JSDOMBindingSecurity.h [plain text]
#pragma once
#include "ExceptionOr.h"
#include <wtf/Forward.h>
namespace JSC {
class ExecState;
}
namespace WebCore {
class DOMWindow;
class Frame;
class Node;
enum class CrossOriginWindowPolicy;
void printErrorMessageForFrame(Frame*, const String& message);
enum SecurityReportingOption { DoNotReportSecurityError, LogSecurityError, ThrowSecurityError };
namespace BindingSecurity {
template<typename T> T* checkSecurityForNode(JSC::ExecState&, T&);
template<typename T> T* checkSecurityForNode(JSC::ExecState&, T*);
template<typename T> ExceptionOr<T*> checkSecurityForNode(JSC::ExecState&, ExceptionOr<T*>&&);
template<typename T> ExceptionOr<T*> checkSecurityForNode(JSC::ExecState&, ExceptionOr<T&>&&);
bool shouldAllowAccessToDOMWindow(JSC::ExecState*, DOMWindow&, SecurityReportingOption = LogSecurityError);
bool shouldAllowAccessToDOMWindow(JSC::ExecState&, DOMWindow&, String& message);
bool shouldAllowAccessToFrame(JSC::ExecState*, Frame*, SecurityReportingOption = LogSecurityError);
bool shouldAllowAccessToFrame(JSC::ExecState&, Frame&, String& message);
bool shouldAllowAccessToNode(JSC::ExecState&, Node*);
bool shouldAllowAccessToDOMWindowGivenMinimumCrossOriginWindowPolicy(JSC::ExecState*, DOMWindow&, CrossOriginWindowPolicy, SecurityReportingOption = LogSecurityError);
};
template<typename T> inline T* BindingSecurity::checkSecurityForNode(JSC::ExecState& state, T& node)
{
return shouldAllowAccessToNode(state, &node) ? &node : nullptr;
}
template<typename T> inline T* BindingSecurity::checkSecurityForNode(JSC::ExecState& state, T* node)
{
return shouldAllowAccessToNode(state, node) ? node : nullptr;
}
template<typename T> inline ExceptionOr<T*> BindingSecurity::checkSecurityForNode(JSC::ExecState& state, ExceptionOr<T*>&& value)
{
if (value.hasException())
return value.releaseException();
return checkSecurityForNode(state, value.releaseReturnValue());
}
template<typename T> inline ExceptionOr<T*> BindingSecurity::checkSecurityForNode(JSC::ExecState& state, ExceptionOr<T&>&& value)
{
if (value.hasException())
return value.releaseException();
return checkSecurityForNode(state, value.releaseReturnValue());
}
}