Exemple #1
0
bool shouldAllowAccessToDOMWindow(ExecState* exec, DOMWindow& target, String& message)
{
    if (BindingSecurity::shouldAllowAccessToDOMWindow(exec, target, DoNotReportSecurityError))
        return true;
    message = target.crossDomainAccessErrorMessage(activeDOMWindow(exec));
    return false;
}
static void reportUnsafeJavaScriptAccess(v8::Local<v8::Object> host, v8::AccessType type, v8::Local<v8::Value> data)
{
    Frame* target = findFrame(host, data);
    if (!target)
        return;
    DOMWindow* targetWindow = target->document()->domWindow();
    targetWindow->printErrorMessage(targetWindow->crossDomainAccessErrorMessage(activeDOMWindow(BindingState::instance())));
}
static void failedAccessCheckCallbackInMainThread(v8::Local<v8::Object> host, v8::AccessType type, v8::Local<v8::Value> data)
{
    Frame* target = findFrame(host, data, v8::Isolate::GetCurrent());
    if (!target)
        return;
    DOMWindow* targetWindow = target->domWindow();

    setDOMException(SecurityError, targetWindow->crossDomainAccessErrorMessage(activeDOMWindow()), v8::Isolate::GetCurrent());
}
Exemple #4
0
void Location::reload(DOMWindow* activeWindow)
{
    if (!m_frame)
        return;
    // FIXME: It's not clear this cross-origin security check is valuable.
    // We allow one page to change the location of another. Why block attempts to reload?
    // Other location operations simply block use of JavaScript URLs cross origin.
    DOMWindow* targetWindow = m_frame->document()->domWindow();
    if (!activeWindow->securityOrigin()->canAccess(targetWindow->securityOrigin())) {
        targetWindow->printErrorMessage(targetWindow->crossDomainAccessErrorMessage(activeWindow));
        return;
    }
    if (protocolIsJavaScript(m_frame->document()->url()))
        return;
    m_frame->navigationScheduler()->scheduleRefresh();
}
Exemple #5
0
static void failedAccessCheckCallbackInMainThread(v8::Local<v8::Object> host,
                                                  v8::AccessType type,
                                                  v8::Local<v8::Value> data) {
  v8::Isolate* isolate = v8::Isolate::GetCurrent();
  Frame* target = findFrame(isolate, host, data);
  if (!target)
    return;
  DOMWindow* targetWindow = target->domWindow();

  // FIXME: We should modify V8 to pass in more contextual information (context,
  // property, and object).
  ExceptionState exceptionState(ExceptionState::UnknownContext, 0, 0,
                                isolate->GetCurrentContext()->Global(),
                                isolate);
  exceptionState.throwSecurityError(
      targetWindow->sanitizedCrossDomainAccessErrorMessage(
          currentDOMWindow(isolate)),
      targetWindow->crossDomainAccessErrorMessage(currentDOMWindow(isolate)));
}
void V8WrapperInstantiationScope::convertException()
{
    v8::Isolate* isolate = m_context->GetIsolate();
    // TODO(jochen): Currently, Location is the only object for which we can reach this code path. Should be generalized.
    ExceptionState exceptionState(ExceptionState::ConstructionContext, "Location", isolate->GetCurrentContext()->Global(), isolate);
    LocalDOMWindow* callingWindow = callingDOMWindow(isolate);
    DOMWindow* targetWindow = toDOMWindow(m_context);
    exceptionState.throwSecurityError(targetWindow->sanitizedCrossDomainAccessErrorMessage(callingWindow), targetWindow->crossDomainAccessErrorMessage(callingWindow));
    exceptionState.throwIfNeeded();
}