OLD | NEW |
1 /* | 1 /* |
2 * Copyright (C) 2009 Google Inc. All rights reserved. | 2 * Copyright (C) 2009 Google Inc. All rights reserved. |
3 * | 3 * |
4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
5 * modification, are permitted provided that the following conditions are | 5 * modification, are permitted provided that the following conditions are |
6 * met: | 6 * met: |
7 * | 7 * |
8 * * Redistributions of source code must retain the above copyright | 8 * * Redistributions of source code must retain the above copyright |
9 * notice, this list of conditions and the following disclaimer. | 9 * notice, this list of conditions and the following disclaimer. |
10 * * Redistributions in binary form must reproduce the above | 10 * * Redistributions in binary form must reproduce the above |
(...skipping 20 matching lines...) Expand all Loading... |
31 #ifndef BindingSecurity_h | 31 #ifndef BindingSecurity_h |
32 #define BindingSecurity_h | 32 #define BindingSecurity_h |
33 | 33 |
34 #include "core/CoreExport.h" | 34 #include "core/CoreExport.h" |
35 #include "platform/wtf/Allocator.h" | 35 #include "platform/wtf/Allocator.h" |
36 #include "v8/include/v8.h" | 36 #include "v8/include/v8.h" |
37 | 37 |
38 namespace blink { | 38 namespace blink { |
39 | 39 |
40 class DOMWindow; | 40 class DOMWindow; |
41 class EventTarget; | |
42 class ExceptionState; | 41 class ExceptionState; |
43 class Frame; | 42 class Frame; |
44 class LocalDOMWindow; | 43 class LocalDOMWindow; |
45 class Location; | 44 class Location; |
46 class Node; | 45 class Node; |
47 struct WrapperTypeInfo; | 46 struct WrapperTypeInfo; |
48 | 47 |
49 class CORE_EXPORT BindingSecurity { | 48 class CORE_EXPORT BindingSecurity { |
50 STATIC_ONLY(BindingSecurity); | 49 STATIC_ONLY(BindingSecurity); |
51 | 50 |
52 public: | 51 public: |
53 enum class ErrorReportOption { | 52 enum class ErrorReportOption { |
54 kDoNotReport, | 53 kDoNotReport, |
55 kReport, | 54 kReport, |
56 }; | 55 }; |
57 | 56 |
58 // Check if the caller (|accessingWindow|) is allowed to access the JS | 57 // Check if the caller (|accessingWindow|) is allowed to access the JS |
59 // receiver object (|target|), where the receiver object is the JS object | 58 // receiver object (|target|), where the receiver object is the JS object |
60 // for which the DOM attribute or DOM operation is being invoked (in the | 59 // for which the DOM attribute or DOM operation is being invoked (in the |
61 // form of receiver.domAttr or receiver.domOp()). | 60 // form of receiver.domAttr or receiver.domOp()). |
62 // Note that only Window and Location objects are cross-origin accessible | 61 // Note that only Window and Location objects are cross-origin accessible, so |
63 // and that EventTarget interface is the parent interface of Window | 62 // the receiver object must be of type DOMWindow or Location. |
64 // interface. So the receiver object must be of type DOMWindow, | |
65 // EventTarget, or Location. | |
66 // | 63 // |
67 // DOMWindow | 64 // DOMWindow |
68 static bool ShouldAllowAccessTo(const LocalDOMWindow* accessing_window, | 65 static bool ShouldAllowAccessTo(const LocalDOMWindow* accessing_window, |
69 const DOMWindow* target, | 66 const DOMWindow* target, |
70 ExceptionState&); | 67 ExceptionState&); |
71 static bool ShouldAllowAccessTo(const LocalDOMWindow* accessing_window, | 68 static bool ShouldAllowAccessTo(const LocalDOMWindow* accessing_window, |
72 const DOMWindow* target, | 69 const DOMWindow* target, |
73 ErrorReportOption); | 70 ErrorReportOption); |
74 // EventTarget (as the parent of DOMWindow) | 71 |
75 static bool ShouldAllowAccessTo( | |
76 const LocalDOMWindow* accessing_window, | |
77 const EventTarget* target, | |
78 ExceptionState&); // NOLINT(readability/parameter_name) | |
79 // Location | 72 // Location |
80 static bool ShouldAllowAccessTo(const LocalDOMWindow* accessing_window, | 73 static bool ShouldAllowAccessTo(const LocalDOMWindow* accessing_window, |
81 const Location* target, | 74 const Location* target, |
82 ExceptionState&); | 75 ExceptionState&); |
83 static bool ShouldAllowAccessTo(const LocalDOMWindow* accessing_window, | 76 static bool ShouldAllowAccessTo(const LocalDOMWindow* accessing_window, |
84 const Location* target, | 77 const Location* target, |
85 ErrorReportOption); | 78 ErrorReportOption); |
86 | 79 |
87 // Check if the caller (|accessingWindow|) is allowed to access the JS | 80 // Check if the caller (|accessingWindow|) is allowed to access the JS |
88 // returned object (|target|), where the returned object is the JS object | 81 // returned object (|target|), where the returned object is the JS object |
(...skipping 15 matching lines...) Expand all Loading... |
104 | 97 |
105 // These overloads should be used only when checking a general access from | 98 // These overloads should be used only when checking a general access from |
106 // one context to another context. For access to a receiver object or | 99 // one context to another context. For access to a receiver object or |
107 // returned object, you should use the above overloads. | 100 // returned object, you should use the above overloads. |
108 static bool ShouldAllowAccessToFrame(const LocalDOMWindow* accessing_window, | 101 static bool ShouldAllowAccessToFrame(const LocalDOMWindow* accessing_window, |
109 const Frame* target, | 102 const Frame* target, |
110 ExceptionState&); | 103 ExceptionState&); |
111 static bool ShouldAllowAccessToFrame(const LocalDOMWindow* accessing_window, | 104 static bool ShouldAllowAccessToFrame(const LocalDOMWindow* accessing_window, |
112 const Frame* target, | 105 const Frame* target, |
113 ErrorReportOption); | 106 ErrorReportOption); |
114 // This overload must be used only for detached windows. | |
115 static bool ShouldAllowAccessToDetachedWindow( | |
116 const LocalDOMWindow* accessing_window, | |
117 const DOMWindow* target, | |
118 ExceptionState&); | |
119 | 107 |
120 static void FailedAccessCheckFor(v8::Isolate*, const Frame* target); | 108 static void FailedAccessCheckFor(v8::Isolate*, |
| 109 const WrapperTypeInfo*, |
| 110 v8::Local<v8::Object> holder); |
121 | 111 |
122 // The following two functions were written to be called by | 112 // The following two functions were written to be called by |
123 // V8WrapperInstantiationScope before entering and after exiting an object's | 113 // V8WrapperInstantiationScope before entering and after exiting an object's |
124 // creation context during wrapper creation. | 114 // creation context during wrapper creation. |
125 | 115 |
126 // Returns true if the current context has access to creationContext, and | 116 // Returns true if the current context has access to creationContext, and |
127 // throws a SecurityError if it doesn't have access. | 117 // throws a SecurityError if it doesn't have access. |
128 static bool ShouldAllowAccessToCreationContext( | 118 static bool ShouldAllowAccessToCreationContext( |
129 v8::Local<v8::Context> creation_context, | 119 v8::Local<v8::Context> creation_context, |
130 const WrapperTypeInfo*); | 120 const WrapperTypeInfo*); |
(...skipping 17 matching lines...) Expand all Loading... |
148 // | 138 // |
149 // This function should be only used from V8Window::namedPropertyGetterCustom. | 139 // This function should be only used from V8Window::namedPropertyGetterCustom. |
150 friend class V8Window; | 140 friend class V8Window; |
151 static bool ShouldAllowNamedAccessTo(const DOMWindow* accessing_window, | 141 static bool ShouldAllowNamedAccessTo(const DOMWindow* accessing_window, |
152 const DOMWindow* target_window); | 142 const DOMWindow* target_window); |
153 }; | 143 }; |
154 | 144 |
155 } // namespace blink | 145 } // namespace blink |
156 | 146 |
157 #endif // BindingSecurity_h | 147 #endif // BindingSecurity_h |
OLD | NEW |