Skip to content

GitLab

T
tangled
Commit 570d2c5d authored by mlamouri's avatar mlamouri Committed by Commit bot
Browse files
Options

Permissions API: take into account that name() can be overridden. 

BUG=626124
TEST=clusterfuzz

Review-Url: https://codereview.chromium.org/2140583002
Cr-Commit-Position: refs/heads/master@{#404650}
parent 9c7f7e1c
Hide whitespace changes
Inline Side-by-side
Showing with 27 additions and 16 deletions
third_party/WebKit/Source/modules/permissions/Permissions.cpp
View file @ 570d2c5d
...@@ -31,6 +31,9 @@ namespace blink { ...@@ -31,6 +31,9 @@ namespace blink {
namespace { namespace {
// Websites will be able to run code when `name()` is called, changing the
// current context. The caller should make sure that no assumption is made
// after this has been called.
WebPermissionType getPermissionType(ScriptState* scriptState, const Dictionary& rawPermission, const PermissionDescriptor& permission, ExceptionState& exceptionState) WebPermissionType getPermissionType(ScriptState* scriptState, const Dictionary& rawPermission, const PermissionDescriptor& permission, ExceptionState& exceptionState)
{ {
const String& name = permission.name(); const String& name = permission.name();
...@@ -106,15 +109,17 @@ WebPermissionClient* Permissions::getClient(ExecutionContext* executionContext) ...@@ -106,15 +109,17 @@ WebPermissionClient* Permissions::getClient(ExecutionContext* executionContext)
ScriptPromise Permissions::query(ScriptState* scriptState, const Dictionary& rawPermission) ScriptPromise Permissions::query(ScriptState* scriptState, const Dictionary& rawPermission)
{ {
WebPermissionClient* client = getClient(scriptState->getExecutionContext());
if (!client)
return ScriptPromise::rejectWithDOMException(scriptState, DOMException::create(InvalidStateError, "In its current state, the global scope can't query permissions."));
ExceptionState exceptionState(ExceptionState::GetterContext, "query", "Permissions", scriptState->context()->Global(), scriptState->isolate()); ExceptionState exceptionState(ExceptionState::GetterContext, "query", "Permissions", scriptState->context()->Global(), scriptState->isolate());
Nullable<WebPermissionType> type = parsePermission(scriptState, rawPermission, exceptionState); Nullable<WebPermissionType> type = parsePermission(scriptState, rawPermission, exceptionState);
if (exceptionState.hadException()) if (exceptionState.hadException())
return exceptionState.reject(scriptState); return exceptionState.reject(scriptState);
// This must be called after `parsePermission` because the website might
// be able to run code.
WebPermissionClient* client = getClient(scriptState->getExecutionContext());
if (!client)
return ScriptPromise::rejectWithDOMException(scriptState, DOMException::create(InvalidStateError, "In its current state, the global scope can't query permissions."));
ScriptPromiseResolver* resolver = ScriptPromiseResolver::create(scriptState); ScriptPromiseResolver* resolver = ScriptPromiseResolver::create(scriptState);
ScriptPromise promise = resolver->promise(); ScriptPromise promise = resolver->promise();
...@@ -128,15 +133,17 @@ ScriptPromise Permissions::query(ScriptState* scriptState, const Dictionary& raw ...@@ -128,15 +133,17 @@ ScriptPromise Permissions::query(ScriptState* scriptState, const Dictionary& raw
ScriptPromise Permissions::request(ScriptState* scriptState, const Dictionary& rawPermission) ScriptPromise Permissions::request(ScriptState* scriptState, const Dictionary& rawPermission)
{ {
WebPermissionClient* client = getClient(scriptState->getExecutionContext());
if (!client)
return ScriptPromise::rejectWithDOMException(scriptState, DOMException::create(InvalidStateError, "In its current state, the global scope can't request permissions."));
ExceptionState exceptionState(ExceptionState::GetterContext, "request", "Permissions", scriptState->context()->Global(), scriptState->isolate()); ExceptionState exceptionState(ExceptionState::GetterContext, "request", "Permissions", scriptState->context()->Global(), scriptState->isolate());
Nullable<WebPermissionType> type = parsePermission(scriptState, rawPermission, exceptionState); Nullable<WebPermissionType> type = parsePermission(scriptState, rawPermission, exceptionState);
if (exceptionState.hadException()) if (exceptionState.hadException())
return exceptionState.reject(scriptState); return exceptionState.reject(scriptState);
// This must be called after `parsePermission` because the website might
// be able to run code.
WebPermissionClient* client = getClient(scriptState->getExecutionContext());
if (!client)
return ScriptPromise::rejectWithDOMException(scriptState, DOMException::create(InvalidStateError, "In its current state, the global scope can't request permissions."));
ScriptPromiseResolver* resolver = ScriptPromiseResolver::create(scriptState); ScriptPromiseResolver* resolver = ScriptPromiseResolver::create(scriptState);
ScriptPromise promise = resolver->promise(); ScriptPromise promise = resolver->promise();
...@@ -146,15 +153,17 @@ ScriptPromise Permissions::request(ScriptState* scriptState, const Dictionary& r ...@@ -146,15 +153,17 @@ ScriptPromise Permissions::request(ScriptState* scriptState, const Dictionary& r
ScriptPromise Permissions::revoke(ScriptState* scriptState, const Dictionary& rawPermission) ScriptPromise Permissions::revoke(ScriptState* scriptState, const Dictionary& rawPermission)
{ {
WebPermissionClient* client = getClient(scriptState->getExecutionContext());
if (!client)
return ScriptPromise::rejectWithDOMException(scriptState, DOMException::create(InvalidStateError, "In its current state, the global scope can't revoke permissions."));
ExceptionState exceptionState(ExceptionState::GetterContext, "revoke", "Permissions", scriptState->context()->Global(), scriptState->isolate()); ExceptionState exceptionState(ExceptionState::GetterContext, "revoke", "Permissions", scriptState->context()->Global(), scriptState->isolate());
Nullable<WebPermissionType> type = parsePermission(scriptState, rawPermission, exceptionState); Nullable<WebPermissionType> type = parsePermission(scriptState, rawPermission, exceptionState);
if (exceptionState.hadException()) if (exceptionState.hadException())
return exceptionState.reject(scriptState); return exceptionState.reject(scriptState);
// This must be called after `parsePermission` because the website might
// be able to run code.
WebPermissionClient* client = getClient(scriptState->getExecutionContext());
if (!client)
return ScriptPromise::rejectWithDOMException(scriptState, DOMException::create(InvalidStateError, "In its current state, the global scope can't revoke permissions."));
ScriptPromiseResolver* resolver = ScriptPromiseResolver::create(scriptState); ScriptPromiseResolver* resolver = ScriptPromiseResolver::create(scriptState);
ScriptPromise promise = resolver->promise(); ScriptPromise promise = resolver->promise();
...@@ -164,10 +173,6 @@ ScriptPromise Permissions::revoke(ScriptState* scriptState, const Dictionary& ra ...@@ -164,10 +173,6 @@ ScriptPromise Permissions::revoke(ScriptState* scriptState, const Dictionary& ra
ScriptPromise Permissions::requestAll(ScriptState* scriptState, const Vector<Dictionary>& rawPermissions) ScriptPromise Permissions::requestAll(ScriptState* scriptState, const Vector<Dictionary>& rawPermissions)
{ {
WebPermissionClient* client = getClient(scriptState->getExecutionContext());
if (!client)
return ScriptPromise::rejectWithDOMException(scriptState, DOMException::create(InvalidStateError, "In its current state, the global scope can't request permissions."));
ExceptionState exceptionState(ExceptionState::GetterContext, "request", "Permissions", scriptState->context()->Global(), scriptState->isolate()); ExceptionState exceptionState(ExceptionState::GetterContext, "request", "Permissions", scriptState->context()->Global(), scriptState->isolate());
std::unique_ptr<Vector<WebPermissionType>> internalPermissions = wrapUnique(new Vector<WebPermissionType>()); std::unique_ptr<Vector<WebPermissionType>> internalPermissions = wrapUnique(new Vector<WebPermissionType>());
std::unique_ptr<Vector<int>> callerIndexToInternalIndex = wrapUnique(new Vector<int>(rawPermissions.size())); std::unique_ptr<Vector<int>> callerIndexToInternalIndex = wrapUnique(new Vector<int>(rawPermissions.size()));
...@@ -191,6 +196,12 @@ ScriptPromise Permissions::requestAll(ScriptState* scriptState, const Vector<Dic ...@@ -191,6 +196,12 @@ ScriptPromise Permissions::requestAll(ScriptState* scriptState, const Vector<Dic
callerIndexToInternalIndex->operator[](i) = internalIndex; callerIndexToInternalIndex->operator[](i) = internalIndex;
} }
// This must be called after `parsePermission` because the website might
// be able to run code.
WebPermissionClient* client = getClient(scriptState->getExecutionContext());
if (!client)
return ScriptPromise::rejectWithDOMException(scriptState, DOMException::create(InvalidStateError, "In its current state, the global scope can't request permissions."));
ScriptPromiseResolver* resolver = ScriptPromiseResolver::create(scriptState); ScriptPromiseResolver* resolver = ScriptPromiseResolver::create(scriptState);
ScriptPromise promise = resolver->promise(); ScriptPromise promise = resolver->promise();
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment