| OLD | NEW |
|---|
| 1 /* | 1 /* |
| 2 * Copyright (C) 2009, 2011 Google Inc. All rights reserved. | 2 * Copyright (C) 2009, 2011 Google Inc. All rights reserved. |
| 3 * | 3 * |
| 4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
| 5 * modification, are permitted provided that the following conditions are | 5 * modification, are permitted provided that the following conditions are |
| 6 * met: | 6 * met: |
| 7 * | 7 * |
| 8 * * Redistributions of source code must retain the above copyright | 8 * * Redistributions of source code must retain the above copyright |
| 9 * notice, this list of conditions and the following disclaimer. | 9 * notice, this list of conditions and the following disclaimer. |
| 10 * * Redistributions in binary form must reproduce the above | 10 * * Redistributions in binary form must reproduce the above |
| (...skipping 178 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 189 ToV8(impl->frameElement(), v8::Local<v8::Object>::Cast(creationContext), | 189 ToV8(impl->frameElement(), v8::Local<v8::Object>::Cast(creationContext), |
| 190 info.GetIsolate()); | 190 info.GetIsolate()); |
| 191 v8SetReturnValue(info, wrapper); | 191 v8SetReturnValue(info, wrapper); |
| 192 } | 192 } |
| 193 | 193 |
| 194 void V8Window::openerAttributeSetterCustom( | 194 void V8Window::openerAttributeSetterCustom( |
| 195 v8::Local<v8::Value> value, | 195 v8::Local<v8::Value> value, |
| 196 const v8::PropertyCallbackInfo<void>& info) { | 196 const v8::PropertyCallbackInfo<void>& info) { |
| 197 v8::Isolate* isolate = info.GetIsolate(); | 197 v8::Isolate* isolate = info.GetIsolate(); |
| 198 DOMWindow* impl = V8Window::toImpl(info.Holder()); | 198 DOMWindow* impl = V8Window::toImpl(info.Holder()); |
| 199 // TODO(dcheng): Investigate removing this, since opener is not really a | 199 if (!impl->frame()) |
| 200 // cross-origin property (so it shouldn't be accessible to begin with) | |
| 201 ExceptionState exceptionState(isolate, ExceptionState::SetterContext, | |
| 202 "Window", "opener"); | |
| 203 if (!BindingSecurity::shouldAllowAccessTo(currentDOMWindow(info.GetIsolate()), | |
| 204 impl, exceptionState)) { | |
| 205 return; | 200 return; |
| 206 } | |
| 207 | 201 |
| 208 // Opener can be shadowed if it is in the same domain. | 202 // Opener can be shadowed if it is in the same domain. |
| 209 // Have a special handling of null value to behave | 203 // Have a special handling of null value to behave |
| 210 // like Firefox. See bug http://b/1224887 & http://b/791706. | 204 // like Firefox. See bug http://b/1224887 & http://b/791706. |
| 211 if (value->IsNull()) { | 205 if (value->IsNull()) { |
| 212 // impl->frame() has to be a non-null LocalFrame. Otherwise, the | 206 // impl->frame() has to be a non-null LocalFrame. Otherwise, the |
| 213 // same-origin check would have failed. | 207 // same-origin check would have failed. |
| 214 ASSERT(impl->frame()); | 208 ASSERT(impl->frame()); |
| 215 toLocalFrame(impl->frame())->loader().setOpener(0); | 209 toLocalFrame(impl->frame())->loader().setOpener(0); |
| 216 } | 210 } |
| (...skipping 136 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 353 v8SetReturnValueFast(info, child->domWindow(), window); | 347 v8SetReturnValueFast(info, child->domWindow(), window); |
| 354 return; | 348 return; |
| 355 } | 349 } |
| 356 } | 350 } |
| 357 | 351 |
| 358 // This is a cross-origin interceptor. Check that the caller has access to the | 352 // This is a cross-origin interceptor. Check that the caller has access to the |
| 359 // named results. | 353 // named results. |
| 360 if (!BindingSecurity::shouldAllowAccessTo( | 354 if (!BindingSecurity::shouldAllowAccessTo( |
| 361 currentDOMWindow(info.GetIsolate()), window, | 355 currentDOMWindow(info.GetIsolate()), window, |
| 362 BindingSecurity::ErrorReportOption::DoNotReport)) { | 356 BindingSecurity::ErrorReportOption::DoNotReport)) { |
| 363 BindingSecurity::failedAccessCheckFor(info.GetIsolate(), frame); | 357 BindingSecurity::failedAccessCheckFor( |
| 358 info.GetIsolate(), &V8Window::wrapperTypeInfo, info.Holder()); |
| 364 return; | 359 return; |
| 365 } | 360 } |
| 366 | 361 |
| 367 // Search named items in the document. | 362 // Search named items in the document. |
| 368 Document* doc = toLocalFrame(frame)->document(); | 363 Document* doc = toLocalFrame(frame)->document(); |
| 369 if (!doc || !doc->isHTMLDocument()) | 364 if (!doc || !doc->isHTMLDocument()) |
| 370 return; | 365 return; |
| 371 | 366 |
| 372 bool hasNamedItem = toHTMLDocument(doc)->hasNamedItem(name); | 367 bool hasNamedItem = toHTMLDocument(doc)->hasNamedItem(name); |
| 373 bool hasIdItem = doc->hasElementWithId(name); | 368 bool hasIdItem = doc->hasElementWithId(name); |
| (...skipping 18 matching lines...) Expand all Loading... |
| 392 if (items->hasExactlyOneItem()) { | 387 if (items->hasExactlyOneItem()) { |
| 393 v8SetReturnValueFast(info, items->item(0), window); | 388 v8SetReturnValueFast(info, items->item(0), window); |
| 394 return; | 389 return; |
| 395 } | 390 } |
| 396 v8SetReturnValueFast(info, items, window); | 391 v8SetReturnValueFast(info, items, window); |
| 397 return; | 392 return; |
| 398 } | 393 } |
| 399 } | 394 } |
| 400 | 395 |
| 401 } // namespace blink | 396 } // namespace blink |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2706923002:
Rework security checks to be based on Window rather than Frame. (Closed)
