | 112 private: |
| 122 // Returns true if |accessingWindow| is allowed named access to |targetWindow| | 113 // Returns true if |accessingWindow| is allowed named access to |targetWindow| |
| 123 // because they're the same origin. Note that named access should be allowed | 114 // because they're the same origin. Note that named access should be allowed |
| 124 // even if they're cross origin as long as the browsing context name matches | 115 // even if they're cross origin as long as the browsing context name matches |
| 125 // the browsing context container's name. | 116 // the browsing context container's name. |
| 126 // | 117 // |
| 127 // Unlike shouldAllowAccessTo, this function returns true even when | 118 // Unlike shouldAllowAccessTo, this function returns true even when |
| 128 // |accessingWindow| or |targetWindow| is a RemoteDOMWindow, but remember that | 119 // |accessingWindow| or |targetWindow| is a RemoteDOMWindow, but remember that |
| 129 // only limited operations are allowed on a RemoteDOMWindow. | 120 // only limited operations are allowed on a RemoteDOMWindow. |
| 130 // | 121 // |
| 131 // This function should be only used from V8Window::namedPropertyGetterCustom. | 122 // This function should be only used from V8Window::namedPropertyGetterCustom. |
| 132 friend class V8Window; | 123 friend class V8Window; |
| 133 static bool shouldAllowNamedAccessTo(const DOMWindow* accessingWindow, | 124 static bool shouldAllowNamedAccessTo(const DOMWindow* accessingWindow, |
| 134 const DOMWindow* targetWindow); | 125 const DOMWindow* targetWindow); |
| 135 }; | 126 }; |
| 136 | 127 |
| 137 } // namespace blink | 128 } // namespace blink |
| 138 | 129 |
| 139 #endif // BindingSecurity_h | 130 #endif // BindingSecurity_h |
| OLD | NEW |
