bool V8Window::indexedSecurityCheckCustom(v8::Local<v8::Object> host, uint32_t index, v8::AccessType type, v8::Local<v8::Value>)
{
v8::Isolate* isolate = v8::Isolate::GetCurrent();
v8::Handle<v8::Object> window = host->FindInstanceInPrototypeChain(V8Window::GetTemplate(isolate, worldTypeInMainThread(isolate)));
if (window.IsEmpty())
return false;
DOMWindow* targetWindow = V8Window::toNative(window);
ASSERT(targetWindow);
Frame* target = targetWindow->frame();
if (!target)
return false;
// Notify the loader's client if the initial document has been accessed.
if (target->loader()->stateMachine()->isDisplayingInitialEmptyDocument())
target->loader()->didAccessInitialDocument();
Frame* childFrame = target->tree()->scopedChild(index);
// Notice that we can't call HasRealNamedProperty for ACCESS_HAS
// because that would generate infinite recursion.
if (type == v8::ACCESS_HAS && childFrame)
return true;
if (type == v8::ACCESS_GET
&& childFrame
&& !host->HasRealIndexedProperty(index)
&& !window->HasRealIndexedProperty(index))
return true;
return BindingSecurity::shouldAllowAccessToFrame(target, DoNotReportSecurityError);
}
bool V8Window::namedSecurityCheckCustom(v8::Local<v8::Object> host, v8::Local<v8::Value> key, v8::AccessType type, v8::Local<v8::Value>)
{
v8::Isolate* isolate = v8::Isolate::GetCurrent();
v8::Handle<v8::Object> window = host->FindInstanceInPrototypeChain(V8Window::GetTemplate(isolate, worldTypeInMainThread(isolate)));
if (window.IsEmpty())
return false; // the frame is gone.
DOMWindow* targetWindow = V8Window::toNative(window);
ASSERT(targetWindow);
Frame* target = targetWindow->frame();
if (!target)
return false;
// Notify the loader's client if the initial document has been accessed.
if (target->loader()->stateMachine()->isDisplayingInitialEmptyDocument())
target->loader()->didAccessInitialDocument();
if (key->IsString()) {
DEFINE_STATIC_LOCAL(AtomicString, nameOfProtoProperty, ("__proto__", AtomicString::ConstructFromLiteral));
String name = toWebCoreString(key);
Frame* childFrame = target->tree()->scopedChild(name);
// Notice that we can't call HasRealNamedProperty for ACCESS_HAS
// because that would generate infinite recursion.
if (type == v8::ACCESS_HAS && childFrame)
return true;
// We need to explicitly compare against nameOfProtoProperty because
// V8's JSObject::LocalLookup finds __proto__ before
// interceptors and even when __proto__ isn't a "real named property".
v8::Handle<v8::String> keyString = key->ToString();
if (type == v8::ACCESS_GET
&& childFrame
&& !host->HasRealNamedProperty(keyString)
&& !window->HasRealNamedProperty(keyString)
&& name != nameOfProtoProperty)
return true;
}
return BindingSecurity::shouldAllowAccessToFrame(target, DoNotReportSecurityError);
}