1 | /* |
2 | * Copyright (C) 1999-2001 Harri Porten (porten@kde.org) |
3 | * Copyright (C) 2003-2006, 2008-2009, 2013, 2016 Apple Inc. All rights reserved. |
4 | * Copyright (C) 2007 Samuel Weinig <sam@webkit.org> |
5 | * Copyright (C) 2009 Google, Inc. All rights reserved. |
6 | * Copyright (C) 2012 Ericsson AB. All rights reserved. |
7 | * Copyright (C) 2013 Michael Pruett <michael@68k.org> |
8 | * |
9 | * This library is free software; you can redistribute it and/or |
10 | * modify it under the terms of the GNU Lesser General Public |
11 | * License as published by the Free Software Foundation; either |
12 | * version 2 of the License, or (at your option) any later version. |
13 | * |
14 | * This library is distributed in the hope that it will be useful, |
15 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
16 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |
17 | * Lesser General Public License for more details. |
18 | * |
19 | * You should have received a copy of the GNU Lesser General Public |
20 | * License along with this library; if not, write to the Free Software |
21 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA |
22 | */ |
23 | |
24 | #pragma once |
25 | |
26 | #include "ExceptionOr.h" |
27 | #include <wtf/Forward.h> |
28 | |
29 | namespace JSC { |
30 | class ExecState; |
31 | } |
32 | |
33 | namespace WebCore { |
34 | |
35 | class DOMWindow; |
36 | class Frame; |
37 | class Node; |
38 | |
39 | void printErrorMessageForFrame(Frame*, const String& message); |
40 | |
41 | enum SecurityReportingOption { DoNotReportSecurityError, LogSecurityError, ThrowSecurityError }; |
42 | |
43 | namespace BindingSecurity { |
44 | |
45 | template<typename T> T* checkSecurityForNode(JSC::ExecState&, T&); |
46 | template<typename T> T* checkSecurityForNode(JSC::ExecState&, T*); |
47 | template<typename T> ExceptionOr<T*> checkSecurityForNode(JSC::ExecState&, ExceptionOr<T*>&&); |
48 | template<typename T> ExceptionOr<T*> checkSecurityForNode(JSC::ExecState&, ExceptionOr<T&>&&); |
49 | |
50 | bool shouldAllowAccessToDOMWindow(JSC::ExecState*, DOMWindow&, SecurityReportingOption = LogSecurityError); |
51 | bool shouldAllowAccessToDOMWindow(JSC::ExecState&, DOMWindow&, String& message); |
52 | bool shouldAllowAccessToDOMWindow(JSC::ExecState*, DOMWindow*, SecurityReportingOption = LogSecurityError); |
53 | bool shouldAllowAccessToDOMWindow(JSC::ExecState&, DOMWindow*, String& message); |
54 | bool shouldAllowAccessToFrame(JSC::ExecState*, Frame*, SecurityReportingOption = LogSecurityError); |
55 | bool shouldAllowAccessToFrame(JSC::ExecState&, Frame&, String& message); |
56 | bool shouldAllowAccessToNode(JSC::ExecState&, Node*); |
57 | |
58 | } |
59 | |
60 | template<typename T> inline T* BindingSecurity::checkSecurityForNode(JSC::ExecState& state, T& node) |
61 | { |
62 | return shouldAllowAccessToNode(state, &node) ? &node : nullptr; |
63 | } |
64 | |
65 | template<typename T> inline T* BindingSecurity::checkSecurityForNode(JSC::ExecState& state, T* node) |
66 | { |
67 | return shouldAllowAccessToNode(state, node) ? node : nullptr; |
68 | } |
69 | |
70 | template<typename T> inline ExceptionOr<T*> BindingSecurity::checkSecurityForNode(JSC::ExecState& state, ExceptionOr<T*>&& value) |
71 | { |
72 | if (value.hasException()) |
73 | return value.releaseException(); |
74 | return checkSecurityForNode(state, value.releaseReturnValue()); |
75 | } |
76 | |
77 | template<typename T> inline ExceptionOr<T*> BindingSecurity::checkSecurityForNode(JSC::ExecState& state, ExceptionOr<T&>&& value) |
78 | { |
79 | if (value.hasException()) |
80 | return value.releaseException(); |
81 | return checkSecurityForNode(state, value.releaseReturnValue()); |
82 | } |
83 | |
84 | } // namespace WebCore |
85 | |