OLD | NEW |
1 /* | 1 /* |
2 * Copyright (C) 2009 Google Inc. All rights reserved. | 2 * Copyright (C) 2009 Google Inc. All rights reserved. |
3 * | 3 * |
4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
5 * modification, are permitted provided that the following conditions are | 5 * modification, are permitted provided that the following conditions are |
6 * met: | 6 * met: |
7 * | 7 * |
8 * * Redistributions of source code must retain the above copyright | 8 * * Redistributions of source code must retain the above copyright |
9 * notice, this list of conditions and the following disclaimer. | 9 * notice, this list of conditions and the following disclaimer. |
10 * * Redistributions in binary form must reproduce the above | 10 * * Redistributions in binary form must reproduce the above |
(...skipping 14 matching lines...) Expand all Loading... |
25 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY | 25 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY |
26 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | 26 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT |
27 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE | 27 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE |
28 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 28 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
29 */ | 29 */ |
30 | 30 |
31 #ifndef BindingSecurity_h | 31 #ifndef BindingSecurity_h |
32 #define BindingSecurity_h | 32 #define BindingSecurity_h |
33 | 33 |
34 #include "BindingSecurityBase.h" | 34 #include "BindingSecurityBase.h" |
| 35 #include "DOMWindow.h" |
| 36 #include "Document.h" |
35 #include "Element.h" | 37 #include "Element.h" |
36 #include "Frame.h" | 38 #include "Frame.h" |
37 #include "GenericBinding.h" | 39 #include "GenericBinding.h" |
38 #include "HTMLFrameElementBase.h" | 40 #include "HTMLFrameElementBase.h" |
39 #include "HTMLNames.h" | 41 #include "HTMLNames.h" |
40 #include "HTMLParserIdioms.h" | 42 #include "HTMLParserIdioms.h" |
41 #include "ScriptController.h" | 43 #include "ScriptController.h" |
42 #include "Settings.h" | 44 #include "Settings.h" |
43 | 45 |
44 namespace WebCore { | 46 namespace WebCore { |
45 | 47 |
46 class DOMWindow; | 48 class DOMWindow; |
47 class Node; | 49 class Node; |
48 | 50 |
49 // Security functions shared by various language bindings. | 51 // Security functions shared by various language bindings. |
50 template <class Binding> | 52 template <class Binding> |
51 class BindingSecurity : public BindingSecurityBase { | 53 class BindingSecurity : public BindingSecurityBase { |
52 public: | 54 public: |
53 // Check if the active execution context can access the target frame. | 55 // Check if the active execution context can access the target frame. |
54 static bool canAccessFrame(State<Binding>*, Frame*, bool reportError); | 56 static bool canAccessFrame(State<Binding>*, Frame*, bool reportError); |
55 | 57 |
56 // Check if it is safe to access the given node from the | 58 // Check if it is safe to access the given node from the |
57 // current security context. | 59 // current security context. |
58 static bool allowAccessToNode(State<Binding>*, Node* target); | 60 static bool allowAccessToNode(State<Binding>*, Node* target); |
59 | 61 |
60 static bool allowPopUp(State<Binding>*); | 62 static bool allowPopUp(State<Binding>*); |
61 static bool allowSettingFrameSrcToJavascriptUrl(State<Binding>*, HTMLFrameEl
ementBase*, const String& value); | 63 static bool allowSettingFrameSrcToJavascriptUrl(State<Binding>*, HTMLFrameEl
ementBase*, const String& value); |
62 static bool allowSettingSrcToJavascriptURL(State<Binding>*, Element*, const
String& name, const String& value); | 64 static bool allowSettingSrcToJavascriptURL(State<Binding>*, Element*, const
String& name, const String& value); |
63 | 65 |
64 static bool shouldAllowNavigation(State<Binding>*, Frame*); | |
65 | |
66 private: | 66 private: |
67 explicit BindingSecurity() {} | 67 explicit BindingSecurity() {} |
68 ~BindingSecurity(); | 68 ~BindingSecurity(); |
69 | 69 |
70 // Check if the current DOMWindow's security context can access the target | 70 // Check if the current DOMWindow's security context can access the target |
71 // DOMWindow. This function does not report errors, so most callers should | 71 // DOMWindow. This function does not report errors, so most callers should |
72 // use canAccessFrame instead. | 72 // use canAccessFrame instead. |
73 static bool canAccessWindow(State<Binding>*, DOMWindow* target); | 73 static bool canAccessWindow(State<Binding>*, DOMWindow* target); |
74 }; | 74 }; |
75 | 75 |
(...skipping 62 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
138 } | 138 } |
139 | 139 |
140 template <class Binding> | 140 template <class Binding> |
141 bool BindingSecurity<Binding>::allowSettingSrcToJavascriptURL(State<Binding>* st
ate, Element* element, const String& name, const String& value) | 141 bool BindingSecurity<Binding>::allowSettingSrcToJavascriptURL(State<Binding>* st
ate, Element* element, const String& name, const String& value) |
142 { | 142 { |
143 if ((element->hasTagName(HTMLNames::iframeTag) || element->hasTagName(HTMLNa
mes::frameTag)) && equalIgnoringCase(name, "src")) | 143 if ((element->hasTagName(HTMLNames::iframeTag) || element->hasTagName(HTMLNa
mes::frameTag)) && equalIgnoringCase(name, "src")) |
144 return allowSettingFrameSrcToJavascriptUrl(state, static_cast<HTMLFrameE
lementBase*>(element), value); | 144 return allowSettingFrameSrcToJavascriptUrl(state, static_cast<HTMLFrameE
lementBase*>(element), value); |
145 return true; | 145 return true; |
146 } | 146 } |
147 | 147 |
148 template <class Binding> | |
149 bool BindingSecurity<Binding>::shouldAllowNavigation(State<Binding>* state, Fram
e* frame) | |
150 { | |
151 Frame* activeFrame = state->activeFrame(); | |
152 return activeFrame && activeFrame->loader()->shouldAllowNavigation(frame); | |
153 } | |
154 | |
155 } | 148 } |
156 | 149 |
157 #endif // BindingSecurity_h | 150 #endif // BindingSecurity_h |
OLD | NEW |