Move securityCheck out of V8WrapperInstantiationScope

third_party/WebKit/Source/bindings/core/v8/V8DOMWrapper.cpp

 /*
  * Copyright (C) 2009 Google Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions are
  * met:
  *
  *     * Redistributions of source code must retain the above copyright
  * notice, this list of conditions and the following disclaimer.
  *     * Redistributions in binary form must reproduce the above
@@ skipping 13 matching lines @@
  * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
  * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 
 #include "bindings/core/v8/V8DOMWrapper.h"
 
 #include "bindings/core/v8/V8Binding.h"
-#include "bindings/core/v8/V8Location.h"
 #include "bindings/core/v8/V8ObjectConstructor.h"
 #include "bindings/core/v8/V8PerContextData.h"
 #include "bindings/core/v8/V8PerIsolateData.h"
-#include "bindings/core/v8/V8ScriptRunner.h"
-#include "bindings/core/v8/V8Window.h"
-#include "core/dom/Document.h"
-#include "core/frame/LocalDOMWindow.h"
 
 namespace blink {
 
 v8::Local<v8::Object> V8DOMWrapper::createWrapper(
     v8::Isolate* isolate,
     v8::Local<v8::Object> creationContext,
     const WrapperTypeInfo* type) {
-  ASSERT(!type->equals(&V8Window::wrapperTypeInfo));
-  // According to
-  // https://html.spec.whatwg.org/multipage/browsers.html#security-location,
-  // cross-origin script access to a few properties of Location is allowed.
-  // Location already implements the necessary security checks.
-  bool withSecurityCheck = !type->equals(&V8Location::wrapperTypeInfo);
-  V8WrapperInstantiationScope scope(creationContext, isolate,
-                                    withSecurityCheck);
+  V8WrapperInstantiationScope scope(creationContext, isolate, type);

[Yuki, 2017/04/06 08:26:15]

You're not aborting the wrapper creation.

We should have the following here.

if (|scope| failed access check (i.e. |scope| threw an exception))
  return v8::Local<v8::Object>();

In general, we shouldn't continue to run when an exception is thrown.  Almost
all V8 APIs fail while an exception is being thrown.

[adithyas, 2017/04/06 19:04:20]

Ok, done.

 
   V8PerContextData* perContextData = V8PerContextData::from(scope.context());
   v8::Local<v8::Object> wrapper;
   if (perContextData) {
     wrapper = perContextData->createWrapperFromCache(type);
   } else {
     // The context is detached, but still accessible.
     // TODO(yukishiino): This code does not create a wrapper with
     // the correct settings.  Should follow the same way as
     // V8PerContextData::createWrapperFromCache, though there is no need to
@@ skipping 29 matching lines @@
 
   if (object->InternalFieldCount() < v8DefaultWrapperInternalFieldCount)
     return false;
 
   const ScriptWrappable* untrustedScriptWrappable = toScriptWrappable(object);
   const WrapperTypeInfo* untrustedWrapperTypeInfo = toWrapperTypeInfo(object);
   return untrustedScriptWrappable && untrustedWrapperTypeInfo &&
          untrustedWrapperTypeInfo->ginEmbedder == gin::kEmbedderBlink;
 }
 
-void V8WrapperInstantiationScope::securityCheck(
-    v8::Isolate* isolate,
-    v8::Local<v8::Context> contextForWrapper) {
-  if (m_context.IsEmpty())
-    return;
-  // If the context is different, we need to make sure that the current
-  // context has access to the creation context.
-  LocalFrame* frame = toLocalFrameIfNotDetached(contextForWrapper);
-  if (!frame) {
-    // Sandbox detached frames - they can't create cross origin objects.
-    LocalDOMWindow* callingWindow = currentDOMWindow(isolate);
-    LocalDOMWindow* targetWindow = toLocalDOMWindow(contextForWrapper);
-    // TODO(jochen): Currently, Location is the only object for which we can
-    // reach this code path. Should be generalized.
-    ExceptionState exceptionState(isolate, ExceptionState::ConstructionContext,
-                                  "Location");
-    if (BindingSecurity::shouldAllowAccessToDetachedWindow(
-            callingWindow, targetWindow, exceptionState))
-      return;
-
-    CHECK_EQ(SecurityError, exceptionState.code());
-    return;
-  }
-  const DOMWrapperWorld& currentWorld = DOMWrapperWorld::world(m_context);
-  RELEASE_ASSERT(currentWorld.worldId() ==
-                 DOMWrapperWorld::world(contextForWrapper).worldId());
-  // TODO(jochen): Add the interface name here once this is generalized.
-  ExceptionState exceptionState(isolate, ExceptionState::ConstructionContext,
-                                nullptr);
-  if (currentWorld.isMainWorld() &&
-      !BindingSecurity::shouldAllowAccessToFrame(currentDOMWindow(isolate),
-                                                 frame, exceptionState)) {
-    CHECK_EQ(SecurityError, exceptionState.code());
-    return;
-  }
-}
-
-void V8WrapperInstantiationScope::convertException() {
-  v8::Isolate* isolate = m_context->GetIsolate();
-  // TODO(jochen): Currently, Location is the only object for which we can reach
-  // this code path. Should be generalized.
-  ExceptionState exceptionState(isolate, ExceptionState::ConstructionContext,
-                                "Location");
-  LocalDOMWindow* callingWindow = currentDOMWindow(isolate);
-  LocalDOMWindow* targetWindow = toLocalDOMWindow(m_context);
-  exceptionState.throwSecurityError(
-      targetWindow->sanitizedCrossDomainAccessErrorMessage(callingWindow),
-      targetWindow->crossDomainAccessErrorMessage(callingWindow));
-}
-
 }  // namespace blink