| OLD | NEW |
|---|
| 1 /* | 1 /* |
| 2 * Copyright (C) 2009 Google Inc. All rights reserved. | 2 * Copyright (C) 2009 Google Inc. All rights reserved. |
| 3 * | 3 * |
| 4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
| 5 * modification, are permitted provided that the following conditions are | 5 * modification, are permitted provided that the following conditions are |
| 6 * met: | 6 * met: |
| 7 * | 7 * |
| 8 * * Redistributions of source code must retain the above copyright | 8 * * Redistributions of source code must retain the above copyright |
| 9 * notice, this list of conditions and the following disclaimer. | 9 * notice, this list of conditions and the following disclaimer. |
| 10 * * Redistributions in binary form must reproduce the above | 10 * * Redistributions in binary form must reproduce the above |
| (...skipping 26 matching lines...) Expand all Loading... |
| 37 | 37 |
| 38 namespace blink { | 38 namespace blink { |
| 39 | 39 |
| 40 class DOMWindow; | 40 class DOMWindow; |
| 41 class EventTarget; | 41 class EventTarget; |
| 42 class ExceptionState; | 42 class ExceptionState; |
| 43 class Frame; | 43 class Frame; |
| 44 class LocalDOMWindow; | 44 class LocalDOMWindow; |
| 45 class Location; | 45 class Location; |
| 46 class Node; | 46 class Node; |
| 47 struct WrapperTypeInfo; |
| 47 | 48 |
| 48 class CORE_EXPORT BindingSecurity { | 49 class CORE_EXPORT BindingSecurity { |
| 49 STATIC_ONLY(BindingSecurity); | 50 STATIC_ONLY(BindingSecurity); |
| 50 | 51 |
| 51 public: | 52 public: |
| 52 enum class ErrorReportOption { | 53 enum class ErrorReportOption { |
| 53 DoNotReport, | 54 DoNotReport, |
| 54 Report, | 55 Report, |
| 55 }; | 56 }; |
| 56 | 57 |
| (...skipping 54 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 111 const Frame* target, | 112 const Frame* target, |
| 112 ErrorReportOption); | 113 ErrorReportOption); |
| 113 // This overload must be used only for detached windows. | 114 // This overload must be used only for detached windows. |
| 114 static bool shouldAllowAccessToDetachedWindow( | 115 static bool shouldAllowAccessToDetachedWindow( |
| 115 const LocalDOMWindow* accessingWindow, | 116 const LocalDOMWindow* accessingWindow, |
| 116 const DOMWindow* target, | 117 const DOMWindow* target, |
| 117 ExceptionState&); | 118 ExceptionState&); |
| 118 | 119 |
| 119 static void failedAccessCheckFor(v8::Isolate*, const Frame* target); | 120 static void failedAccessCheckFor(v8::Isolate*, const Frame* target); |
| 120 | 121 |
| 122 // Checks if the current context has access to creationContext, and throws a |
| 123 // SecurityError if it doesn't have access. If it does have access, any |
| 124 // previously caught cross context exception (which was thrown in the creation |
| 125 // context) is rethrown in the current context. |
| 126 static void wrapperCreationSecurityCheck( |
| 127 v8::Isolate*, |
| 128 v8::Local<v8::Context> creationContext, |
| 129 const WrapperTypeInfo*, |
| 130 v8::Local<v8::Value> crossContextException); |
| 131 |
| 121 private: | 132 private: |
| 122 // Returns true if |accessingWindow| is allowed named access to |targetWindow| | 133 // Returns true if |accessingWindow| is allowed named access to |targetWindow| |
| 123 // because they're the same origin. Note that named access should be allowed | 134 // because they're the same origin. Note that named access should be allowed |
| 124 // even if they're cross origin as long as the browsing context name matches | 135 // even if they're cross origin as long as the browsing context name matches |
| 125 // the browsing context container's name. | 136 // the browsing context container's name. |
| 126 // | 137 // |
| 127 // Unlike shouldAllowAccessTo, this function returns true even when | 138 // Unlike shouldAllowAccessTo, this function returns true even when |
| 128 // |accessingWindow| or |targetWindow| is a RemoteDOMWindow, but remember that | 139 // |accessingWindow| or |targetWindow| is a RemoteDOMWindow, but remember that |
| 129 // only limited operations are allowed on a RemoteDOMWindow. | 140 // only limited operations are allowed on a RemoteDOMWindow. |
| 130 // | 141 // |
| 131 // This function should be only used from V8Window::namedPropertyGetterCustom. | 142 // This function should be only used from V8Window::namedPropertyGetterCustom. |
| 132 friend class V8Window; | 143 friend class V8Window; |
| 133 static bool shouldAllowNamedAccessTo(const DOMWindow* accessingWindow, | 144 static bool shouldAllowNamedAccessTo(const DOMWindow* accessingWindow, |
| 134 const DOMWindow* targetWindow); | 145 const DOMWindow* targetWindow); |
| 135 }; | 146 }; |
| 136 | 147 |
| 137 } // namespace blink | 148 } // namespace blink |
| 138 | 149 |
| 139 #endif // BindingSecurity_h | 150 #endif // BindingSecurity_h |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2745313003:
Move securityCheck out of V8WrapperInstantiationScope (Closed)
