OLD | NEW |
1 /* | 1 /* |
2 * Copyright (C) 2009 Google Inc. All rights reserved. | 2 * Copyright (C) 2009 Google Inc. All rights reserved. |
3 * | 3 * |
4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
5 * modification, are permitted provided that the following conditions are | 5 * modification, are permitted provided that the following conditions are |
6 * met: | 6 * met: |
7 * | 7 * |
8 * * Redistributions of source code must retain the above copyright | 8 * * Redistributions of source code must retain the above copyright |
9 * notice, this list of conditions and the following disclaimer. | 9 * notice, this list of conditions and the following disclaimer. |
10 * * Redistributions in binary form must reproduce the above | 10 * * Redistributions in binary form must reproduce the above |
(...skipping 30 matching lines...) Expand all Loading... |
41 DOMWindow* BindingSecurityBase::getDOMWindow(Frame* frame) | 41 DOMWindow* BindingSecurityBase::getDOMWindow(Frame* frame) |
42 { | 42 { |
43 return frame->domWindow(); | 43 return frame->domWindow(); |
44 } | 44 } |
45 | 45 |
46 Frame* BindingSecurityBase::getFrame(Node* node) | 46 Frame* BindingSecurityBase::getFrame(Node* node) |
47 { | 47 { |
48 return node->document()->frame(); | 48 return node->document()->frame(); |
49 } | 49 } |
50 | 50 |
51 // Same origin policy implementation: | 51 bool BindingSecurityBase::canAccess(DOMWindow* activeWindow, DOMWindow* targetWi
ndow) |
52 // | |
53 // Same origin policy prevents JS code from domain A from accessing JS & DOM | |
54 // objects in a different domain B. There are exceptions and several objects | |
55 // are accessible by cross-domain code. For example, the window.frames object | |
56 // is accessible by code from a different domain, but window.document is not. | |
57 // | |
58 // The JS binding code sets security check callbacks on a function template, | |
59 // and accessing instances of the template calls the callback function. | |
60 // The callback function enforces the same origin policy. | |
61 // | |
62 // Callback functions are expensive. Binding code should use a security token | |
63 // string to do fast access checks for the common case where source and target | |
64 // are in the same domain. A security token is a string object that represents | |
65 // the protocol/url/port of a domain. | |
66 // | |
67 // There are special cases where security token matching is not enough. | |
68 // For example, JS can set its domain to a super domain by calling | |
69 // document.setDomain(...). In these cases, the binding code can reset | |
70 // a context's security token to its global object so that the fast access | |
71 // check will always fail. | |
72 | |
73 // Helper to check if the current execution context can access a target frame. | |
74 // First it checks same domain policy using the lexical context. | |
75 // | |
76 // This is equivalent to KJS::Window::allowsAccessFrom(ExecState*). | |
77 bool BindingSecurityBase::canAccess(DOMWindow* activeWindow, | |
78 DOMWindow* targetWindow) | |
79 { | 52 { |
80 ASSERT(targetWindow); | 53 ASSERT(targetWindow); |
81 | |
82 String message; | |
83 | |
84 if (activeWindow == targetWindow) | 54 if (activeWindow == targetWindow) |
85 return true; | 55 return true; |
86 | 56 |
87 if (!activeWindow) | 57 if (!activeWindow) |
88 return false; | 58 return false; |
89 | 59 |
90 const SecurityOrigin* activeSecurityOrigin = activeWindow->securityOrigin(); | 60 SecurityOrigin* activeSecurityOrigin = activeWindow->securityOrigin(); |
91 const SecurityOrigin* targetSecurityOrigin = targetWindow->securityOrigin(); | 61 SecurityOrigin* targetSecurityOrigin = targetWindow->securityOrigin(); |
92 | 62 |
93 // We have seen crashes were the security origin of the target has not been | 63 // We have seen crashes were the security origin of the target has not been |
94 // initialized. Defend against that. | 64 // initialized. Defend against that. |
95 if (!targetSecurityOrigin) | 65 if (!targetSecurityOrigin) |
96 return false; | 66 return false; |
97 | 67 |
98 if (activeSecurityOrigin->canAccess(targetSecurityOrigin)) | 68 if (activeSecurityOrigin->canAccess(targetSecurityOrigin)) |
99 return true; | 69 return true; |
100 | 70 |
101 // Allow access to a "about:blank" page if the dynamic context is a | |
102 // detached context of the same frame as the blank page. | |
103 if (targetSecurityOrigin->isEmpty() && activeWindow->frame() == targetWindow
->frame()) | |
104 return true; | |
105 | |
106 return false; | 71 return false; |
107 } | 72 } |
108 | 73 |
109 } // namespace WebCore | 74 } |
OLD | NEW |