| OLD | NEW |
|---|
| 1 /* | 1 /* |
| 2 * Copyright (C) 2010 Google Inc. All rights reserved. | 2 * Copyright (C) 2010 Google Inc. All rights reserved. |
| 3 * | 3 * |
| 4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
| 5 * modification, are permitted provided that the following conditions | 5 * modification, are permitted provided that the following conditions |
| 6 * are met: | 6 * are met: |
| 7 * | 7 * |
| 8 * 1. Redistributions of source code must retain the above copyright | 8 * 1. Redistributions of source code must retain the above copyright |
| 9 * notice, this list of conditions and the following disclaimer. | 9 * notice, this list of conditions and the following disclaimer. |
| 10 * 2. Redistributions in binary form must reproduce the above copyright | 10 * 2. Redistributions in binary form must reproduce the above copyright |
| (...skipping 45 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 56 | 56 |
| 57 static bool IsContextValid(ExecutionContext* context) { | 57 static bool IsContextValid(ExecutionContext* context) { |
| 58 DCHECK(context->IsDocument() || context->IsWorkerGlobalScope()); | 58 DCHECK(context->IsDocument() || context->IsWorkerGlobalScope()); |
| 59 if (context->IsDocument()) { | 59 if (context->IsDocument()) { |
| 60 Document* document = ToDocument(context); | 60 Document* document = ToDocument(context); |
| 61 return document->GetFrame() && document->GetPage(); | 61 return document->GetFrame() && document->GetPage(); |
| 62 } | 62 } |
| 63 return true; | 63 return true; |
| 64 } | 64 } |
| 65 | 65 |
| 66 IDBRequest* IDBFactory::GetDatabaseNames(ScriptState* script_state) { | 66 IDBRequest* IDBFactory::GetDatabaseNames(ScriptState* script_state, |
| 67 ExceptionState& exception_state) { |
| 68 // TODO(jsbell): Used only by inspector; remove unneeded checks/exceptions? |
| 69 if (!IsContextValid(ExecutionContext::From(script_state))) |
| 70 return nullptr; |
| 71 if (!ExecutionContext::From(script_state) |
| 72 ->GetSecurityOrigin() |
| 73 ->CanAccessDatabase()) { |
| 74 exception_state.ThrowSecurityError( |
| 75 "access to the Indexed Database API is denied in this context."); |
| 76 return nullptr; |
| 77 } |
| 78 |
| 67 IDBRequest* request = | 79 IDBRequest* request = |
| 68 IDBRequest::Create(script_state, IDBAny::CreateNull(), nullptr); | 80 IDBRequest::Create(script_state, IDBAny::CreateNull(), nullptr); |
| 81 |
| 82 if (!IndexedDBClient::From(ExecutionContext::From(script_state)) |
| 83 ->AllowIndexedDB(ExecutionContext::From(script_state), |
| 84 "Database Listing")) { |
| 85 request->EnqueueResponse( |
| 86 DOMException::Create(kUnknownError, kPermissionDeniedErrorMessage)); |
| 87 return request; |
| 88 } |
| 89 |
| 69 Platform::Current()->IdbFactory()->GetDatabaseNames( | 90 Platform::Current()->IdbFactory()->GetDatabaseNames( |
| 70 request->CreateWebCallbacks().release(), | 91 request->CreateWebCallbacks().release(), |
| 71 WebSecurityOrigin( | 92 WebSecurityOrigin( |
| 72 ExecutionContext::From(script_state)->GetSecurityOrigin())); | 93 ExecutionContext::From(script_state)->GetSecurityOrigin())); |
| 73 return request; | 94 return request; |
| 74 } | 95 } |
| 75 | 96 |
| 76 IDBOpenDBRequest* IDBFactory::open(ScriptState* script_state, | 97 IDBOpenDBRequest* IDBFactory::open(ScriptState* script_state, |
| 77 const String& name, | 98 const String& name, |
| 78 unsigned long long version, | 99 unsigned long long version, |
| (...skipping 46 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 125 const String& name, | 146 const String& name, |
| 126 ExceptionState& exception_state) { | 147 ExceptionState& exception_state) { |
| 127 IDB_TRACE("IDBFactory::open"); | 148 IDB_TRACE("IDBFactory::open"); |
| 128 return OpenInternal(script_state, name, IDBDatabaseMetadata::kNoVersion, | 149 return OpenInternal(script_state, name, IDBDatabaseMetadata::kNoVersion, |
| 129 exception_state); | 150 exception_state); |
| 130 } | 151 } |
| 131 | 152 |
| 132 IDBOpenDBRequest* IDBFactory::deleteDatabase(ScriptState* script_state, | 153 IDBOpenDBRequest* IDBFactory::deleteDatabase(ScriptState* script_state, |
| 133 const String& name, | 154 const String& name, |
| 134 ExceptionState& exception_state) { | 155 ExceptionState& exception_state) { |
| 156 return DeleteDatabaseInternal(script_state, name, exception_state, |
| 157 /*force_close=*/false); |
| 158 } |
| 159 |
| 160 IDBOpenDBRequest* IDBFactory::CloseConnectionsAndDeleteDatabase( |
| 161 ScriptState* script_state, |
| 162 const String& name, |
| 163 ExceptionState& exception_state) { |
| 164 // TODO(jsbell): Used only by inspector; remove unneeded checks/exceptions? |
| 165 return DeleteDatabaseInternal(script_state, name, exception_state, |
| 166 /*force_close=*/true); |
| 167 } |
| 168 |
| 169 IDBOpenDBRequest* IDBFactory::DeleteDatabaseInternal( |
| 170 ScriptState* script_state, |
| 171 const String& name, |
| 172 ExceptionState& exception_state, |
| 173 bool force_close) { |
| 135 IDB_TRACE("IDBFactory::deleteDatabase"); | 174 IDB_TRACE("IDBFactory::deleteDatabase"); |
| 136 IDBDatabase::RecordApiCallsHistogram(kIDBDeleteDatabaseCall); | 175 IDBDatabase::RecordApiCallsHistogram(kIDBDeleteDatabaseCall); |
| 137 if (!IsContextValid(ExecutionContext::From(script_state))) | 176 if (!IsContextValid(ExecutionContext::From(script_state))) |
| 138 return nullptr; | 177 return nullptr; |
| 139 if (!ExecutionContext::From(script_state) | 178 if (!ExecutionContext::From(script_state) |
| 140 ->GetSecurityOrigin() | 179 ->GetSecurityOrigin() |
| 141 ->CanAccessDatabase()) { | 180 ->CanAccessDatabase()) { |
| 142 exception_state.ThrowSecurityError( | 181 exception_state.ThrowSecurityError( |
| 143 "access to the Indexed Database API is denied in this context."); | 182 "access to the Indexed Database API is denied in this context."); |
| 144 return nullptr; | 183 return nullptr; |
| 145 } | 184 } |
| 146 | 185 |
| 147 return DeleteDatabaseInternal(script_state, name, /*force_close=*/false); | |
| 148 } | |
| 149 | |
| 150 IDBOpenDBRequest* IDBFactory::CloseConnectionsAndDeleteDatabase( | |
| 151 ScriptState* script_state, | |
| 152 const String& name) { | |
| 153 return DeleteDatabaseInternal(script_state, name, /*force_close=*/true); | |
| 154 } | |
| 155 | |
| 156 IDBOpenDBRequest* IDBFactory::DeleteDatabaseInternal(ScriptState* script_state, | |
| 157 const String& name, | |
| 158 bool force_close) { | |
| 159 IDBOpenDBRequest* request = IDBOpenDBRequest::Create( | 186 IDBOpenDBRequest* request = IDBOpenDBRequest::Create( |
| 160 script_state, nullptr, 0, IDBDatabaseMetadata::kDefaultVersion); | 187 script_state, nullptr, 0, IDBDatabaseMetadata::kDefaultVersion); |
| 161 | 188 |
| 162 if (!IndexedDBClient::From(ExecutionContext::From(script_state)) | 189 if (!IndexedDBClient::From(ExecutionContext::From(script_state)) |
| 163 ->AllowIndexedDB(ExecutionContext::From(script_state), name)) { | 190 ->AllowIndexedDB(ExecutionContext::From(script_state), name)) { |
| 164 request->EnqueueResponse( | 191 request->EnqueueResponse( |
| 165 DOMException::Create(kUnknownError, kPermissionDeniedErrorMessage)); | 192 DOMException::Create(kUnknownError, kPermissionDeniedErrorMessage)); |
| 166 return request; | 193 return request; |
| 167 } | 194 } |
| 168 | 195 |
| (...skipping 28 matching lines...) Expand all Loading... |
| 197 if (!second->IsValid()) { | 224 if (!second->IsValid()) { |
| 198 exception_state.ThrowDOMException(kDataError, | 225 exception_state.ThrowDOMException(kDataError, |
| 199 IDBDatabase::kNotValidKeyErrorMessage); | 226 IDBDatabase::kNotValidKeyErrorMessage); |
| 200 return 0; | 227 return 0; |
| 201 } | 228 } |
| 202 | 229 |
| 203 return static_cast<short>(first->Compare(second)); | 230 return static_cast<short>(first->Compare(second)); |
| 204 } | 231 } |
| 205 | 232 |
| 206 } // namespace blink | 233 } // namespace blink |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2900863002:
IndexedDB: Restore access checks in inspector-only IDBFactory methods (Closed)
