bool shouldAllowAccessToDOMWindow(ExecState* exec, DOMWindow& target, String& message)
{
if (BindingSecurity::shouldAllowAccessToDOMWindow(exec, target, DoNotReportSecurityError))
return true;
message = target.crossDomainAccessErrorMessage(activeDOMWindow(exec));
return false;
}
static void reportUnsafeJavaScriptAccess(v8::Local<v8::Object> host, v8::AccessType type, v8::Local<v8::Value> data)
{
Frame* target = findFrame(host, data);
if (!target)
return;
DOMWindow* targetWindow = target->document()->domWindow();
targetWindow->printErrorMessage(targetWindow->crossDomainAccessErrorMessage(activeDOMWindow(BindingState::instance())));
}
static void failedAccessCheckCallbackInMainThread(v8::Local<v8::Object> host, v8::AccessType type, v8::Local<v8::Value> data)
{
Frame* target = findFrame(host, data, v8::Isolate::GetCurrent());
if (!target)
return;
DOMWindow* targetWindow = target->domWindow();
setDOMException(SecurityError, targetWindow->crossDomainAccessErrorMessage(activeDOMWindow()), v8::Isolate::GetCurrent());
}
void Location::reload(DOMWindow* activeWindow)
{
if (!m_frame)
return;
// FIXME: It's not clear this cross-origin security check is valuable.
// We allow one page to change the location of another. Why block attempts to reload?
// Other location operations simply block use of JavaScript URLs cross origin.
DOMWindow* targetWindow = m_frame->document()->domWindow();
if (!activeWindow->securityOrigin()->canAccess(targetWindow->securityOrigin())) {
targetWindow->printErrorMessage(targetWindow->crossDomainAccessErrorMessage(activeWindow));
return;
}
if (protocolIsJavaScript(m_frame->document()->url()))
return;
m_frame->navigationScheduler()->scheduleRefresh();
}
static void failedAccessCheckCallbackInMainThread(v8::Local<v8::Object> host,
v8::AccessType type,
v8::Local<v8::Value> data) {
v8::Isolate* isolate = v8::Isolate::GetCurrent();
Frame* target = findFrame(isolate, host, data);
if (!target)
return;
DOMWindow* targetWindow = target->domWindow();
// FIXME: We should modify V8 to pass in more contextual information (context,
// property, and object).
ExceptionState exceptionState(ExceptionState::UnknownContext, 0, 0,
isolate->GetCurrentContext()->Global(),
isolate);
exceptionState.throwSecurityError(
targetWindow->sanitizedCrossDomainAccessErrorMessage(
currentDOMWindow(isolate)),
targetWindow->crossDomainAccessErrorMessage(currentDOMWindow(isolate)));
}
void V8WrapperInstantiationScope::convertException()
{
v8::Isolate* isolate = m_context->GetIsolate();
// TODO(jochen): Currently, Location is the only object for which we can reach this code path. Should be generalized.
ExceptionState exceptionState(ExceptionState::ConstructionContext, "Location", isolate->GetCurrentContext()->Global(), isolate);
LocalDOMWindow* callingWindow = callingDOMWindow(isolate);
DOMWindow* targetWindow = toDOMWindow(m_context);
exceptionState.throwSecurityError(targetWindow->sanitizedCrossDomainAccessErrorMessage(callingWindow), targetWindow->crossDomainAccessErrorMessage(callingWindow));
exceptionState.throwIfNeeded();
}