Windows-4.7.4/src/3rdparty/webkit/WebCore/bindings/generic/BindingSecurity.h - platform/external/qt - Git at Google

 /*
  * Copyright (C) 2009 Google Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions are
  * met:
  *
  *     * Redistributions of source code must retain the above copyright
  * notice, this list of conditions and the following disclaimer.
  *     * Redistributions in binary form must reproduce the above
  * copyright notice, this list of conditions and the following disclaimer
  * in the documentation and/or other materials provided with the
  * distribution.
  *     * Neither the name of Google Inc. nor the names of its
  * contributors may be used to endorse or promote products derived from
  * this software without specific prior written permission.
  *
  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
  * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
  * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
  * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
  * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
  * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */

 #ifndef BindingSecurity_h
 #define BindingSecurity_h

 #include "BindingSecurityBase.h"
 #include "CSSHelper.h"
 #include "Element.h"
 #include "GenericBinding.h"
 #include "HTMLFrameElementBase.h"

 namespace WebCore {

 class DOMWindow;
 class Frame;
 class Node;

 // Security functions shared by various language bindings.
 template <class Binding>
 class BindingSecurity : public BindingSecurityBase {
 public:
     // Check if the active execution context can access the target frame.
     static bool canAccessFrame(State<Binding>*, Frame*, bool reportError);

     // Check if it is safe to access the given node from the
     // current security context.
     static bool checkNodeSecurity(State<Binding>*, Node* target);

     static bool allowSettingFrameSrcToJavascriptUrl(State<Binding>*, HTMLFrameElementBase*, String value);
     static bool allowSettingSrcToJavascriptURL(State<Binding>*, Element*, String name, String value);

 private:
     explicit BindingSecurity() {}
     ~BindingSecurity();

     // Check if the current DOMWindow's security context can access the target
     // DOMWindow.  This function does not report errors, so most callers should
     // use canAccessFrame instead.
     static bool canAccessWindow(State<Binding>*, DOMWindow* target);
 };

 // Implementations of templated methods must be in this file.

 template <class Binding>
 bool BindingSecurity<Binding>::canAccessWindow(State<Binding>* state,
                                                DOMWindow* targetWindow)
 {
     DOMWindow* activeWindow = state->getActiveWindow();
     return canAccess(activeWindow, targetWindow);
 }

 template <class Binding>
 bool BindingSecurity<Binding>::canAccessFrame(State<Binding>* state,
                                               Frame* target,
                                               bool reportError)
 {
     // The subject is detached from a frame, deny accesses.
     if (!target)
         return false;

     if (!canAccessWindow(state, getDOMWindow(target))) {
         if (reportError)
             state->immediatelyReportUnsafeAccessTo(target);
         return false;
     }
     return true;
 }

 template <class Binding>
 bool BindingSecurity<Binding>::checkNodeSecurity(State<Binding>* state, Node* node)
 {
     if (!node)
         return false;

     Frame* target = getFrame(node);

     if (!target)
         return false;

     return canAccessFrame(state, target, true);
 }

 template <class Binding>
 bool BindingSecurity<Binding>::allowSettingFrameSrcToJavascriptUrl(State<Binding>* state, HTMLFrameElementBase* frame, String value)
 {
     if (protocolIsJavaScript(deprecatedParseURL(value))) {
         Node* contentDoc = frame->contentDocument();
         if (contentDoc && !checkNodeSecurity(state, contentDoc))
             return false;
     }
     return true;
 }

 template <class Binding>
 bool BindingSecurity<Binding>::allowSettingSrcToJavascriptURL(State<Binding>* state, Element* element, String name, String value)
 {
     if ((element->hasTagName(HTMLNames::iframeTag) || element->hasTagName(HTMLNames::frameTag)) && equalIgnoringCase(name, "src"))
         return allowSettingFrameSrcToJavascriptUrl(state, static_cast<HTMLFrameElementBase*>(element), value);
     return true;
 }

 }

 #endif // BindingSecurity_h
	/*
	* Copyright (C) 2009 Google Inc. All rights reserved.
	*
	* Redistribution and use in source and binary forms, with or without
	* modification, are permitted provided that the following conditions are
	* met:
	*
	* * Redistributions of source code must retain the above copyright
	* notice, this list of conditions and the following disclaimer.
	* * Redistributions in binary form must reproduce the above
	* copyright notice, this list of conditions and the following disclaimer
	* in the documentation and/or other materials provided with the
	* distribution.
	* * Neither the name of Google Inc. nor the names of its
	* contributors may be used to endorse or promote products derived from
	* this software without specific prior written permission.
	*
	* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
	* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
	* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
	* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
	* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
	* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
	* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
	* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
	* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
	* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
	* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
	*/

	#ifndef BindingSecurity_h
	#define BindingSecurity_h

	#include "BindingSecurityBase.h"
	#include "CSSHelper.h"
	#include "Element.h"
	#include "GenericBinding.h"
	#include "HTMLFrameElementBase.h"

	namespace WebCore {

	class DOMWindow;
	class Frame;
	class Node;

	// Security functions shared by various language bindings.
	template <class Binding>
	class BindingSecurity : public BindingSecurityBase {
	public:
	// Check if the active execution context can access the target frame.
	static bool canAccessFrame(State<Binding>, Frame, bool reportError);

	// Check if it is safe to access the given node from the
	// current security context.
	static bool checkNodeSecurity(State<Binding>, Node target);

	static bool allowSettingFrameSrcToJavascriptUrl(State<Binding>, HTMLFrameElementBase, String value);
	static bool allowSettingSrcToJavascriptURL(State<Binding>, Element, String name, String value);

	private:
	explicit BindingSecurity() {}
	~BindingSecurity();

	// Check if the current DOMWindow's security context can access the target
	// DOMWindow. This function does not report errors, so most callers should
	// use canAccessFrame instead.
	static bool canAccessWindow(State<Binding>, DOMWindow target);
	};

	// Implementations of templated methods must be in this file.

	template <class Binding>
	bool BindingSecurity<Binding>::canAccessWindow(State<Binding>* state,
	DOMWindow* targetWindow)
	{
	DOMWindow* activeWindow = state->getActiveWindow();
	return canAccess(activeWindow, targetWindow);
	}

	template <class Binding>
	bool BindingSecurity<Binding>::canAccessFrame(State<Binding>* state,
	Frame* target,
	bool reportError)
	{
	// The subject is detached from a frame, deny accesses.
	if (!target)
	return false;

	if (!canAccessWindow(state, getDOMWindow(target))) {
	if (reportError)
	state->immediatelyReportUnsafeAccessTo(target);
	return false;
	}
	return true;
	}

	template <class Binding>
	bool BindingSecurity<Binding>::checkNodeSecurity(State<Binding>* state, Node* node)
	{
	if (!node)
	return false;

	Frame* target = getFrame(node);

	if (!target)
	return false;

	return canAccessFrame(state, target, true);
	}

	template <class Binding>
	bool BindingSecurity<Binding>::allowSettingFrameSrcToJavascriptUrl(State<Binding>* state, HTMLFrameElementBase* frame, String value)
	{
	if (protocolIsJavaScript(deprecatedParseURL(value))) {
	Node* contentDoc = frame->contentDocument();
	if (contentDoc && !checkNodeSecurity(state, contentDoc))
	return false;
	}
	return true;
	}

	template <class Binding>
	bool BindingSecurity<Binding>::allowSettingSrcToJavascriptURL(State<Binding>* state, Element* element, String name, String value)
	{
	if ((element->hasTagName(HTMLNames::iframeTag) \|\| element->hasTagName(HTMLNames::frameTag)) && equalIgnoringCase(name, "src"))
	return allowSettingFrameSrcToJavascriptUrl(state, static_cast<HTMLFrameElementBase*>(element), value);
	return true;
	}

	}

	#endif // BindingSecurity_h