diff options
| author | fqian@google.com <fqian@google.com@0039d316-1c4b-4281-b951-d872f2087c98> | 2008-12-11 01:22:11 +0000 |
|---|---|---|
| committer | fqian@google.com <fqian@google.com@0039d316-1c4b-4281-b951-d872f2087c98> | 2008-12-11 01:22:11 +0000 |
| commit | e4fe3611d6ebf53ecb78d88c15c17887e71b5ac3 (patch) | |
| tree | 0d1b7b319bd8f1c50bde9258d6de30d61c1df447 /webkit/port/bindings | |
| parent | 92fa52360991640fbdd99cc258c01ee5e310087c (diff) | |
| download | chromium_src-e4fe3611d6ebf53ecb78d88c15c17887e71b5ac3.zip chromium_src-e4fe3611d6ebf53ecb78d88c15c17887e71b5ac3.tar.gz chromium_src-e4fe3611d6ebf53ecb78d88c15c17887e71b5ac3.tar.bz2 | |
Update comments about security origin implementation.
Review URL: http://codereview.chromium.org/13362
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@6767 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'webkit/port/bindings')
| -rw-r--r-- | webkit/port/bindings/v8/v8_proxy.cpp | 24 |
1 files changed, 23 insertions, 1 deletions
diff --git a/webkit/port/bindings/v8/v8_proxy.cpp b/webkit/port/bindings/v8/v8_proxy.cpp index 672435b..dcc8145 100644 --- a/webkit/port/bindings/v8/v8_proxy.cpp +++ b/webkit/port/bindings/v8/v8_proxy.cpp @@ -211,7 +211,7 @@ namespace WebCore { // DOM objects are ref-counted, and JS objects are traced from // a set of root objects. They can create a cycle. To break // cycles, we do following: -// Peer from DOM objects to JS wrappers are always weak, +// Handles from DOM objects to JS wrappers are always weak, // so JS wrappers of non-node object cannot create a cycle. // Before starting a global GC, we create a virtual connection // between nodes in the same tree in the JS heap. If the wrapper @@ -1997,6 +1997,28 @@ void V8Proxy::updateDocument() } +// Same origin policy implementation: +// +// Same origin policy prevents JS code from domain A access JS & DOM objects +// in a different domain B. There are exceptions and several objects are +// accessible by cross-domain code. For example, the window.frames object is +// accessible by code from a different domain, but window.document is not. +// +// The binding code sets security check callbacks on a function template, +// and accessing instances of the template calls the callback function. +// The callback function checks same origin policy. +// +// Callback functions are expensive. V8 uses a security token string to do +// fast access checks for the common case where source and target are in the +// same domain. A security token is a string object that represents +// the protocol/url/port of a domain. +// +// There are special cases where a security token matching is not enough. +// For example, JavaScript can set its domain to a super domain by calling +// document.setDomain(...). In these cases, the binding code can reset +// a context's security token to its global object so that the fast access +// check will always fail. + // Check if the current execution context can access a target frame. // First it checks same domain policy using the lexical context // |