third_party/WebKit/Source/core/frame/DOMWindowTimers.cpp - Issue 2713413002: Blink bindings: use v8 to enforce method call access checks

Unified Diff: third_party/WebKit/Source/core/frame/DOMWindowTimers.cpp

Issue 2713413002: Blink bindings: use v8 to enforce method call access checks (Closed)

Patch Set: . Created 3 years, 10 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

Index: third_party/WebKit/Source/core/frame/DOMWindowTimers.cpp

diff --git a/third_party/WebKit/Source/core/frame/DOMWindowTimers.cpp b/third_party/WebKit/Source/core/frame/DOMWindowTimers.cpp

index ba4232ef62ab4ba376ffb57b022cecbe8d6932a5..aeef8217f0134e24772c6491660eb6f7c1c6158c 100644

--- a/third_party/WebKit/Source/core/frame/DOMWindowTimers.cpp

+++ b/third_party/WebKit/Source/core/frame/DOMWindowTimers.cpp

@@ -49,6 +49,8 @@ static bool isAllowed(ScriptState* scriptState,

bool isEval) {

if (executionContext->isDocument()) {

Document* document = static_cast<Document*>(executionContext);

+ if (!document->frame())

+ return false;

dcheng 2017/02/27 05:34:19 This is now required, due to a subtle difference b

haraken 2017/02/27 05:49:25 Sounds reasonable to me.

if (isEval &&

!document->contentSecurityPolicy()->allowEval(

scriptState, ContentSecurityPolicy::SendReport,