#ifndef BindingSecurity_h
#define BindingSecurity_h
#include "BindingSecurityBase.h"
#include "CSSHelper.h"
#include "Element.h"
#include "GenericBinding.h"
#include "HTMLFrameElementBase.h"
namespace WebCore {
class DOMWindow;
class Frame;
class Node;
template <class Binding>
class BindingSecurity : public BindingSecurityBase {
public:
static bool canAccessFrame(State<Binding>*, Frame*, bool reportError);
static bool checkNodeSecurity(State<Binding>*, Node* target);
static bool allowSettingFrameSrcToJavascriptUrl(State<Binding>*, HTMLFrameElementBase*, String value);
static bool allowSettingSrcToJavascriptURL(State<Binding>*, Element*, String name, String value);
private:
explicit BindingSecurity() {}
~BindingSecurity();
static bool canAccessWindow(State<Binding>*, DOMWindow* target);
};
template <class Binding>
bool BindingSecurity<Binding>::canAccessWindow(State<Binding>* state,
DOMWindow* targetWindow)
{
DOMWindow* activeWindow = state->getActiveWindow();
return canAccess(activeWindow, targetWindow);
}
template <class Binding>
bool BindingSecurity<Binding>::canAccessFrame(State<Binding>* state,
Frame* target,
bool reportError)
{
if (!target)
return false;
if (!canAccessWindow(state, getDOMWindow(target))) {
if (reportError)
state->immediatelyReportUnsafeAccessTo(target);
return false;
}
return true;
}
template <class Binding>
bool BindingSecurity<Binding>::checkNodeSecurity(State<Binding>* state, Node* node)
{
if (!node)
return false;
Frame* target = getFrame(node);
if (!target)
return false;
return canAccessFrame(state, target, true);
}
template <class Binding>
bool BindingSecurity<Binding>::allowSettingFrameSrcToJavascriptUrl(State<Binding>* state, HTMLFrameElementBase* frame, String value)
{
if (protocolIsJavaScript(deprecatedParseURL(value))) {
Node* contentDoc = frame->contentDocument();
if (contentDoc && !checkNodeSecurity(state, contentDoc))
return false;
}
return true;
}
template <class Binding>
bool BindingSecurity<Binding>::allowSettingSrcToJavascriptURL(State<Binding>* state, Element* element, String name, String value)
{
if ((element->hasTagName(HTMLNames::iframeTag) || element->hasTagName(HTMLNames::frameTag)) && equalIgnoringCase(name, "src"))
return allowSettingFrameSrcToJavascriptUrl(state, static_cast<HTMLFrameElementBase*>(element), value);
return true;
}
}
#endif // BindingSecurity_h