| OLD | NEW |
|---|
| 1 /* | 1 /* |
| 2 * Copyright (C) 2009, 2011 Google Inc. All rights reserved. | 2 * Copyright (C) 2009, 2011 Google Inc. All rights reserved. |
| 3 * | 3 * |
| 4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
| 5 * modification, are permitted provided that the following conditions are | 5 * modification, are permitted provided that the following conditions are |
| 6 * met: | 6 * met: |
| 7 * | 7 * |
| 8 * * Redistributions of source code must retain the above copyright | 8 * * Redistributions of source code must retain the above copyright |
| 9 * notice, this list of conditions and the following disclaimer. | 9 * notice, this list of conditions and the following disclaimer. |
| 10 * * Redistributions in binary form must reproduce the above | 10 * * Redistributions in binary form must reproduce the above |
| (...skipping 141 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 152 ToV8(impl->frameElement(), v8::Local<v8::Object>::Cast(creation_context), | 152 ToV8(impl->frameElement(), v8::Local<v8::Object>::Cast(creation_context), |
| 153 info.GetIsolate()); | 153 info.GetIsolate()); |
| 154 V8SetReturnValue(info, wrapper); | 154 V8SetReturnValue(info, wrapper); |
| 155 } | 155 } |
| 156 | 156 |
| 157 void V8Window::openerAttributeSetterCustom( | 157 void V8Window::openerAttributeSetterCustom( |
| 158 v8::Local<v8::Value> value, | 158 v8::Local<v8::Value> value, |
| 159 const v8::PropertyCallbackInfo<void>& info) { | 159 const v8::PropertyCallbackInfo<void>& info) { |
| 160 v8::Isolate* isolate = info.GetIsolate(); | 160 v8::Isolate* isolate = info.GetIsolate(); |
| 161 DOMWindow* impl = V8Window::toImpl(info.Holder()); | 161 DOMWindow* impl = V8Window::toImpl(info.Holder()); |
| 162 // TODO(dcheng): Investigate removing this, since opener is not really a | 162 if (!impl->GetFrame()) |
| 163 // cross-origin property (so it shouldn't be accessible to begin with) | |
| 164 ExceptionState exception_state(isolate, ExceptionState::kSetterContext, | |
| 165 "Window", "opener"); | |
| 166 if (!BindingSecurity::ShouldAllowAccessTo(CurrentDOMWindow(info.GetIsolate()), | |
| 167 impl, exception_state)) { | |
| 168 return; | 163 return; |
| 169 } | |
| 170 | 164 |
| 171 // Opener can be shadowed if it is in the same domain. | 165 // Opener can be shadowed if it is in the same domain. |
| 172 // Have a special handling of null value to behave | 166 // Have a special handling of null value to behave |
| 173 // like Firefox. See bug http://b/1224887 & http://b/791706. | 167 // like Firefox. See bug http://b/1224887 & http://b/791706. |
| 174 if (value->IsNull()) { | 168 if (value->IsNull()) { |
| 175 // impl->frame() has to be a non-null LocalFrame. Otherwise, the | 169 // impl->frame() has to be a non-null LocalFrame. Otherwise, the |
| 176 // same-origin check would have failed. | 170 // same-origin check would have failed. |
| 177 DCHECK(impl->GetFrame()); | 171 DCHECK(impl->GetFrame()); |
| 178 ToLocalFrame(impl->GetFrame())->Loader().SetOpener(0); | 172 ToLocalFrame(impl->GetFrame())->Loader().SetOpener(0); |
| 179 } | 173 } |
| (...skipping 162 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 342 // window. Then, removes the following two lines. | 336 // window. Then, removes the following two lines. |
| 343 V8SetReturnValueFast(info, child->DomWindow(), window); | 337 V8SetReturnValueFast(info, child->DomWindow(), window); |
| 344 return; | 338 return; |
| 345 } | 339 } |
| 346 | 340 |
| 347 // This is a cross-origin interceptor. Check that the caller has access to the | 341 // This is a cross-origin interceptor. Check that the caller has access to the |
| 348 // named results. | 342 // named results. |
| 349 if (!BindingSecurity::ShouldAllowAccessTo( | 343 if (!BindingSecurity::ShouldAllowAccessTo( |
| 350 CurrentDOMWindow(info.GetIsolate()), window, | 344 CurrentDOMWindow(info.GetIsolate()), window, |
| 351 BindingSecurity::ErrorReportOption::kDoNotReport)) { | 345 BindingSecurity::ErrorReportOption::kDoNotReport)) { |
| 352 BindingSecurity::FailedAccessCheckFor(info.GetIsolate(), frame); | 346 BindingSecurity::FailedAccessCheckFor( |
| 347 info.GetIsolate(), window->GetWrapperTypeInfo(), info.Holder()); |
| 353 return; | 348 return; |
| 354 } | 349 } |
| 355 | 350 |
| 356 // Search named items in the document. | 351 // Search named items in the document. |
| 357 Document* doc = ToLocalFrame(frame)->GetDocument(); | 352 Document* doc = ToLocalFrame(frame)->GetDocument(); |
| 358 if (!doc || !doc->IsHTMLDocument()) | 353 if (!doc || !doc->IsHTMLDocument()) |
| 359 return; | 354 return; |
| 360 | 355 |
| 361 bool has_named_item = ToHTMLDocument(doc)->HasNamedItem(name); | 356 bool has_named_item = ToHTMLDocument(doc)->HasNamedItem(name); |
| 362 bool has_id_item = doc->HasElementWithId(name); | 357 bool has_id_item = doc->HasElementWithId(name); |
| (...skipping 18 matching lines...) Expand all Loading... |
| 381 if (items->HasExactlyOneItem()) { | 376 if (items->HasExactlyOneItem()) { |
| 382 V8SetReturnValueFast(info, items->item(0), window); | 377 V8SetReturnValueFast(info, items->item(0), window); |
| 383 return; | 378 return; |
| 384 } | 379 } |
| 385 V8SetReturnValueFast(info, items, window); | 380 V8SetReturnValueFast(info, items, window); |
| 386 return; | 381 return; |
| 387 } | 382 } |
| 388 } | 383 } |
| 389 | 384 |
| 390 } // namespace blink | 385 } // namespace blink |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2706923002:
Rework security checks to be based on Window rather than Frame. (Closed)
