third_party/WebKit/Source/bindings/core/v8/BindingSecurity.h - Issue 2706923002: Rework security checks to be based on Window rather than Frame.

Unified Diff: third_party/WebKit/Source/bindings/core/v8/BindingSecurity.h

Issue 2706923002: Rework security checks to be based on Window rather than Frame. (Closed)

Patch Set: Address review comments. Created 3 years, 9 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

« no previous file with comments | « third_party/WebKit/LayoutTests/platform/linux/fast/dom/Window/property-access-on-cached-window-after-frame-navigated-expected.txt ('k') | third_party/WebKit/Source/bindings/core/v8/BindingSecurity.cpp » ('j') | third_party/WebKit/Source/bindings/core/v8/BindingSecurity.cpp » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

Index: third_party/WebKit/Source/bindings/core/v8/BindingSecurity.h

diff --git a/third_party/WebKit/Source/bindings/core/v8/BindingSecurity.h b/third_party/WebKit/Source/bindings/core/v8/BindingSecurity.h

index 7d0c469a3bc98c838457785348369ec622ba7635..dafcd656283b5108de6f0652097401b88444b3d8 100644

--- a/third_party/WebKit/Source/bindings/core/v8/BindingSecurity.h

+++ b/third_party/WebKit/Source/bindings/core/v8/BindingSecurity.h

@@ -38,12 +38,12 @@

namespace blink {

class DOMWindow;

-class EventTarget;

class ExceptionState;

class Frame;

class LocalDOMWindow;

class Location;

class Node;

+struct WrapperTypeInfo;

class CORE_EXPORT BindingSecurity {

STATIC_ONLY(BindingSecurity);

@@ -58,10 +58,8 @@ class CORE_EXPORT BindingSecurity {

// receiver object (|target|), where the receiver object is the JS object

// for which the DOM attribute or DOM operation is being invoked (in the

// form of receiver.domAttr or receiver.domOp()).

- // Note that only Window and Location objects are cross-origin accessible

- // and that EventTarget interface is the parent interface of Window

- // interface. So the receiver object must be of type DOMWindow,

- // EventTarget, or Location.

+ // Note that only Window and Location objects are cross-origin accessible, so

+ // the receiver object must be of type DOMWindow or Location.

// DOMWindow

static bool shouldAllowAccessTo(const LocalDOMWindow* accessingWindow,

@@ -70,11 +68,7 @@ class CORE_EXPORT BindingSecurity {

static bool shouldAllowAccessTo(const LocalDOMWindow* accessingWindow,

const DOMWindow* target,

ErrorReportOption);

- // EventTarget (as the parent of DOMWindow)

- static bool shouldAllowAccessTo(

- const LocalDOMWindow* accessingWindow,

- const EventTarget* target,

- ExceptionState&); // NOLINT(readability/parameter_name)

// Location

static bool shouldAllowAccessTo(const LocalDOMWindow* accessingWindow,

const Location* target,

@@ -110,13 +104,10 @@ class CORE_EXPORT BindingSecurity {

static bool shouldAllowAccessToFrame(const LocalDOMWindow* accessingWindow,

const Frame* target,

ErrorReportOption);

- // This overload must be used only for detached windows.

- static bool shouldAllowAccessToDetachedWindow(

- const LocalDOMWindow* accessingWindow,

- const DOMWindow* target,

- ExceptionState&);

- static void failedAccessCheckFor(v8::Isolate*, const Frame* target);

+ static void failedAccessCheckFor(v8::Isolate*,

+ const WrapperTypeInfo*,

+ v8::Local<v8::Object> host);

haraken 2017/03/07 08:53:57 host => holder

dcheng 2017/03/07 09:06:46 Done.

private:

// Returns true if |accessingWindow| is allowed named access to |targetWindow|