static void reportUnsafeJavaScriptAccess(v8::Local<v8::Object> host, v8::AccessType type, v8::Local<v8::Value> data)
{
Frame* target = findFrame(host, data);
if (!target)
return;
DOMWindow* targetWindow = target->document()->domWindow();
targetWindow->printErrorMessage(targetWindow->crossDomainAccessErrorMessage(activeDOMWindow(BindingState::instance())));
}
void Location::reload(DOMWindow* activeWindow)
{
if (!m_frame)
return;
// FIXME: It's not clear this cross-origin security check is valuable.
// We allow one page to change the location of another. Why block attempts to reload?
// Other location operations simply block use of JavaScript URLs cross origin.
DOMWindow* targetWindow = m_frame->document()->domWindow();
if (!activeWindow->securityOrigin()->canAccess(targetWindow->securityOrigin())) {
targetWindow->printErrorMessage(targetWindow->crossDomainAccessErrorMessage(activeWindow));
return;
}
if (protocolIsJavaScript(m_frame->document()->url()))
return;
m_frame->navigationScheduler()->scheduleRefresh();
}