Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(83)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: third_party/WebKit/Source/bindings/core/v8/BindingSecurity.h

Issue 2815373002: Revert of Move securityCheck out of V8WrapperInstantiationScope (Closed)
Patch Set: Created 3 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « third_party/WebKit/Source/bindings/bindings.gni ('k') | third_party/WebKit/Source/bindings/core/v8/BindingSecurity.cpp » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * Copyright (C) 2009 Google Inc. All rights reserved. 2 * Copyright (C) 2009 Google Inc. All rights reserved.
3 * 3 *
4 * Redistribution and use in source and binary forms, with or without 4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions are 5 * modification, are permitted provided that the following conditions are
6 * met: 6 * met:
7 * 7 *
8 * * Redistributions of source code must retain the above copyright 8 * * Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer. 9 * notice, this list of conditions and the following disclaimer.
10 * * Redistributions in binary form must reproduce the above 10 * * Redistributions in binary form must reproduce the above
(...skipping 26 matching lines...) Expand all
37 37
38 namespace blink { 38 namespace blink {
39 39
40 class DOMWindow; 40 class DOMWindow;
41 class EventTarget; 41 class EventTarget;
42 class ExceptionState; 42 class ExceptionState;
43 class Frame; 43 class Frame;
44 class LocalDOMWindow; 44 class LocalDOMWindow;
45 class Location; 45 class Location;
46 class Node; 46 class Node;
47 struct WrapperTypeInfo;
48 47
49 class CORE_EXPORT BindingSecurity { 48 class CORE_EXPORT BindingSecurity {
50 STATIC_ONLY(BindingSecurity); 49 STATIC_ONLY(BindingSecurity);
51 50
52 public: 51 public:
53 enum class ErrorReportOption { 52 enum class ErrorReportOption {
54 kDoNotReport, 53 kDoNotReport,
55 kReport, 54 kReport,
56 }; 55 };
57 56
(...skipping 54 matching lines...) Expand 10 before | Expand all | Expand 10 after
112 const Frame* target, 111 const Frame* target,
113 ErrorReportOption); 112 ErrorReportOption);
114 // This overload must be used only for detached windows. 113 // This overload must be used only for detached windows.
115 static bool ShouldAllowAccessToDetachedWindow( 114 static bool ShouldAllowAccessToDetachedWindow(
116 const LocalDOMWindow* accessing_window, 115 const LocalDOMWindow* accessing_window,
117 const DOMWindow* target, 116 const DOMWindow* target,
118 ExceptionState&); 117 ExceptionState&);
119 118
120 static void FailedAccessCheckFor(v8::Isolate*, const Frame* target); 119 static void FailedAccessCheckFor(v8::Isolate*, const Frame* target);
121 120
122 // The following two functions were written to be called by
123 // V8WrapperInstantiationScope before entering and after exiting an object's
124 // creation context during wrapper creation.
125
126 // Returns true if the current context has access to creationContext, and
127 // throws a SecurityError if it doesn't have access.
128 static bool ShouldAllowAccessToCreationContext(
129 v8::Local<v8::Context> creation_context,
130 const WrapperTypeInfo*);
131
132 static void RethrowCrossContextException(
133 v8::Local<v8::Context> creation_context,
134 const WrapperTypeInfo*,
135 v8::Local<v8::Value> cross_context_exception);
136
137 static void InitWrapperCreationSecurityCheck();
138
139 private: 121 private:
140 // Returns true if |accessingWindow| is allowed named access to |targetWindow| 122 // Returns true if |accessingWindow| is allowed named access to |targetWindow|
141 // because they're the same origin. Note that named access should be allowed 123 // because they're the same origin. Note that named access should be allowed
142 // even if they're cross origin as long as the browsing context name matches 124 // even if they're cross origin as long as the browsing context name matches
143 // the browsing context container's name. 125 // the browsing context container's name.
144 // 126 //
145 // Unlike shouldAllowAccessTo, this function returns true even when 127 // Unlike shouldAllowAccessTo, this function returns true even when
146 // |accessingWindow| or |targetWindow| is a RemoteDOMWindow, but remember that 128 // |accessingWindow| or |targetWindow| is a RemoteDOMWindow, but remember that
147 // only limited operations are allowed on a RemoteDOMWindow. 129 // only limited operations are allowed on a RemoteDOMWindow.
148 // 130 //
149 // This function should be only used from V8Window::namedPropertyGetterCustom. 131 // This function should be only used from V8Window::namedPropertyGetterCustom.
150 friend class V8Window; 132 friend class V8Window;
151 static bool ShouldAllowNamedAccessTo(const DOMWindow* accessing_window, 133 static bool ShouldAllowNamedAccessTo(const DOMWindow* accessing_window,
152 const DOMWindow* target_window); 134 const DOMWindow* target_window);
153 }; 135 };
154 136
155 } // namespace blink 137 } // namespace blink
156 138
157 #endif // BindingSecurity_h 139 #endif // BindingSecurity_h
OLDNEW
« no previous file with comments | « third_party/WebKit/Source/bindings/bindings.gni ('k') | third_party/WebKit/Source/bindings/core/v8/BindingSecurity.cpp » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698