BindingSecurity.cpp [plain text]
#include "config.h"
#include "BindingSecurity.h"
#include "BindingState.h"
#include "DOMWindow.h"
#include "Document.h"
#include "Frame.h"
#include "HTMLFrameElementBase.h"
#include "HTMLParserIdioms.h"
#include "JSDOMBinding.h"
#include "SecurityOrigin.h"
#include "Settings.h"
namespace WebCore {
static bool canAccessDocument(BindingState* state, Document* targetDocument, SecurityReportingOption reportingOption = ReportSecurityError)
{
if (!targetDocument)
return false;
DOMWindow* active = activeDOMWindow(state);
if (!active)
return false;
if (active->document()->securityOrigin()->canAccess(targetDocument->securityOrigin()))
return true;
if (reportingOption == ReportSecurityError)
printErrorMessageForFrame(targetDocument->frame(), targetDocument->domWindow()->crossDomainAccessErrorMessage(active));
return false;
}
bool BindingSecurity::shouldAllowAccessToDOMWindow(BindingState* state, DOMWindow* target, SecurityReportingOption reportingOption)
{
return target && canAccessDocument(state, target->document(), reportingOption);
}
bool BindingSecurity::shouldAllowAccessToFrame(BindingState* state, Frame* target, SecurityReportingOption reportingOption)
{
return target && canAccessDocument(state, target->document(), reportingOption);
}
bool BindingSecurity::shouldAllowAccessToNode(BindingState* state, Node* target)
{
return target && canAccessDocument(state, target->document());
}
bool BindingSecurity::allowSettingFrameSrcToJavascriptUrl(BindingState* state, HTMLFrameElementBase* frame, const String& value)
{
return !protocolIsJavaScript(stripLeadingAndTrailingHTMLSpaces(value)) || canAccessDocument(state, frame->contentDocument());
}
}