Modifies V8WrapperInstantiationScope::SecurityCheck to only call...

Modifies V8WrapperInstantiationScope::SecurityCheck to only call BindingSecurity::shouldAllowAccessToFrame if m_context's world is the main world. BUG=529667 Review URL: https://codereview.chromium.org/1323453005 git-svn-id: svn://svn.chromium.org/blink/trunk@201987 bbb929c8-8fbe-4397-9dbb-9b2b20218538

Modifies V8WrapperInstantiationScope::SecurityCheck to only call...
Modifies V8WrapperInstantiationScope::SecurityCheck to only call BindingSecurity::shouldAllowAccessToFrame if m_context's world is the main world. BUG=529667 Review URL: https://codereview.chromium.org/1323453005 git-svn-id: svn://svn.chromium.org/blink/trunk@201987 bbb929c8-8fbe-4397-9dbb-9b2b20218538
6daf0cab · epertoso@chromium.org · 03248ab1 · 6daf0cab · 6daf0cab
Commit 6daf0cab authored Sep 09, 2015 by epertoso@chromium.org
2 changed files
--- a/third_party/WebKit/Source/bindings/core/v8/V8DOMWrapper.cpp
+++ b/third_party/WebKit/Source/bindings/core/v8/V8DOMWrapper.cpp
@@ -130,13 +130,19 @@ bool V8DOMWrapper::hasInternalFieldsSet(v8::Local<v8::Value> value)
        && untrustedWrapperTypeInfo->ginEmbedder == gin::kEmbedderBlink;
 }

-void V8WrapperInstantiationScope::SecurityCheck(v8::Isolate* isolate, v8::Local<v8::Context> contextForWrapper)
+void V8WrapperInstantiationScope::securityCheck(v8::Isolate* isolate, v8::Local<v8::Context> contextForWrapper)
 {
-    if (!m_context.IsEmpty()) {
-        // If the context is different, we need to make sure that the current
-        // context has access to the creation context.
-        Frame* frame = toFrameIfNotDetached(contextForWrapper);
-        RELEASE_ASSERT(!frame || BindingSecurity::shouldAllowAccessToFrame(isolate, frame, DoNotReportSecurityError));
+    if (m_context.IsEmpty())
+        return;
+    // If the context is different, we need to make sure that the current
+    // context has access to the creation context.
+    Frame* frame = toFrameIfNotDetached(contextForWrapper);
+    if (!frame)
+        return;
+    const DOMWrapperWorld& currentWorld = DOMWrapperWorld::world(m_context);
+    RELEASE_ASSERT(currentWorld.worldId() == DOMWrapperWorld::world(contextForWrapper).worldId());
+    if (currentWorld.isMainWorld()) {
+        RELEASE_ASSERT(BindingSecurity::shouldAllowAccessToFrame(isolate, frame, DoNotReportSecurityError));
    }
 }


--- a/third_party/WebKit/Source/bindings/core/v8/V8DOMWrapper.h
+++ b/third_party/WebKit/Source/bindings/core/v8/V8DOMWrapper.h
@@ -124,7 +124,7 @@ public:
        if (contextForWrapper == m_context)
            return;
        if (withSecurityCheck)
-            SecurityCheck(isolate, contextForWrapper);
+            securityCheck(isolate, contextForWrapper);
        m_context = v8::Local<v8::Context>::New(isolate, contextForWrapper);
        m_didEnterContext = true;
        m_context->Enter();
@@ -140,7 +140,7 @@ public:
    v8::Local<v8::Context> context() const { return m_context; }

 private:
-    void SecurityCheck(v8::Isolate*, v8::Local<v8::Context> contextForWrapper);
+    void securityCheck(v8::Isolate*, v8::Local<v8::Context> contextForWrapper);

    bool m_didEnterContext;
    v8::Local<v8::Context> m_context;