Chromium Code Reviews Chromium Code Reviews
Issue 77453002:
IDL compiler: [CheckSecurity=Frame] interface + [DoNotCheckSecurity] members (Closed)
Base URL: svn://svn.chromium.org/blink/trunk| Index: Source/bindings/templates/interface.cpp |
| diff --git a/Source/bindings/templates/interface.cpp b/Source/bindings/templates/interface.cpp |
| index c398adde5d3e88bd9c1c4b3a4379337a24753b3e..ded9555eac139980b0dff99590fbbe7cfa494054 100644 |
| --- a/Source/bindings/templates/interface.cpp |
| +++ b/Source/bindings/templates/interface.cpp |
| @@ -98,6 +98,28 @@ bool namedSecurityCheck(v8::Local<v8::Object> host, v8::Local<v8::Value> key, v8 |
| {##############################################################################} |
| +{% block domain_safe_method_setter %} |
|
haraken
2013/11/20 05:04:54
domain_safe_method_setter => attribute_setter_with
Nils Barth (inactive)
2013/11/20 06:11:03
Got it; will do all the renames in a followup.
|
| +{% if has_domain_safe_method_setter %} |
|
haraken
2013/11/20 05:04:54
has_domain_safe_method_setter => has_attribute_set
Nils Barth (inactive)
2013/11/20 06:11:03
Per above, in followup.
|
| +static void {{cpp_class_name}}DomainSafeFunctionSetter(v8::Local<v8::String> name, v8::Local<v8::Value> jsValue, const v8::PropertyCallbackInfo<void>& info) |
|
haraken
2013/11/20 05:04:54
DomainSafeFunctionSetter => AttributeSetterWithSec
Nils Barth (inactive)
2013/11/20 06:11:03
Per above, in followup.
|
| +{ |
| + v8::Handle<v8::Object> holder = info.This()->FindInstanceInPrototypeChain({{v8_class_name}}::GetTemplate(info.GetIsolate(), worldType(info.GetIsolate()))); |
| + if (holder.IsEmpty()) |
| + return; |
| + {{cpp_class_name}}* imp = {{v8_class_name}}::toNative(holder); |
| + ExceptionState exceptionState(info.Holder(), info.GetIsolate()); |
| + if (!BindingSecurity::shouldAllowAccessToFrame(imp->frame(), exceptionState)) { |
| + exceptionState.throwIfNeeded(); |
| + return; |
| + } |
| + |
| + info.This()->SetHiddenValue(name, jsValue); |
| +} |
| + |
| +{% endif %} |
| +{% endblock %} |
| + |
| + |
| +{##############################################################################} |
| {% block class_attributes %} |
| {# FIXME: rename to install_attributes and put into configure_class_template #} |
| {% if attributes %} |
| @@ -204,6 +226,17 @@ static v8::Handle<v8::FunctionTemplate> Configure{{v8_class_name}}Template(v8::H |
| {% if not method.overload_index or method.overload_index == 1 %} |
| {# For overloaded methods, only generate one accessor #} |
| {% filter conditional(method.conditional_string) %} |
| + {% if method.is_do_not_check_security %} |
| + {% if method.is_per_world_bindings %} |
| + if (currentWorldType == MainWorld) { |
| + {{install_do_not_check_security_signature(method, 'ForMainWorld')}} |
| + } else { |
| + {{install_do_not_check_security_signature(method)}} |
| + } |
| + {% else %} |
| + {{install_do_not_check_security_signature(method)}} |
| + {% endif %} |
| + {% else %}{# is_do_not_check_security #} |
| {% if method.is_per_world_bindings %} |
| if (currentWorldType == MainWorld) { |
| {% filter runtime_enabled(method.runtime_enabled_function_name) %} |
| @@ -219,6 +252,7 @@ static v8::Handle<v8::FunctionTemplate> Configure{{v8_class_name}}Template(v8::H |
| {{install_custom_signature(method)}} |
| {% endfilter %} |
| {% endif %} |
| + {% endif %}{# is_do_not_check_security #} |
| {% endfilter %} |
| {% endif %}{# install_custom_signature #} |
| {% endfor %} |
| @@ -240,6 +274,24 @@ static v8::Handle<v8::FunctionTemplate> Configure{{v8_class_name}}Template(v8::H |
| {######################################} |
| +{% macro install_do_not_check_security_signature(method, world_suffix) %} |
| +{# Methods that are [DoNotCheckSecurity] are always readable, but if they are |
| + changed and then accessed on a different domain, we do not return the |
| + underlying value, but instead return a new copy of the original function. |
|
haraken
2013/11/20 05:04:54
I got confused with the name "DoNotCheckSecurity",
Nils Barth (inactive)
2013/11/20 06:11:03
[DoNotCheckSecurity] is only used in Location.idl
haraken
2013/11/20 06:35:58
On the other hand, you're doing the security check
Nils Barth (inactive)
2013/11/20 07:10:49
Done in:
[DoNotCheckSecurity=Getter] => [DoNotChec
|
| + This is achieved by storing the changed value as a hidden property. #} |
| +{% set callback_name = '%sV8Internal::%sAttributeGetterCallback%s' % |
| + (cpp_class_name, method.name, world_suffix) %} |
| +{% set setter = |
| + '{0}V8Internal::{0}DomainSafeFunctionSetter'.format(cpp_class_name) |
|
haraken
2013/11/20 05:04:54
We want to have SetterCallback just like the Gette
Nils Barth (inactive)
2013/11/20 06:11:03
I'm happy to do this, but I don't see how it would
haraken
2013/11/20 06:35:58
I might want to fix the naming and SetterCallback
Nils Barth (inactive)
2013/11/20 07:10:49
Prep CLs will certainly make the history a bit cle
|
| + if not method.is_read_only else '0' %} |
| +{% set property_attribute = |
| + 'static_cast<v8::PropertyAttribute>(%s)' % |
| + ' | '.join(method.property_attributes or ['v8::DontDelete']) %} |
|
Nils Barth (inactive)
2013/11/20 03:39:30
This |or ['v8::DontDelete']| replaces a *really* u
|
| +{{method.function_template}}->SetAccessor(v8::String::NewSymbol("{{method.name}}"), {{callback_name}}, {{setter}}, v8Undefined(), v8::ALL_CAN_READ, {{property_attribute}}); |
|
haraken
2013/11/20 05:04:54
This should also be moved to V8DOMConfigratoin. A
Nils Barth (inactive)
2013/11/20 06:11:03
Added FIXME, will do in followup.
|
| +{%- endmacro %} |
| + |
| + |
| +{######################################} |
| {% macro install_custom_signature(method, world_suffix) %} |
| {# FIXME: move to V8DOMConfiguration::installDOMCallbacksWithCustomSignature #} |
| {% set callback_name = '%sV8Internal::%sMethodCallback%s' % |
