Chromium Code Reviews| OLD | NEW |
|---|---|
| 1 /* | 1 /* |
| 2 * Copyright (C) 2009 Google Inc. All rights reserved. | 2 * Copyright (C) 2009 Google Inc. All rights reserved. |
| 3 * | 3 * |
| 4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
| 5 * modification, are permitted provided that the following conditions are | 5 * modification, are permitted provided that the following conditions are |
| 6 * met: | 6 * met: |
| 7 * | 7 * |
| 8 * * Redistributions of source code must retain the above copyright | 8 * * Redistributions of source code must retain the above copyright |
| 9 * notice, this list of conditions and the following disclaimer. | 9 * notice, this list of conditions and the following disclaimer. |
| 10 * * Redistributions in binary form must reproduce the above | 10 * * Redistributions in binary form must reproduce the above |
| (...skipping 26 matching lines...) Expand all Loading... | |
| 37 | 37 |
| 38 namespace blink { | 38 namespace blink { |
| 39 | 39 |
| 40 class DOMWindow; | 40 class DOMWindow; |
| 41 class EventTarget; | 41 class EventTarget; |
| 42 class ExceptionState; | 42 class ExceptionState; |
| 43 class Frame; | 43 class Frame; |
| 44 class LocalDOMWindow; | 44 class LocalDOMWindow; |
| 45 class Location; | 45 class Location; |
| 46 class Node; | 46 class Node; |
| 47 struct WrapperTypeInfo; | |
| 47 | 48 |
| 48 class CORE_EXPORT BindingSecurity { | 49 class CORE_EXPORT BindingSecurity { |
| 49 STATIC_ONLY(BindingSecurity); | 50 STATIC_ONLY(BindingSecurity); |
| 50 | 51 |
| 51 public: | 52 public: |
| 52 enum class ErrorReportOption { | 53 enum class ErrorReportOption { |
| 53 DoNotReport, | 54 DoNotReport, |
| 54 Report, | 55 Report, |
| 55 }; | 56 }; |
| 56 | 57 |
| (...skipping 54 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 111 const Frame* target, | 112 const Frame* target, |
| 112 ErrorReportOption); | 113 ErrorReportOption); |
| 113 // This overload must be used only for detached windows. | 114 // This overload must be used only for detached windows. |
| 114 static bool shouldAllowAccessToDetachedWindow( | 115 static bool shouldAllowAccessToDetachedWindow( |
| 115 const LocalDOMWindow* accessingWindow, | 116 const LocalDOMWindow* accessingWindow, |
| 116 const DOMWindow* target, | 117 const DOMWindow* target, |
| 117 ExceptionState&); | 118 ExceptionState&); |
| 118 | 119 |
| 119 static void failedAccessCheckFor(v8::Isolate*, const Frame* target); | 120 static void failedAccessCheckFor(v8::Isolate*, const Frame* target); |
| 120 | 121 |
| 122 // Returns true if the current context has access to creationContext, and | |
| 123 // throws a SecurityError if it doesn't have access. | |
|
Yuki
2017/04/06 08:26:15
Probably it's good to write that these two functio
adithyas
2017/04/06 19:04:20
Done.
| |
| 124 static bool shouldEnterCreationContext(v8::Isolate*, | |
|
Yuki
2017/04/06 08:26:15
Can we follow the existing convention like the fol
adithyas
2017/04/06 19:04:20
Done.
| |
| 125 v8::Local<v8::Context> creationContext, | |
| 126 const WrapperTypeInfo*); | |
| 127 | |
| 128 static void rethrowCrossContextException( | |
| 129 v8::Isolate*, | |
| 130 v8::Local<v8::Context> creationContext, | |
| 131 const WrapperTypeInfo*, | |
| 132 v8::Local<v8::Value> crossContextException); | |
| 133 | |
| 134 static void initWrapperCreationSecurityCheck(); | |
| 135 | |
| 121 private: | 136 private: |
| 122 // Returns true if |accessingWindow| is allowed named access to |targetWindow| | 137 // Returns true if |accessingWindow| is allowed named access to |targetWindow| |
| 123 // because they're the same origin. Note that named access should be allowed | 138 // because they're the same origin. Note that named access should be allowed |
| 124 // even if they're cross origin as long as the browsing context name matches | 139 // even if they're cross origin as long as the browsing context name matches |
| 125 // the browsing context container's name. | 140 // the browsing context container's name. |
| 126 // | 141 // |
| 127 // Unlike shouldAllowAccessTo, this function returns true even when | 142 // Unlike shouldAllowAccessTo, this function returns true even when |
| 128 // |accessingWindow| or |targetWindow| is a RemoteDOMWindow, but remember that | 143 // |accessingWindow| or |targetWindow| is a RemoteDOMWindow, but remember that |
| 129 // only limited operations are allowed on a RemoteDOMWindow. | 144 // only limited operations are allowed on a RemoteDOMWindow. |
| 130 // | 145 // |
| 131 // This function should be only used from V8Window::namedPropertyGetterCustom. | 146 // This function should be only used from V8Window::namedPropertyGetterCustom. |
| 132 friend class V8Window; | 147 friend class V8Window; |
| 133 static bool shouldAllowNamedAccessTo(const DOMWindow* accessingWindow, | 148 static bool shouldAllowNamedAccessTo(const DOMWindow* accessingWindow, |
| 134 const DOMWindow* targetWindow); | 149 const DOMWindow* targetWindow); |
| 135 }; | 150 }; |
| 136 | 151 |
| 137 } // namespace blink | 152 } // namespace blink |
| 138 | 153 |
| 139 #endif // BindingSecurity_h | 154 #endif // BindingSecurity_h |
| OLD | NEW |