Move securityCheck out of V8WrapperInstantiationScope

third_party/WebKit/Source/bindings/core/v8/V8DOMWrapper.cpp

Index: third_party/WebKit/Source/bindings/core/v8/V8DOMWrapper.cpp
diff --git a/third_party/WebKit/Source/bindings/core/v8/V8DOMWrapper.cpp b/third_party/WebKit/Source/bindings/core/v8/V8DOMWrapper.cpp
index ae25c6ca399229d4d03bdfe009b7d82bf74c23ae..6621aad3702f87a448f8db00bff78a3f9f9eb48e 100644
--- a/third_party/WebKit/Source/bindings/core/v8/V8DOMWrapper.cpp
+++ b/third_party/WebKit/Source/bindings/core/v8/V8DOMWrapper.cpp
@@ -31,14 +31,9 @@
 #include "bindings/core/v8/V8DOMWrapper.h"
 
 #include "bindings/core/v8/V8Binding.h"
-#include "bindings/core/v8/V8Location.h"
 #include "bindings/core/v8/V8ObjectConstructor.h"
 #include "bindings/core/v8/V8PerContextData.h"
 #include "bindings/core/v8/V8PerIsolateData.h"
-#include "bindings/core/v8/V8ScriptRunner.h"
-#include "bindings/core/v8/V8Window.h"
-#include "core/dom/Document.h"
-#include "core/frame/LocalDOMWindow.h"
 
 namespace blink {
 
@@ -46,14 +41,7 @@ v8::Local<v8::Object> V8DOMWrapper::createWrapper(
     v8::Isolate* isolate,
     v8::Local<v8::Object> creationContext,
     const WrapperTypeInfo* type) {
-  ASSERT(!type->equals(&V8Window::wrapperTypeInfo));
-  // According to
-  // https://html.spec.whatwg.org/multipage/browsers.html#security-location,
-  // cross-origin script access to a few properties of Location is allowed.
-  // Location already implements the necessary security checks.
-  bool withSecurityCheck = !type->equals(&V8Location::wrapperTypeInfo);
-  V8WrapperInstantiationScope scope(creationContext, isolate,
-                                    withSecurityCheck);
+  V8WrapperInstantiationScope scope(creationContext, isolate, type);

[Yuki, 2017/04/06 08:26:15]

You're not aborting the wrapper creation.

We should have the following here.

if (|scope| failed access check (i.e. |scope| threw an exception))
  return v8::Local<v8::Object>();

In general, we shouldn't continue to run when an exception is thrown.  Almost
all V8 APIs fail while an exception is being thrown.

[adithyas, 2017/04/06 19:04:20]

Ok, done.

 
   V8PerContextData* perContextData = V8PerContextData::from(scope.context());
   v8::Local<v8::Object> wrapper;
@@ -103,54 +91,4 @@ bool V8DOMWrapper::hasInternalFieldsSet(v8::Local<v8::Value> value) {
          untrustedWrapperTypeInfo->ginEmbedder == gin::kEmbedderBlink;
 }
 
-void V8WrapperInstantiationScope::securityCheck(
-    v8::Isolate* isolate,
-    v8::Local<v8::Context> contextForWrapper) {
-  if (m_context.IsEmpty())
-    return;
-  // If the context is different, we need to make sure that the current
-  // context has access to the creation context.
-  LocalFrame* frame = toLocalFrameIfNotDetached(contextForWrapper);
-  if (!frame) {
-    // Sandbox detached frames - they can't create cross origin objects.
-    LocalDOMWindow* callingWindow = currentDOMWindow(isolate);
-    LocalDOMWindow* targetWindow = toLocalDOMWindow(contextForWrapper);
-    // TODO(jochen): Currently, Location is the only object for which we can
-    // reach this code path. Should be generalized.
-    ExceptionState exceptionState(isolate, ExceptionState::ConstructionContext,
-                                  "Location");
-    if (BindingSecurity::shouldAllowAccessToDetachedWindow(
-            callingWindow, targetWindow, exceptionState))
-      return;
-
-    CHECK_EQ(SecurityError, exceptionState.code());
-    return;
-  }
-  const DOMWrapperWorld& currentWorld = DOMWrapperWorld::world(m_context);
-  RELEASE_ASSERT(currentWorld.worldId() ==
-                 DOMWrapperWorld::world(contextForWrapper).worldId());
-  // TODO(jochen): Add the interface name here once this is generalized.
-  ExceptionState exceptionState(isolate, ExceptionState::ConstructionContext,
-                                nullptr);
-  if (currentWorld.isMainWorld() &&
-      !BindingSecurity::shouldAllowAccessToFrame(currentDOMWindow(isolate),
-                                                 frame, exceptionState)) {
-    CHECK_EQ(SecurityError, exceptionState.code());
-    return;
-  }
-}
-
-void V8WrapperInstantiationScope::convertException() {
-  v8::Isolate* isolate = m_context->GetIsolate();
-  // TODO(jochen): Currently, Location is the only object for which we can reach
-  // this code path. Should be generalized.
-  ExceptionState exceptionState(isolate, ExceptionState::ConstructionContext,
-                                "Location");
-  LocalDOMWindow* callingWindow = currentDOMWindow(isolate);
-  LocalDOMWindow* targetWindow = toLocalDOMWindow(m_context);
-  exceptionState.throwSecurityError(
-      targetWindow->sanitizedCrossDomainAccessErrorMessage(callingWindow),
-      targetWindow->crossDomainAccessErrorMessage(callingWindow));
-}
-
 }  // namespace blink