Storage* DOMWindowStorage::sessionStorage(ExceptionState& exceptionState) const { if (!m_window->isCurrentlyDisplayedInFrame()) return nullptr; Document* document = m_window->document(); if (!document) return nullptr; String accessDeniedMessage = "Access is denied for this document."; if (!document->securityOrigin()->canAccessLocalStorage()) { if (document->isSandboxed(SandboxOrigin)) exceptionState.throwSecurityError("The document is sandboxed and lacks the 'allow-same-origin' flag."); else if (document->url().protocolIs("data")) exceptionState.throwSecurityError("Storage is disabled inside 'data:' URLs."); else exceptionState.throwSecurityError(accessDeniedMessage); return nullptr; } if (m_sessionStorage) { if (!m_sessionStorage->area()->canAccessStorage(m_window->frame())) { exceptionState.throwSecurityError(accessDeniedMessage); return nullptr; } return m_sessionStorage; } Page* page = document->page(); if (!page) return nullptr; StorageArea* storageArea = StorageNamespaceController::from(page)->sessionStorage()->storageArea(document->securityOrigin()); if (!storageArea->canAccessStorage(m_window->frame())) { exceptionState.throwSecurityError(accessDeniedMessage); return nullptr; } m_sessionStorage = Storage::create(m_window->frame(), storageArea); return m_sessionStorage; }
Storage* DOMWindowStorage::localStorage(ExceptionState& exceptionState) const { if (!m_window->isCurrentlyDisplayedInFrame()) return nullptr; Document* document = m_window->document(); if (!document) return nullptr; String accessDeniedMessage = "Access is denied for this document."; if (!document->securityOrigin()->canAccessLocalStorage()) { if (document->isSandboxed(SandboxOrigin)) exceptionState.throwSecurityError("The document is sandboxed and lacks the 'allow-same-origin' flag."); else if (document->url().protocolIs("data")) exceptionState.throwSecurityError("Storage is disabled inside 'data:' URLs."); else exceptionState.throwSecurityError(accessDeniedMessage); return nullptr; } if (m_localStorage) { if (!m_localStorage->area()->canAccessStorage(m_window->frame())) { exceptionState.throwSecurityError(accessDeniedMessage); return nullptr; } return m_localStorage; } // FIXME: Seems this check should be much higher? FrameHost* host = document->frameHost(); if (!host || !host->settings().localStorageEnabled()) return nullptr; StorageArea* storageArea = StorageNamespace::localStorageArea(document->securityOrigin()); if (!storageArea->canAccessStorage(m_window->frame())) { exceptionState.throwSecurityError(accessDeniedMessage); return nullptr; } m_localStorage = Storage::create(m_window->frame(), storageArea); return m_localStorage; }