1/*
2 * Copyright (C) 1999-2001 Harri Porten (porten@kde.org)
3 * Copyright (C) 2003-2006, 2008-2009, 2013, 2016 Apple Inc. All rights reserved.
4 * Copyright (C) 2007 Samuel Weinig <sam@webkit.org>
5 * Copyright (C) 2009 Google, Inc. All rights reserved.
6 * Copyright (C) 2012 Ericsson AB. All rights reserved.
7 * Copyright (C) 2013 Michael Pruett <michael@68k.org>
8 *
9 * This library is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU Lesser General Public
11 * License as published by the Free Software Foundation; either
12 * version 2 of the License, or (at your option) any later version.
13 *
14 * This library is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
17 * Lesser General Public License for more details.
18 *
19 * You should have received a copy of the GNU Lesser General Public
20 * License along with this library; if not, write to the Free Software
21 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
22 */
23
24#pragma once
25
26#include "ExceptionOr.h"
27#include <wtf/Forward.h>
28
29namespace JSC {
30class ExecState;
31}
32
33namespace WebCore {
34
35class DOMWindow;
36class Frame;
37class Node;
38
39void printErrorMessageForFrame(Frame*, const String& message);
40
41enum SecurityReportingOption { DoNotReportSecurityError, LogSecurityError, ThrowSecurityError };
42
43namespace BindingSecurity {
44
45template<typename T> T* checkSecurityForNode(JSC::ExecState&, T&);
46template<typename T> T* checkSecurityForNode(JSC::ExecState&, T*);
47template<typename T> ExceptionOr<T*> checkSecurityForNode(JSC::ExecState&, ExceptionOr<T*>&&);
48template<typename T> ExceptionOr<T*> checkSecurityForNode(JSC::ExecState&, ExceptionOr<T&>&&);
49
50bool shouldAllowAccessToDOMWindow(JSC::ExecState*, DOMWindow&, SecurityReportingOption = LogSecurityError);
51bool shouldAllowAccessToDOMWindow(JSC::ExecState&, DOMWindow&, String& message);
52bool shouldAllowAccessToDOMWindow(JSC::ExecState*, DOMWindow*, SecurityReportingOption = LogSecurityError);
53bool shouldAllowAccessToDOMWindow(JSC::ExecState&, DOMWindow*, String& message);
54bool shouldAllowAccessToFrame(JSC::ExecState*, Frame*, SecurityReportingOption = LogSecurityError);
55bool shouldAllowAccessToFrame(JSC::ExecState&, Frame&, String& message);
56bool shouldAllowAccessToNode(JSC::ExecState&, Node*);
57
58}
59
60template<typename T> inline T* BindingSecurity::checkSecurityForNode(JSC::ExecState& state, T& node)
61{
62 return shouldAllowAccessToNode(state, &node) ? &node : nullptr;
63}
64
65template<typename T> inline T* BindingSecurity::checkSecurityForNode(JSC::ExecState& state, T* node)
66{
67 return shouldAllowAccessToNode(state, node) ? node : nullptr;
68}
69
70template<typename T> inline ExceptionOr<T*> BindingSecurity::checkSecurityForNode(JSC::ExecState& state, ExceptionOr<T*>&& value)
71{
72 if (value.hasException())
73 return value.releaseException();
74 return checkSecurityForNode(state, value.releaseReturnValue());
75}
76
77template<typename T> inline ExceptionOr<T*> BindingSecurity::checkSecurityForNode(JSC::ExecState& state, ExceptionOr<T&>&& value)
78{
79 if (value.hasException())
80 return value.releaseException();
81 return checkSecurityForNode(state, value.releaseReturnValue());
82}
83
84} // namespace WebCore
85