| OLD | NEW |
|---|
| 1 /* | 1 /* |
| 2 * Copyright (C) 2010 Google Inc. All rights reserved. | 2 * Copyright (C) 2010 Google Inc. All rights reserved. |
| 3 * | 3 * |
| 4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
| 5 * modification, are permitted provided that the following conditions are | 5 * modification, are permitted provided that the following conditions are |
| 6 * met: | 6 * met: |
| 7 * | 7 * |
| 8 * * Redistributions of source code must retain the above copyright | 8 * * Redistributions of source code must retain the above copyright |
| 9 * notice, this list of conditions and the following disclaimer. | 9 * notice, this list of conditions and the following disclaimer. |
| 10 * * Redistributions in binary form must reproduce the above | 10 * * Redistributions in binary form must reproduce the above |
| (...skipping 8800 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 8811 remoteFrame->setReplicatedOrigin(SecurityOrigin::createUnique()); | 8811 remoteFrame->setReplicatedOrigin(SecurityOrigin::createUnique()); |
| 8812 | 8812 |
| 8813 // Invoking setTimeout should throw a security error. | 8813 // Invoking setTimeout should throw a security error. |
| 8814 { | 8814 { |
| 8815 v8::Local<v8::Value> exception = mainFrame()->executeScriptAndReturnValue( | 8815 v8::Local<v8::Value> exception = mainFrame()->executeScriptAndReturnValue( |
| 8816 WebScriptSource("try {\n" | 8816 WebScriptSource("try {\n" |
| 8817 " savedSetTimeout.call(window[0], () => {}, 0);\n" | 8817 " savedSetTimeout.call(window[0], () => {}, 0);\n" |
| 8818 "} catch (e) { e; }")); | 8818 "} catch (e) { e; }")); |
| 8819 ASSERT_TRUE(!exception.IsEmpty()); | 8819 ASSERT_TRUE(!exception.IsEmpty()); |
| 8820 EXPECT_EQ( | 8820 EXPECT_EQ( |
| 8821 "SecurityError: Failed to execute 'setTimeout' on 'Window': Blocked a " | 8821 "SecurityError: Blocked a frame with origin \"http://internal.test\" " |
| 8822 "frame with origin \"http://internal.test\" from accessing a " | 8822 "from accessing a cross-origin frame.", |
| 8823 "cross-origin frame.", | |
| 8824 toCoreString(exception | 8823 toCoreString(exception |
| 8825 ->ToString(ScriptState::forMainWorld( | 8824 ->ToString(ScriptState::forMainWorld( |
| 8826 webView()->mainFrameImpl()->frame()) | 8825 webView()->mainFrameImpl()->frame()) |
| 8827 ->context()) | 8826 ->context()) |
| 8828 .ToLocalChecked())); | 8827 .ToLocalChecked())); |
| 8829 } | 8828 } |
| 8830 | 8829 |
| 8831 reset(); | 8830 reset(); |
| 8832 } | 8831 } |
| 8833 | 8832 |
| (...skipping 2529 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 11363 FrameTestHelpers::WebViewHelper openerHelper; | 11362 FrameTestHelpers::WebViewHelper openerHelper; |
| 11364 openerHelper.initialize(false, nullptr, &openerWebViewClient); | 11363 openerHelper.initialize(false, nullptr, &openerWebViewClient); |
| 11365 FrameTestHelpers::WebViewHelper helper; | 11364 FrameTestHelpers::WebViewHelper helper; |
| 11366 helper.initializeWithOpener(openerHelper.webView()->mainFrame()); | 11365 helper.initializeWithOpener(openerHelper.webView()->mainFrame()); |
| 11367 | 11366 |
| 11368 openerHelper.reset(); | 11367 openerHelper.reset(); |
| 11369 EXPECT_EQ(nullptr, helper.webView()->mainFrameImpl()->opener()); | 11368 EXPECT_EQ(nullptr, helper.webView()->mainFrameImpl()->opener()); |
| 11370 } | 11369 } |
| 11371 | 11370 |
| 11372 } // namespace blink | 11371 } // namespace blink |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2713413002:
Blink bindings: use v8 to enforce method call access checks (Closed)
