static bool canAccessAncestor(const SecurityOrigin& activeSecurityOrigin,
const Frame* targetFrame) {
// targetFrame can be 0 when we're trying to navigate a top-level frame
// that has a 0 opener.
if (!targetFrame)
return false;
const bool isLocalActiveOrigin = activeSecurityOrigin.isLocal();
for (const Frame* ancestorFrame = targetFrame; ancestorFrame;
ancestorFrame = ancestorFrame->tree().parent()) {
const SecurityOrigin* ancestorSecurityOrigin =
ancestorFrame->securityContext()->getSecurityOrigin();
if (activeSecurityOrigin.canAccess(ancestorSecurityOrigin))
return true;
// Allow file URL descendant navigation even when
// allowFileAccessFromFileURLs is false.
// FIXME: It's a bit strange to special-case local origins here. Should we
// be doing something more general instead?
if (isLocalActiveOrigin && ancestorSecurityOrigin->isLocal())
return true;
}
return false;
}
