Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(36)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: Source/bindings/v8/custom/V8WindowCustom.cpp

Issue 18558007: Make indexedSecurityCheckCustom more robust (Closed) Base URL: svn://svn.chromium.org/blink/trunk
Patch Set: Created 7 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « no previous file | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * Copyright (C) 2009, 2011 Google Inc. All rights reserved. 2 * Copyright (C) 2009, 2011 Google Inc. All rights reserved.
3 * 3 *
4 * Redistribution and use in source and binary forms, with or without 4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions are 5 * modification, are permitted provided that the following conditions are
6 * met: 6 * met:
7 * 7 *
8 * * Redistributions of source code must retain the above copyright 8 * * Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer. 9 * notice, this list of conditions and the following disclaimer.
10 * * Redistributions in binary form must reproduce the above 10 * * Redistributions in binary form must reproduce the above
(...skipping 521 matching lines...) Expand 10 before | Expand all | Expand 10 after
532 if (window.IsEmpty()) 532 if (window.IsEmpty())
533 return false; 533 return false;
534 534
535 DOMWindow* targetWindow = V8Window::toNative(window); 535 DOMWindow* targetWindow = V8Window::toNative(window);
536 536
537 ASSERT(targetWindow); 537 ASSERT(targetWindow);
538 538
539 Frame* target = targetWindow->frame(); 539 Frame* target = targetWindow->frame();
540 if (!target) 540 if (!target)
541 return false; 541 return false;
542 Frame* childFrame = target->tree()->scopedChild(index);
543 542
544 // Notify the loader's client if the initial document has been accessed. 543 // Notify the loader's client if the initial document has been accessed.
545 if (target->loader()->stateMachine()->isDisplayingInitialEmptyDocument()) 544 if (target->loader()->stateMachine()->isDisplayingInitialEmptyDocument())
546 target->loader()->didAccessInitialDocument(); 545 target->loader()->didAccessInitialDocument();
547 546
547 Frame* childFrame = target->tree()->scopedChild(index);
548
548 // Notice that we can't call HasRealNamedProperty for ACCESS_HAS 549 // Notice that we can't call HasRealNamedProperty for ACCESS_HAS
549 // because that would generate infinite recursion. 550 // because that would generate infinite recursion.
550 if (type == v8::ACCESS_HAS && childFrame) 551 if (type == v8::ACCESS_HAS && childFrame)
551 return true; 552 return true;
552 if (type == v8::ACCESS_GET && childFrame && !host->HasRealIndexedProperty(in dex)) 553 if (type == v8::ACCESS_GET
554 && childFrame
555 && !host->HasRealIndexedProperty(index)
556 && !window->HasRealIndexedProperty(index))
553 return true; 557 return true;
554 558
555 return BindingSecurity::shouldAllowAccessToFrame(target, DoNotReportSecurity Error); 559 return BindingSecurity::shouldAllowAccessToFrame(target, DoNotReportSecurity Error);
556 } 560 }
557 561
558 v8::Handle<v8::Value> toV8(DOMWindow* window, v8::Handle<v8::Object> creationCon text, v8::Isolate* isolate) 562 v8::Handle<v8::Value> toV8(DOMWindow* window, v8::Handle<v8::Object> creationCon text, v8::Isolate* isolate)
559 { 563 {
560 // Notice that we explicitly ignore creationContext because the DOMWindow is its own creationContext. 564 // Notice that we explicitly ignore creationContext because the DOMWindow is its own creationContext.
561 565
562 if (!window) 566 if (!window)
(...skipping 26 matching lines...) Expand all
589 ASSERT(!global.IsEmpty()); 593 ASSERT(!global.IsEmpty());
590 return global; 594 return global;
591 } 595 }
592 596
593 v8::Handle<v8::Value> toV8ForMainWorld(DOMWindow* window, v8::Handle<v8::Object> creationContext, v8::Isolate* isolate) 597 v8::Handle<v8::Value> toV8ForMainWorld(DOMWindow* window, v8::Handle<v8::Object> creationContext, v8::Isolate* isolate)
594 { 598 {
595 return toV8(window, creationContext, isolate); 599 return toV8(window, creationContext, isolate);
596 } 600 }
597 601
598 } // namespace WebCore 602 } // namespace WebCore
OLDNEW
« no previous file with comments | « no previous file | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698