Rework security checks to be based on Window rather than Frame.

third_party/WebKit/Source/bindings/core/v8/V8Initializer.cpp

 /*
  * Copyright (C) 2009 Google Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
  * 1. Redistributions of source code must retain the above copyright
  *    notice, this list of conditions and the following disclaimer.
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in the
@@ skipping 22 matching lines @@
 #include "bindings/core/v8/ScriptController.h"
 #include "bindings/core/v8/ScriptValue.h"
 #include "bindings/core/v8/SourceLocation.h"
 #include "bindings/core/v8/UseCounterCallback.h"
 #include "bindings/core/v8/V8BindingForCore.h"
 #include "bindings/core/v8/V8DOMException.h"
 #include "bindings/core/v8/V8ErrorEvent.h"
 #include "bindings/core/v8/V8ErrorHandler.h"
 #include "bindings/core/v8/V8GCController.h"
 #include "bindings/core/v8/V8IdleTaskRunner.h"
-#include "bindings/core/v8/V8Location.h"
-#include "bindings/core/v8/V8Window.h"
 #include "bindings/core/v8/WorkerOrWorkletScriptController.h"
 #include "core/dom/Document.h"
 #include "core/dom/ExecutionContext.h"
 #include "core/frame/LocalDOMWindow.h"
-#include "core/frame/LocalFrame.h"
 #include "core/frame/csp/ContentSecurityPolicy.h"
 #include "core/inspector/ConsoleMessage.h"
 #include "core/inspector/MainThreadDebugger.h"
 #include "core/workers/WorkerGlobalScope.h"
 #include "platform/EventDispatchForbiddenScope.h"
 #include "platform/RuntimeEnabledFeatures.h"
 #include "platform/bindings/DOMWrapperWorld.h"
 #include "platform/bindings/ScriptWrappableVisitor.h"
 #include "platform/bindings/V8PerContextData.h"
 #include "platform/bindings/V8PrivateProperty.h"
 #include "platform/instrumentation/tracing/TraceEvent.h"
 #include "platform/loader/fetch/AccessControlStatus.h"
 #include "platform/scheduler/child/web_scheduler.h"
 #include "platform/weborigin/SecurityViolationReportingPolicy.h"
 #include "platform/wtf/AddressSanitizer.h"
 #include "platform/wtf/Assertions.h"
 #include "platform/wtf/PtrUtil.h"
 #include "platform/wtf/RefPtr.h"
 #include "platform/wtf/text/WTFString.h"
 #include "platform/wtf/typed_arrays/ArrayBufferContents.h"
 #include "public/platform/Platform.h"
 #include "public/platform/WebThread.h"
 #include "v8/include/v8-debug.h"
 #include "v8/include/v8-profiler.h"
 
 namespace blink {
 
-static Frame* FindFrame(v8::Isolate* isolate,
-                        v8::Local<v8::Object> host,
-                        v8::Local<v8::Value> data) {
-  const WrapperTypeInfo* type = WrapperTypeInfo::Unwrap(data);
-
-  if (V8Window::wrapperTypeInfo.Equals(type)) {
-    v8::Local<v8::Object> window_wrapper =
-        V8Window::findInstanceInPrototypeChain(host, isolate);
-    if (window_wrapper.IsEmpty())
-      return 0;
-    return V8Window::toImpl(window_wrapper)->GetFrame();
-  }
-
-  if (V8Location::wrapperTypeInfo.Equals(type))
-    return V8Location::toImpl(host)->GetFrame();
-
-  // This function can handle only those types listed above.
-  NOTREACHED();
-  return 0;
-}
-
 static void ReportFatalErrorInMainThread(const char* location,
                                          const char* message) {
   int memory_usage_mb = Platform::Current()->ActualMemoryUsageMB();
   DVLOG(1) << "V8 error: " << message << " (" << location
            << ").  Current memory usage: " << memory_usage_mb << " MB";
   CRASH();
 }
 
 static void ReportOOMErrorInMainThread(const char* location, bool is_js_heap) {
   int memory_usage_mb = Platform::Current()->ActualMemoryUsageMB();
@@ skipping 194 matching lines @@
 
   DCHECK(execution_context->IsWorkerGlobalScope());
   WorkerOrWorkletScriptController* script_controller =
       ToWorkerGlobalScope(execution_context)->ScriptController();
   DCHECK(script_controller);
 
   PromiseRejectHandler(data, *script_controller->GetRejectedPromises(),
                        script_state);
 }
 
-static void FailedAccessCheckCallbackInMainThread(v8::Local<v8::Object> host,
+static void FailedAccessCheckCallbackInMainThread(v8::Local<v8::Object> holder,
                                                   v8::AccessType type,
                                                   v8::Local<v8::Value> data) {
-  v8::Isolate* isolate = v8::Isolate::GetCurrent();
-  Frame* target = FindFrame(isolate, host, data);
   // FIXME: We should modify V8 to pass in more contextual information (context,
   // property, and object).
-  BindingSecurity::FailedAccessCheckFor(isolate, target);
+  BindingSecurity::FailedAccessCheckFor(v8::Isolate::GetCurrent(),
+                                        WrapperTypeInfo::Unwrap(data), holder);
 }
 
 static bool CodeGenerationCheckCallbackInMainThread(
     v8::Local<v8::Context> context) {
   if (ExecutionContext* execution_context = ToExecutionContext(context)) {
     if (ContentSecurityPolicy* policy =
             ToDocument(execution_context)->GetContentSecurityPolicy())
       return policy->AllowEval(ScriptState::From(context),
                                SecurityViolationReportingPolicy::kReport,
                                ContentSecurityPolicy::kWillThrowException);
@@ skipping 253 matching lines @@
           v8::Isolate::kMessageLog);
   isolate->SetFatalErrorHandler(ReportFatalErrorInWorker);
 
   uint32_t here;
   isolate->SetStackLimit(reinterpret_cast<uintptr_t>(&here) -
                          kWorkerMaxStackSize);
   isolate->SetPromiseRejectCallback(PromiseRejectHandlerInWorker);
 }
 
 }  // namespace blink