// Check if the current execution context can access a target frame.
// First it checks same domain policy using the lexical context
//
// This is equivalent to KJS::Window::allowsAccessFrom(ExecState*, String&).
bool V8Proxy::canAccessPrivate(DOMWindow* targetWindow)
{
ASSERT(targetWindow);
String message;
DOMWindow* originWindow = retrieveWindow(currentContext());
if (originWindow == targetWindow)
return true;
if (!originWindow)
return false;
const SecurityOrigin* activeSecurityOrigin = originWindow->securityOrigin();
const SecurityOrigin* targetSecurityOrigin = targetWindow->securityOrigin();
// We have seen crashes were the security origin of the target has not been
// initialized. Defend against that.
if (!targetSecurityOrigin)
return false;
if (activeSecurityOrigin->canAccess(targetSecurityOrigin))
return true;
// Allow access to a "about:blank" page if the dynamic context is a
// detached context of the same frame as the blank page.
if (targetSecurityOrigin->isEmpty() && originWindow->frame() == targetWindow->frame())
return true;
return false;
}
DOMWindow* V8Proxy::retrieveWindowForCallingContext()
{
v8::Handle<v8::Context> context = v8::Context::GetCalling();
if (context.IsEmpty())
return 0;
return retrieveWindow(context);
}
Frame* V8Proxy::retrieveFrame(v8::Handle<v8::Context> context)
{
DOMWindow* window = retrieveWindow(context);
Frame* frame = window->frame();
if (frame && frame->domWindow() == window)
return frame;
// We return 0 here because |context| is detached from the Frame. If we
// did return |frame| we could get in trouble because the frame could be
// navigated to another security origin.
return 0;
}
V8Proxy* V8Proxy::retrieve()
{
DOMWindow* window = retrieveWindow(currentContext());
ASSERT(window);
return retrieve(window->frame());
}
Frame* V8Proxy::retrieveFrame(v8::Handle<v8::Context> context)
{
return retrieveWindow(context)->frame();
}
