Chromium Code Reviews Chromium Code Reviews
Issue 2706923002:
Rework security checks to be based on Window rather than Frame. (Closed)
| Index: third_party/WebKit/Source/bindings/core/v8/BindingSecurity.h |
| diff --git a/third_party/WebKit/Source/bindings/core/v8/BindingSecurity.h b/third_party/WebKit/Source/bindings/core/v8/BindingSecurity.h |
| index 7d0c469a3bc98c838457785348369ec622ba7635..c4475d054494c7b716737b9293b507b765c0c7b8 100644 |
| --- a/third_party/WebKit/Source/bindings/core/v8/BindingSecurity.h |
| +++ b/third_party/WebKit/Source/bindings/core/v8/BindingSecurity.h |
| @@ -44,6 +44,7 @@ class Frame; |
| class LocalDOMWindow; |
| class Location; |
| class Node; |
| +struct WrapperTypeInfo; |
| class CORE_EXPORT BindingSecurity { |
| STATIC_ONLY(BindingSecurity); |
| @@ -105,18 +106,15 @@ class CORE_EXPORT BindingSecurity { |
| // one context to another context. For access to a receiver object or |
| // returned object, you should use the above overloads. |
| static bool shouldAllowAccessToFrame(const LocalDOMWindow* accessingWindow, |
| - const Frame* target, |
| + const Frame& target, |
| ExceptionState&); |
| static bool shouldAllowAccessToFrame(const LocalDOMWindow* accessingWindow, |
| - const Frame* target, |
| + const Frame& target, |
| ErrorReportOption); |
| - // This overload must be used only for detached windows. |
| - static bool shouldAllowAccessToDetachedWindow( |
| - const LocalDOMWindow* accessingWindow, |
| - const DOMWindow* target, |
| - ExceptionState&); |
| - static void failedAccessCheckFor(v8::Isolate*, const Frame* target); |
| + static void failedAccessCheckFor(v8::Isolate*, |
| + const WrapperTypeInfo*, |
| + v8::Local<v8::Object> host); |
|
dcheng
2017/03/06 06:59:47
These additional parameters are so we can lookup t
|
| private: |
| // Returns true if |accessingWindow| is allowed named access to |targetWindow| |
