Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(120)

Side by Side Diff: Source/WebCore/page/DOMWindow.cpp

Issue 7112025: Merge 88071 (Closed) Base URL: http://svn.webkit.org/repository/webkit/branches/chromium/742/
Patch Set: Created 9 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « LayoutTests/http/tests/security/xss-DENIED-contentWindow-eval-expected.txt ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * Copyright (C) 2006, 2007, 2008, 2010 Apple Inc. All rights reserved. 2 * Copyright (C) 2006, 2007, 2008, 2010 Apple Inc. All rights reserved.
3 * Copyright (C) 2010 Nokia Corporation and/or its subsidiary(-ies) 3 * Copyright (C) 2010 Nokia Corporation and/or its subsidiary(-ies)
4 * 4 *
5 * Redistribution and use in source and binary forms, with or without 5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions 6 * modification, are permitted provided that the following conditions
7 * are met: 7 * are met:
8 * 1. Redistributions of source code must retain the above copyright 8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer. 9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright 10 * 2. Redistributions in binary form must reproduce the above copyright
(...skipping 1695 matching lines...) Expand 10 before | Expand all | Expand 10 after
1706 // FIXME: This message, and other console messages, have extra newlines. Sho uld remove them. 1706 // FIXME: This message, and other console messages, have extra newlines. Sho uld remove them.
1707 return makeString("Unsafe JavaScript attempt to access frame with URL ", m_u rl.string(), 1707 return makeString("Unsafe JavaScript attempt to access frame with URL ", m_u rl.string(),
1708 " from frame with URL ", activeWindowURL.string(), ". Domains, protocols and ports must match.\n"); 1708 " from frame with URL ", activeWindowURL.string(), ". Domains, protocols and ports must match.\n");
1709 } 1709 }
1710 1710
1711 bool DOMWindow::isInsecureScriptAccess(DOMWindow* activeWindow, const String& ur lString) 1711 bool DOMWindow::isInsecureScriptAccess(DOMWindow* activeWindow, const String& ur lString)
1712 { 1712 {
1713 if (!protocolIsJavaScript(urlString)) 1713 if (!protocolIsJavaScript(urlString))
1714 return false; 1714 return false;
1715 1715
1716 // FIXME: Is there some way to eliminate the need for a separate "activeWind ow == this" check? 1716 // If m_frame->domWindow() != this, then |this| isn't the DOMWindow that's
1717 if (activeWindow == this) 1717 // currently active in the frame and there's no way we should allow the
1718 return false; 1718 // access.
1719 // FIXME: Remove this check if we're able to disconnect DOMWindow from
1720 // Frame on navigation: https://bugs.webkit.org/show_bug.cgi?id=62054
1721 if (m_frame->domWindow() == this) {
1722 // FIXME: Is there some way to eliminate the need for a separate "active Window == this" check?
1723 if (activeWindow == this)
1724 return false;
1719 1725
1720 // FIXME: The name canAccess seems to be a roundabout way to ask "can execut e script". 1726 // FIXME: The name canAccess seems to be a roundabout way to ask "can ex ecute script".
1721 // Can we name the SecurityOrigin function better to make this more clear? 1727 // Can we name the SecurityOrigin function better to make this more clea r?
1722 if (activeWindow->securityOrigin()->canAccess(securityOrigin())) 1728 if (activeWindow->securityOrigin()->canAccess(securityOrigin()))
1723 return false; 1729 return false;
1730 }
1724 1731
1725 printErrorMessage(crossDomainAccessErrorMessage(activeWindow)); 1732 printErrorMessage(crossDomainAccessErrorMessage(activeWindow));
1726 return true; 1733 return true;
1727 } 1734 }
1728 1735
1729 Frame* DOMWindow::createWindow(const String& urlString, const AtomicString& fram eName, const WindowFeatures& windowFeatures, 1736 Frame* DOMWindow::createWindow(const String& urlString, const AtomicString& fram eName, const WindowFeatures& windowFeatures,
1730 DOMWindow* activeWindow, Frame* firstFrame, Frame* openerFrame, PrepareDialo gFunction function, void* functionContext) 1737 DOMWindow* activeWindow, Frame* firstFrame, Frame* openerFrame, PrepareDialo gFunction function, void* functionContext)
1731 { 1738 {
1732 Frame* activeFrame = activeWindow->frame(); 1739 Frame* activeFrame = activeWindow->frame();
1733 1740
(...skipping 133 matching lines...) Expand 10 before | Expand all | Expand 10 after
1867 #if ENABLE(QUOTA) 1874 #if ENABLE(QUOTA)
1868 StorageInfo* DOMWindow::webkitStorageInfo() const 1875 StorageInfo* DOMWindow::webkitStorageInfo() const
1869 { 1876 {
1870 if (!m_storageInfo) 1877 if (!m_storageInfo)
1871 m_storageInfo = StorageInfo::create(); 1878 m_storageInfo = StorageInfo::create();
1872 return m_storageInfo.get(); 1879 return m_storageInfo.get();
1873 } 1880 }
1874 #endif 1881 #endif
1875 1882
1876 } // namespace WebCore 1883 } // namespace WebCore
OLDNEW
« no previous file with comments | « LayoutTests/http/tests/security/xss-DENIED-contentWindow-eval-expected.txt ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698