Changeset 52080 in webkit


Ignore:
Timestamp:
Dec 13, 2009 9:01:01 PM (14 years ago)
Author:
abarth@webkit.org
Message:

2009-12-13 Charles Reis <creis@chromium.org>

Reviewed by Adam Barth.

Refactor some security code out of V8 bindings
https://bugs.webkit.org/show_bug.cgi?id=32326

No new tests. There should be no functionality changes in this patch,
since it is only refactoring code.

  • WebCore.gyp/WebCore.gyp:
  • WebCore.gypi:
  • bindings/BindingSecurity.h: Added. (WebCore::BindingSecurity::BindingSecurity): (WebCore::::canAccessWindow): (WebCore::::canAccessFrame): (WebCore::::checkNodeSecurity):
  • bindings/BindingSecurityBase.cpp: Added. (WebCore::BindingSecurityBase::getDOMWindow): (WebCore::BindingSecurityBase::getFrame): (WebCore::BindingSecurityBase::canAccessWindow):
  • bindings/BindingSecurityBase.h: Added.
  • bindings/GenericBinding.h: Added. (WebCore::):
  • bindings/scripts/CodeGeneratorV8.pm:
  • bindings/v8/ScriptController.cpp: (WebCore::ScriptController::isSafeScript):
  • bindings/v8/V8Binding.h:
  • bindings/v8/V8BindingState.cpp: Added. (WebCore::::Only): (WebCore::::getActiveWindow): (WebCore::::immediatelyReportUnsafeAccessTo):
  • bindings/v8/V8BindingState.h: Added. (WebCore::):
  • bindings/v8/V8Proxy.cpp: (WebCore::V8Proxy::reportUnsafeAccessTo): (WebCore::reportUnsafeJavaScriptAccess):
  • bindings/v8/V8Proxy.h: (WebCore::V8Proxy::):
  • bindings/v8/custom/V8CustomBinding.cpp: (WebCore::allowSettingFrameSrcToJavascriptUrl): (WebCore::INDEXED_ACCESS_CHECK): (WebCore::NAMED_ACCESS_CHECK):
  • bindings/v8/custom/V8DOMWindowCustom.cpp: (WebCore::V8Custom::WindowSetTimeoutImpl): (WebCore::ACCESSOR_GETTER): (WebCore::ACCESSOR_SETTER): (WebCore::CALLBACK_FUNC_DECL): (WebCore::V8Custom::ClearTimeoutImpl): (WebCore::NAMED_ACCESS_CHECK): (WebCore::INDEXED_ACCESS_CHECK):
  • bindings/v8/custom/V8LocationCustom.cpp: (WebCore::ACCESSOR_GETTER): (WebCore::CALLBACK_FUNC_DECL): (WebCore::INDEXED_ACCESS_CHECK): (WebCore::NAMED_ACCESS_CHECK):

2009-12-13 Charles Reis <creis@chromium.org>

Reviewed by Adam Barth.

Refactor some security code out of V8 bindings
https://bugs.webkit.org/show_bug.cgi?id=32326

  • src/WebBindings.cpp: (WebKit::getDragDataImpl):
Location:
trunk
Files:
6 added
13 edited

Legend:

Unmodified
Added
Removed
  • trunk/WebCore/ChangeLog

    r52079 r52080  
     12009-12-13  Charles Reis  <creis@chromium.org>
     2
     3        Reviewed by Adam Barth.
     4
     5        Refactor some security code out of V8 bindings
     6        https://bugs.webkit.org/show_bug.cgi?id=32326
     7
     8        No new tests. There should be no functionality changes in this patch,
     9        since it is only refactoring code.
     10
     11        * WebCore.gyp/WebCore.gyp:
     12        * WebCore.gypi:
     13        * bindings/BindingSecurity.h: Added.
     14        (WebCore::BindingSecurity::BindingSecurity):
     15        (WebCore::::canAccessWindow):
     16        (WebCore::::canAccessFrame):
     17        (WebCore::::checkNodeSecurity):
     18        * bindings/BindingSecurityBase.cpp: Added.
     19        (WebCore::BindingSecurityBase::getDOMWindow):
     20        (WebCore::BindingSecurityBase::getFrame):
     21        (WebCore::BindingSecurityBase::canAccessWindow):
     22        * bindings/BindingSecurityBase.h: Added.
     23        * bindings/GenericBinding.h: Added.
     24        (WebCore::):
     25        * bindings/scripts/CodeGeneratorV8.pm:
     26        * bindings/v8/ScriptController.cpp:
     27        (WebCore::ScriptController::isSafeScript):
     28        * bindings/v8/V8Binding.h:
     29        * bindings/v8/V8BindingState.cpp: Added.
     30        (WebCore::::Only):
     31        (WebCore::::getActiveWindow):
     32        (WebCore::::immediatelyReportUnsafeAccessTo):
     33        * bindings/v8/V8BindingState.h: Added.
     34        (WebCore::):
     35        * bindings/v8/V8Proxy.cpp:
     36        (WebCore::V8Proxy::reportUnsafeAccessTo):
     37        (WebCore::reportUnsafeJavaScriptAccess):
     38        * bindings/v8/V8Proxy.h:
     39        (WebCore::V8Proxy::):
     40        * bindings/v8/custom/V8CustomBinding.cpp:
     41        (WebCore::allowSettingFrameSrcToJavascriptUrl):
     42        (WebCore::INDEXED_ACCESS_CHECK):
     43        (WebCore::NAMED_ACCESS_CHECK):
     44        * bindings/v8/custom/V8DOMWindowCustom.cpp:
     45        (WebCore::V8Custom::WindowSetTimeoutImpl):
     46        (WebCore::ACCESSOR_GETTER):
     47        (WebCore::ACCESSOR_SETTER):
     48        (WebCore::CALLBACK_FUNC_DECL):
     49        (WebCore::V8Custom::ClearTimeoutImpl):
     50        (WebCore::NAMED_ACCESS_CHECK):
     51        (WebCore::INDEXED_ACCESS_CHECK):
     52        * bindings/v8/custom/V8LocationCustom.cpp:
     53        (WebCore::ACCESSOR_GETTER):
     54        (WebCore::CALLBACK_FUNC_DECL):
     55        (WebCore::INDEXED_ACCESS_CHECK):
     56        (WebCore::NAMED_ACCESS_CHECK):
     57
    1582009-11-30  Holger Hans Peter Freyther  <zecke@selfish.org>
    259
  • trunk/WebCore/WebCore.gyp/WebCore.gyp

    r51901 r52080  
    107107      '../accessibility',
    108108      '../accessibility/chromium',
     109      '../bindings',
    109110      '../bindings/v8',
    110111      '../bindings/v8/custom',
  • trunk/WebCore/WebCore.gypi

    r51993 r52080  
    435435            'accessibility/win/AccessibilityObjectWrapperWin.h',
    436436            'accessibility/wx/AccessibilityObjectWx.cpp',
     437            'bindings/BindingSecurity.h',
     438            'bindings/BindingSecurityBase.cpp',
     439            'bindings/BindingSecurityBase.h',
     440            'bindings/GenericBinding.h',
    437441            'bindings/js/CachedScriptSourceProvider.h',
    438442            'bindings/js/DOMObjectWithSVGContext.h',
     
    798802            'bindings/v8/V8Binding.cpp',
    799803            'bindings/v8/V8Binding.h',
     804            'bindings/v8/V8BindingState.cpp',
     805            'bindings/v8/V8BindingState.h',
    800806            'bindings/v8/V8Collection.cpp',
    801807            'bindings/v8/V8Collection.h',
  • trunk/WebCore/bindings/scripts/CodeGeneratorV8.pm

    r51901 r52080  
    402402
    403403    push(@implContentDecls, <<END);
    404     if (!V8Proxy::canAccessFrame(imp->frame(), false)) {
     404    if (!V8BindingSecurity::canAccessFrame(V8BindingState::Only(), imp->frame(), false)) {
    405405      static v8::Persistent<v8::FunctionTemplate> shared_template =
    406406        v8::Persistent<v8::FunctionTemplate>::New($newTemplateString);
     
    549549    # Generate security checks if necessary
    550550    if ($attribute->signature->extendedAttributes->{"CheckNodeSecurity"}) {
    551         push(@implContentDecls, "    if (!V8Proxy::checkNodeSecurity(imp->$attrName())) return v8::Handle<v8::Value>();\n\n");
     551        push(@implContentDecls, "    if (!V8BindingSecurity::checkNodeSecurity(V8BindingState::Only(), imp->$attrName())) return v8::Handle<v8::Value>();\n\n");
    552552    } elsif ($attribute->signature->extendedAttributes->{"CheckFrameSecurity"}) {
    553         push(@implContentDecls, "    if (!V8Proxy::checkNodeSecurity(imp->contentDocument())) return v8::Handle<v8::Value>();\n\n");
     553        push(@implContentDecls, "    if (!V8BindingSecurity::checkNodeSecurity(V8BindingState::Only(), imp->contentDocument())) return v8::Handle<v8::Value>();\n\n");
    554554    }
    555555
     
    899899    # We have not find real use cases yet.
    900900    push(@implContentDecls,
    901 "    if (!V8Proxy::canAccessFrame(imp->frame(), true)) {\n".
     901"    if (!V8BindingSecurity::canAccessFrame(V8BindingState::Only(), imp->frame(), true)) {\n".
    902902"      return v8::Handle<v8::Value>();\n" .
    903903"    }\n");
     
    931931    if ($function->signature->extendedAttributes->{"SVGCheckSecurityDocument"}) {
    932932        push(@implContentDecls,
    933 "    if (!V8Proxy::checkNodeSecurity(imp->getSVGDocument(ec)))\n" .
     933"    if (!V8BindingSecurity::checkNodeSecurity(V8BindingState::Only(), imp->getSVGDocument(ec)))\n" .
    934934"      return v8::Handle<v8::Value>();\n");
    935935    }
     
    11461146         "#include \"config.h\"\n" .
    11471147         "#include \"V8Proxy.h\"\n" .
    1148          "#include \"V8Binding.h\"\n\n" .
     1148         "#include \"V8Binding.h\"\n" .
     1149         "#include \"V8BindingState.h\"\n\n" .
    11491150         "#undef LOG\n\n");
    11501151
  • trunk/WebCore/bindings/v8/ScriptController.cpp

    r52043 r52080  
    5151#include "Settings.h"
    5252#include "V8Binding.h"
     53#include "V8BindingState.h"
    5354#include "V8NPObject.h"
    5455#include "V8Proxy.h"
     
    8586bool ScriptController::isSafeScript(Frame* target)
    8687{
    87     return V8Proxy::canAccessFrame(target, true);
     88    return V8BindingSecurity::canAccessFrame(V8BindingState::Only(), target, true);
    8889}
    8990
  • trunk/WebCore/bindings/v8/V8Binding.h

    r51125 r52080  
    3333
    3434#include "AtomicString.h"
     35#include "BindingSecurity.h"
    3536#include "MathExtras.h"
    3637#include "PlatformString.h"
     
    4445    class EventListener;
    4546    class EventTarget;
     47
     48    // Instantiate binding template classes for V8.
     49    class V8Binding {};
     50    typedef BindingSecurity<V8Binding> V8BindingSecurity;
    4651   
    4752    // A helper function extract native object pointer from a DOM wrapper
  • trunk/WebCore/bindings/v8/V8Proxy.cpp

    r51960 r52080  
    4444#include "StorageNamespace.h"
    4545#include "V8Binding.h"
     46#include "V8BindingState.h"
    4647#include "V8Collection.h"
    4748#include "V8ConsoleMessage.h"
     
    164165};
    165166
    166 static void reportUnsafeAccessTo(Frame* target, DelayReporting delay)
     167void V8Proxy::reportUnsafeAccessTo(Frame* target, DelayReporting delay)
    167168{
    168169    ASSERT(target);
     
    208209    Frame* target = V8Custom::GetTargetFrame(host, data);
    209210    if (target)
    210         reportUnsafeAccessTo(target, ReportLater);
     211        V8Proxy::reportUnsafeAccessTo(target, V8Proxy::ReportLater);
    211212}
    212213
     
    856857    v8::HandleScope scope;
    857858    setSecurityToken();
    858 }
    859 
    860 // Same origin policy implementation:
    861 //
    862 // Same origin policy prevents JS code from domain A access JS & DOM objects
    863 // in a different domain B. There are exceptions and several objects are
    864 // accessible by cross-domain code. For example, the window.frames object is
    865 // accessible by code from a different domain, but window.document is not.
    866 //
    867 // The binding code sets security check callbacks on a function template,
    868 // and accessing instances of the template calls the callback function.
    869 // The callback function checks same origin policy.
    870 //
    871 // Callback functions are expensive. V8 uses a security token string to do
    872 // fast access checks for the common case where source and target are in the
    873 // same domain. A security token is a string object that represents
    874 // the protocol/url/port of a domain.
    875 //
    876 // There are special cases where a security token matching is not enough.
    877 // For example, JavaScript can set its domain to a super domain by calling
    878 // document.setDomain(...). In these cases, the binding code can reset
    879 // a context's security token to its global object so that the fast access
    880 // check will always fail.
    881 
    882 // Check if the current execution context can access a target frame.
    883 // First it checks same domain policy using the lexical context
    884 //
    885 // This is equivalent to KJS::Window::allowsAccessFrom(ExecState*, String&).
    886 bool V8Proxy::canAccessPrivate(DOMWindow* targetWindow)
    887 {
    888     ASSERT(targetWindow);
    889 
    890     String message;
    891 
    892     v8::Local<v8::Context> activeContext = v8::Context::GetCalling();
    893     if (activeContext.IsEmpty()) {
    894         // There is a single activation record on the stack, so that must
    895         // be the activeContext.
    896         activeContext = v8::Context::GetCurrent();
    897     }
    898     DOMWindow* activeWindow = retrieveWindow(activeContext);
    899     if (activeWindow == targetWindow)
    900         return true;
    901 
    902     if (!activeWindow)
    903         return false;
    904 
    905     const SecurityOrigin* activeSecurityOrigin = activeWindow->securityOrigin();
    906     const SecurityOrigin* targetSecurityOrigin = targetWindow->securityOrigin();
    907 
    908     // We have seen crashes were the security origin of the target has not been
    909     // initialized. Defend against that.
    910     if (!targetSecurityOrigin)
    911         return false;
    912 
    913     if (activeSecurityOrigin->canAccess(targetSecurityOrigin))
    914         return true;
    915 
    916     // Allow access to a "about:blank" page if the dynamic context is a
    917     // detached context of the same frame as the blank page.
    918     if (targetSecurityOrigin->isEmpty() && activeWindow->frame() == targetWindow->frame())
    919         return true;
    920 
    921     return false;
    922 }
    923 
    924 bool V8Proxy::canAccessFrame(Frame* target, bool reportError)
    925 {
    926     // The subject is detached from a frame, deny accesses.
    927     if (!target)
    928         return false;
    929 
    930     if (!canAccessPrivate(target->domWindow())) {
    931         if (reportError)
    932             reportUnsafeAccessTo(target, ReportNow);
    933         return false;
    934     }
    935     return true;
    936 }
    937 
    938 bool V8Proxy::checkNodeSecurity(Node* node)
    939 {
    940     if (!node)
    941         return false;
    942 
    943     Frame* target = node->document()->frame();
    944 
    945     if (!target)
    946         return false;
    947 
    948     return canAccessFrame(target, true);
    949859}
    950860
  • trunk/WebCore/bindings/v8/V8Proxy.h

    r51960 r52080  
    140140        };
    141141
     142        // When to report errors.
     143        enum DelayReporting {
     144            ReportLater,
     145            ReportNow
     146        };
     147
    142148        explicit V8Proxy(Frame*);
    143149
     
    302308        static bool handleOutOfMemory();
    303309
    304         // Check if the active execution context can access the target frame.
    305         static bool canAccessFrame(Frame*, bool reportError);
    306 
    307         // Check if it is safe to access the given node from the
    308         // current security context.
    309         static bool checkNodeSecurity(Node*);
    310 
    311310        static v8::Handle<v8::Value> checkNewLegal(const v8::Arguments&);
    312311
     
    366365        void initContextIfNeeded();
    367366        void updateDocumentWrapper(v8::Handle<v8::Value> wrapper);
     367       
     368        // Report an unsafe attempt to access the given frame on the console.
     369        static void reportUnsafeAccessTo(Frame* target, DelayReporting delay);
    368370
    369371    private:
     
    389391        // Returns false when we're out of memory in V8.
    390392        bool setInjectedScriptContextDebugId(v8::Handle<v8::Context> targetContext);
    391 
    392         static bool canAccessPrivate(DOMWindow*);
    393393
    394394        static const char* rangeExceptionName(int exceptionCode);
  • trunk/WebCore/bindings/v8/custom/V8CustomBinding.cpp

    r45947 r52080  
    4040#include "HTMLFrameElementBase.h"
    4141#include "Location.h"
     42#include "V8Binding.h"
     43#include "V8BindingState.h"
    4244#include "V8Proxy.h"
    4345
     
    5254    if (protocolIs(deprecatedParseURL(value), "javascript")) {
    5355        Node* contentDoc = frame->contentDocument();
    54         if (contentDoc && !V8Proxy::checkNodeSecurity(contentDoc))
     56        if (contentDoc && !V8BindingSecurity::checkNodeSecurity(V8BindingState::Only(), contentDoc))
    5557            return false;
    5658    }
     
    98100    // Only allow same origin access.
    99101    History* history = V8DOMWrapper::convertToNativeObject<History>(V8ClassIndex::HISTORY, host);
    100     return V8Proxy::canAccessFrame(history->frame(), false);
     102    return V8BindingSecurity::canAccessFrame(V8BindingState::Only(), history->frame(), false);
    101103}
    102104
     
    106108    // Only allow same origin access.
    107109    History* history = V8DOMWrapper::convertToNativeObject<History>(V8ClassIndex::HISTORY, host);
    108     return V8Proxy::canAccessFrame(history->frame(), false);
     110    return V8BindingSecurity::canAccessFrame(V8BindingState::Only(), history->frame(), false);
    109111}
    110112
  • trunk/WebCore/bindings/v8/custom/V8DOMWindowCustom.cpp

    r51580 r52080  
    3333
    3434#include "V8Binding.h"
     35#include "V8BindingState.h"
    3536#include "V8CustomBinding.h"
    3637#include "V8CustomEventListener.h"
     
    102103    DOMWindow* imp = V8DOMWrapper::convertToNativeObject<DOMWindow>(V8ClassIndex::DOMWINDOW, args.Holder());
    103104
    104     if (!V8Proxy::canAccessFrame(imp->frame(), true))
     105    if (!V8BindingSecurity::canAccessFrame(V8BindingState::Only(), imp->frame(), true))
    105106        return v8::Undefined();
    106107
     
    172173
    173174    Frame* frame = V8DOMWrapper::convertToNativeObject<DOMWindow>(V8ClassIndex::DOMWINDOW, holder)->frame();
    174     if (!V8Proxy::canAccessFrame(frame, true))
     175    if (!V8BindingSecurity::canAccessFrame(V8BindingState::Only(), frame, true))
    175176        return v8::Undefined();
    176177
     
    193194
    194195    Frame* frame = V8DOMWrapper::convertToNativeObject<DOMWindow>(V8ClassIndex::DOMWINDOW, holder)->frame();
    195     if (!V8Proxy::canAccessFrame(frame, true))
     196    if (!V8BindingSecurity::canAccessFrame(V8BindingState::Only(), frame, true))
    196197        return;
    197198
     
    221222    DOMWindow* imp = V8DOMWrapper::convertToNativeObject<DOMWindow>(V8ClassIndex::DOMWINDOW, info.Holder());
    222223
    223     if (!V8Proxy::canAccessFrame(imp->frame(), true))
     224    if (!V8BindingSecurity::canAccessFrame(V8BindingState::Only(), imp->frame(), true))
    224225        return;
    225226 
     
    344345    DOMWindow* imp = V8DOMWrapper::convertToNativeObject<DOMWindow>(V8ClassIndex::DOMWINDOW, args.Holder());
    345346
    346     if (!V8Proxy::canAccessFrame(imp->frame(), true))
     347    if (!V8BindingSecurity::canAccessFrame(V8BindingState::Only(), imp->frame(), true))
    347348        return v8::Undefined();
    348349
     
    377378    DOMWindow* imp = V8DOMWrapper::convertToNativeObject<DOMWindow>(V8ClassIndex::DOMWINDOW, args.Holder());
    378379
    379     if (!V8Proxy::canAccessFrame(imp->frame(), true))
     380    if (!V8BindingSecurity::canAccessFrame(V8BindingState::Only(), imp->frame(), true))
    380381        return v8::Undefined();
    381382
     
    442443    DOMWindow* imp = V8DOMWrapper::convertToNativeObject<DOMWindow>(V8ClassIndex::DOMWINDOW, args.Holder());
    443444
    444     if (!V8Proxy::canAccessFrame(imp->frame(), true))
     445    if (!V8BindingSecurity::canAccessFrame(V8BindingState::Only(), imp->frame(), true))
    445446        return v8::Undefined();
    446447
     
    461462    DOMWindow* imp = V8DOMWrapper::convertToNativeObject<DOMWindow>(V8ClassIndex::DOMWINDOW, args.Holder());
    462463
    463     if (!V8Proxy::canAccessFrame(imp->frame(), true))
     464    if (!V8BindingSecurity::canAccessFrame(V8BindingState::Only(), imp->frame(), true))
    464465        return v8::Undefined();
    465466
     
    622623    Frame* frame = window->frame();
    623624
    624     if (!V8Proxy::canAccessFrame(frame, true))
     625    if (!V8BindingSecurity::canAccessFrame(V8BindingState::Only(), frame, true))
    625626        return v8::Undefined();
    626627
     
    710711    Frame* frame = parent->frame();
    711712
    712     if (!V8Proxy::canAccessFrame(frame, true))
     713    if (!V8BindingSecurity::canAccessFrame(V8BindingState::Only(), frame, true))
    713714        return v8::Undefined();
    714715
     
    926927    v8::Handle<v8::Object> holder = args.Holder();
    927928    DOMWindow* imp = V8DOMWrapper::convertToNativeObject<DOMWindow>(V8ClassIndex::DOMWINDOW, holder);
    928     if (!V8Proxy::canAccessFrame(imp->frame(), true))
     929    if (!V8BindingSecurity::canAccessFrame(V8BindingState::Only(), imp->frame(), true))
    929930        return;
    930931    ScriptExecutionContext* context = static_cast<ScriptExecutionContext*>(imp->document());
     
    972973    }
    973974
    974     return V8Proxy::canAccessFrame(target, false);
     975    return V8BindingSecurity::canAccessFrame(V8BindingState::Only(), target, false);
    975976}
    976977
     
    994995        return true;
    995996
    996     return V8Proxy::canAccessFrame(target, false);
     997    return V8BindingSecurity::canAccessFrame(V8BindingState::Only(), target, false);
    997998}
    998999
  • trunk/WebCore/bindings/v8/custom/V8LocationCustom.cpp

    r48994 r52080  
    3333
    3434#include "V8Binding.h"
     35#include "V8BindingState.h"
    3536#include "V8CustomBinding.h"
    3637#include "V8CustomEventListener.h"
     
    218219    }
    219220    Location* imp = V8DOMWrapper::convertToNativeObject<Location>(V8ClassIndex::LOCATION, holder);
    220     if (!V8Proxy::canAccessFrame(imp->frame(), false)) {
     221    if (!V8BindingSecurity::canAccessFrame(V8BindingState::Only(), imp->frame(), false)) {
    221222        static v8::Persistent<v8::FunctionTemplate> sharedTemplate = v8::Persistent<v8::FunctionTemplate>::New(v8::FunctionTemplate::New(v8LocationReloadCallback, v8::Handle<v8::Value>(), v8::Signature::New(V8Location::GetRawTemplate())));
    222223        return sharedTemplate->GetFunction();
    223     } else
    224         return privateTemplate->GetFunction();
     224    }
     225    return privateTemplate->GetFunction();
    225226}
    226227
     
    236237    }
    237238    Location* imp = V8DOMWrapper::convertToNativeObject<Location>(V8ClassIndex::LOCATION, holder);
    238     if (!V8Proxy::canAccessFrame(imp->frame(), false)) {
     239    if (!V8BindingSecurity::canAccessFrame(V8BindingState::Only(), imp->frame(), false)) {
    239240        static v8::Persistent<v8::FunctionTemplate> sharedTemplate = v8::Persistent<v8::FunctionTemplate>::New(v8::FunctionTemplate::New(v8LocationReplaceCallback, v8::Handle<v8::Value>(), v8::Signature::New(V8Location::GetRawTemplate())));
    240241        return sharedTemplate->GetFunction();
    241     } else
    242         return privateTemplate->GetFunction();
     242    }
     243    return privateTemplate->GetFunction();
    243244}
    244245
     
    255256    }
    256257    Location* imp = V8DOMWrapper::convertToNativeObject<Location>(V8ClassIndex::LOCATION, holder);
    257     if (!V8Proxy::canAccessFrame(imp->frame(), false)) {
     258    if (!V8BindingSecurity::canAccessFrame(V8BindingState::Only(), imp->frame(), false)) {
    258259        static v8::Persistent<v8::FunctionTemplate> sharedTemplate = v8::Persistent<v8::FunctionTemplate>::New(v8::FunctionTemplate::New(v8LocationAssignCallback, v8::Handle<v8::Value>(), v8::Signature::New(V8Location::GetRawTemplate())));
    259260        return sharedTemplate->GetFunction();
    260     } else
    261         return privateTemplate->GetFunction();
     261    }
     262    return privateTemplate->GetFunction();
    262263}
    263264
     
    336337    v8::Handle<v8::Object> holder = args.Holder();
    337338    Location* imp = V8DOMWrapper::convertToNativeObject<Location>(V8ClassIndex::LOCATION, holder);
    338     if (!V8Proxy::canAccessFrame(imp->frame(), true))
     339    if (!V8BindingSecurity::canAccessFrame(V8BindingState::Only(), imp->frame(), true))
    339340        return v8::Undefined();
    340341    String result = imp->href();
     
    347348    // Only allow same origin access
    348349    Location* imp =  V8DOMWrapper::convertToNativeObject<Location>(V8ClassIndex::LOCATION, host);
    349     return V8Proxy::canAccessFrame(imp->frame(), false);
     350    return V8BindingSecurity::canAccessFrame(V8BindingState::Only(), imp->frame(), false);
    350351}
    351352
     
    355356    // Only allow same origin access
    356357    Location* imp = V8DOMWrapper::convertToNativeObject<Location>(V8ClassIndex::LOCATION, host);
    357     return V8Proxy::canAccessFrame(imp->frame(), false);
     358    return V8BindingSecurity::canAccessFrame(V8BindingState::Only(), imp->frame(), false);
    358359}
    359360
  • trunk/WebKit/chromium/ChangeLog

    r52027 r52080  
     12009-12-13  Charles Reis  <creis@chromium.org>
     2
     3        Reviewed by Adam Barth.
     4
     5        Refactor some security code out of V8 bindings
     6        https://bugs.webkit.org/show_bug.cgi?id=32326
     7
     8        * src/WebBindings.cpp:
     9        (WebKit::getDragDataImpl):
     10
    1112009-12-11  Nate Chapin  <japhet@chromium.org>
    212
  • trunk/WebKit/chromium/src/WebBindings.cpp

    r50849 r52080  
    4545#include "NPV8Object.h"  // for PrivateIdentifier
    4646#include "Range.h"
     47#include "V8BindingState.h"
    4748#include "V8DOMWrapper.h"
    4849#include "V8Helpers.h"
     
    237238    V8Proxy* current = V8Proxy::retrieve(V8Proxy::retrieveFrameForCurrentContext());
    238239    Frame* frame = V8Proxy::retrieveFrame(context);
    239     if (!current || !current->canAccessFrame(frame, false))
     240    if (!current || !V8BindingSecurity::canAccessFrame(V8BindingState::Only(), frame, false))
    240241        return false;
    241242
Note: See TracChangeset for help on using the changeset viewer.