Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(129)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: third_party/WebKit/Source/bindings/core/v8/BindingSecurity.h

Issue 2745313003: Move securityCheck out of V8WrapperInstantiationScope (Closed)
Patch Set: Add TODO Created 3 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « third_party/WebKit/Source/bindings/bindings.gni ('k') | third_party/WebKit/Source/bindings/core/v8/BindingSecurity.cpp » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * Copyright (C) 2009 Google Inc. All rights reserved. 2 * Copyright (C) 2009 Google Inc. All rights reserved.
3 * 3 *
4 * Redistribution and use in source and binary forms, with or without 4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions are 5 * modification, are permitted provided that the following conditions are
6 * met: 6 * met:
7 * 7 *
8 * * Redistributions of source code must retain the above copyright 8 * * Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer. 9 * notice, this list of conditions and the following disclaimer.
10 * * Redistributions in binary form must reproduce the above 10 * * Redistributions in binary form must reproduce the above
(...skipping 26 matching lines...) Expand all
37 37
38 namespace blink { 38 namespace blink {
39 39
40 class DOMWindow; 40 class DOMWindow;
41 class EventTarget; 41 class EventTarget;
42 class ExceptionState; 42 class ExceptionState;
43 class Frame; 43 class Frame;
44 class LocalDOMWindow; 44 class LocalDOMWindow;
45 class Location; 45 class Location;
46 class Node; 46 class Node;
47 struct WrapperTypeInfo;
47 48
48 class CORE_EXPORT BindingSecurity { 49 class CORE_EXPORT BindingSecurity {
49 STATIC_ONLY(BindingSecurity); 50 STATIC_ONLY(BindingSecurity);
50 51
51 public: 52 public:
52 enum class ErrorReportOption { 53 enum class ErrorReportOption {
53 kDoNotReport, 54 kDoNotReport,
54 kReport, 55 kReport,
55 }; 56 };
56 57
(...skipping 54 matching lines...) Expand 10 before | Expand all | Expand 10 after
111 const Frame* target, 112 const Frame* target,
112 ErrorReportOption); 113 ErrorReportOption);
113 // This overload must be used only for detached windows. 114 // This overload must be used only for detached windows.
114 static bool ShouldAllowAccessToDetachedWindow( 115 static bool ShouldAllowAccessToDetachedWindow(
115 const LocalDOMWindow* accessing_window, 116 const LocalDOMWindow* accessing_window,
116 const DOMWindow* target, 117 const DOMWindow* target,
117 ExceptionState&); 118 ExceptionState&);
118 119
119 static void FailedAccessCheckFor(v8::Isolate*, const Frame* target); 120 static void FailedAccessCheckFor(v8::Isolate*, const Frame* target);
120 121
122 // The following two functions were written to be called by
123 // V8WrapperInstantiationScope before entering and after exiting an object's
124 // creation context during wrapper creation.
125
126 // Returns true if the current context has access to creationContext, and
127 // throws a SecurityError if it doesn't have access.
128 static bool ShouldAllowAccessToCreationContext(
129 v8::Local<v8::Context> creation_context,
130 const WrapperTypeInfo*);
131
132 static void RethrowCrossContextException(
133 v8::Local<v8::Context> creation_context,
134 const WrapperTypeInfo*,
135 v8::Local<v8::Value> cross_context_exception);
136
137 static void InitWrapperCreationSecurityCheck();
138
121 private: 139 private:
122 // Returns true if |accessingWindow| is allowed named access to |targetWindow| 140 // Returns true if |accessingWindow| is allowed named access to |targetWindow|
123 // because they're the same origin. Note that named access should be allowed 141 // because they're the same origin. Note that named access should be allowed
124 // even if they're cross origin as long as the browsing context name matches 142 // even if they're cross origin as long as the browsing context name matches
125 // the browsing context container's name. 143 // the browsing context container's name.
126 // 144 //
127 // Unlike shouldAllowAccessTo, this function returns true even when 145 // Unlike shouldAllowAccessTo, this function returns true even when
128 // |accessingWindow| or |targetWindow| is a RemoteDOMWindow, but remember that 146 // |accessingWindow| or |targetWindow| is a RemoteDOMWindow, but remember that
129 // only limited operations are allowed on a RemoteDOMWindow. 147 // only limited operations are allowed on a RemoteDOMWindow.
130 // 148 //
131 // This function should be only used from V8Window::namedPropertyGetterCustom. 149 // This function should be only used from V8Window::namedPropertyGetterCustom.
132 friend class V8Window; 150 friend class V8Window;
133 static bool ShouldAllowNamedAccessTo(const DOMWindow* accessing_window, 151 static bool ShouldAllowNamedAccessTo(const DOMWindow* accessing_window,
134 const DOMWindow* target_window); 152 const DOMWindow* target_window);
135 }; 153 };
136 154
137 } // namespace blink 155 } // namespace blink
138 156
139 #endif // BindingSecurity_h 157 #endif // BindingSecurity_h
OLDNEW
« no previous file with comments | « third_party/WebKit/Source/bindings/bindings.gni ('k') | third_party/WebKit/Source/bindings/core/v8/BindingSecurity.cpp » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698