| Index: third_party/WebKit/Source/bindings/core/v8/BindingSecurity.cpp
|
| diff --git a/third_party/WebKit/Source/bindings/core/v8/BindingSecurity.cpp b/third_party/WebKit/Source/bindings/core/v8/BindingSecurity.cpp
|
| index 516ef4dff5498d95b703de67ff7f23e7350fcaca..93553d87629a6ca955d074d3ebefc3eb633f2026 100644
|
| --- a/third_party/WebKit/Source/bindings/core/v8/BindingSecurity.cpp
|
| +++ b/third_party/WebKit/Source/bindings/core/v8/BindingSecurity.cpp
|
| @@ -32,6 +32,8 @@
|
|
|
| #include "bindings/core/v8/ExceptionState.h"
|
| #include "bindings/core/v8/V8Binding.h"
|
| +#include "bindings/core/v8/V8Location.h"
|
| +#include "bindings/core/v8/WrapperCreationSecurityCheck.h"
|
| #include "core/dom/Document.h"
|
| #include "core/frame/LocalDOMWindow.h"
|
| #include "core/frame/LocalFrame.h"
|
| @@ -252,6 +254,65 @@ bool BindingSecurity::shouldAllowNamedAccessTo(const DOMWindow* accessingWindow,
|
| return true;
|
| }
|
|
|
| +bool BindingSecurity::shouldEnterCreationContext(
|
| + v8::Isolate* isolate,
|
| + v8::Local<v8::Context> creationContext,
|
| + const WrapperTypeInfo* type) {
|
| + // According to
|
| + // https://html.spec.whatwg.org/multipage/browsers.html#security-location,
|
| + // cross-origin script access to a few properties of Location is allowed.
|
| + // Location already implements the necessary security checks.
|
| + if (type->equals(&V8Location::wrapperTypeInfo))
|
| + return true;
|
| +
|
| + LocalFrame* frame = toLocalFrameIfNotDetached(creationContext);
|
| + ExceptionState exceptionState(isolate, ExceptionState::ConstructionContext,
|
| + type->interfaceName);
|
| + if (!frame) {
|
| + // Sandbox detached frames - they can't create cross origin objects.
|
| + LocalDOMWindow* callingWindow = currentDOMWindow(isolate);
|
| + LocalDOMWindow* targetWindow = toLocalDOMWindow(creationContext);
|
| +
|
| + return shouldAllowAccessToDetachedWindow(callingWindow, targetWindow,
|
| + exceptionState);
|
| + }
|
| + const DOMWrapperWorld& currentWorld =
|
| + DOMWrapperWorld::world(isolate->GetCurrentContext());
|
| + CHECK_EQ(currentWorld.worldId(),
|
| + DOMWrapperWorld::world(creationContext).worldId());
|
| +
|
| + return !currentWorld.isMainWorld() ||
|
| + shouldAllowAccessToFrame(currentDOMWindow(isolate), frame,
|
| + exceptionState);
|
| +}
|
| +
|
| +void BindingSecurity::rethrowCrossContextException(
|
| + v8::Isolate* isolate,
|
| + v8::Local<v8::Context> creationContext,
|
| + const WrapperTypeInfo* type,
|
| + v8::Local<v8::Value> crossContextException) {
|
| + DCHECK(!crossContextException.IsEmpty());
|
| + ExceptionState exceptionState(isolate, ExceptionState::ConstructionContext,
|
| + type->interfaceName);
|
| + if (type->equals(&V8Location::wrapperTypeInfo)) {
|
| + // Convert cross-context exception to security error
|
| + LocalDOMWindow* callingWindow = currentDOMWindow(isolate);
|
| + LocalDOMWindow* targetWindow = toLocalDOMWindow(creationContext);
|
| + exceptionState.throwSecurityError(
|
| + targetWindow->sanitizedCrossDomainAccessErrorMessage(callingWindow),
|
| + targetWindow->crossDomainAccessErrorMessage(callingWindow));
|
| + return;
|
| + }
|
| + exceptionState.rethrowV8Exception(crossContextException);
|
| +}
|
| +
|
| +void BindingSecurity::initWrapperCreationSecurityCheck() {
|
| + WrapperCreationSecurityCheck::setSecurityCheckFunction(
|
| + shouldEnterCreationContext);
|
| + WrapperCreationSecurityCheck::setRethrowExceptionFunction(
|
| + rethrowCrossContextException);
|
| +}
|
| +
|
| void BindingSecurity::failedAccessCheckFor(v8::Isolate* isolate,
|
| const Frame* target) {
|
| // TODO(dcheng): See if this null check can be removed or hoisted to a
|
|
|
Chromium Code Reviews
Issue 2745313003:
Move securityCheck out of V8WrapperInstantiationScope (Closed)
