diff options
| -rw-r--r-- | webkit/plugins/ppapi/ppapi_plugin_instance.cc | 20 | ||||
| -rw-r--r-- | webkit/plugins/ppapi/ppapi_plugin_instance.h | 4 |
2 files changed, 24 insertions, 0 deletions
diff --git a/webkit/plugins/ppapi/ppapi_plugin_instance.cc b/webkit/plugins/ppapi/ppapi_plugin_instance.cc index 435cafb..d7d245f 100644 --- a/webkit/plugins/ppapi/ppapi_plugin_instance.cc +++ b/webkit/plugins/ppapi/ppapi_plugin_instance.cc @@ -46,6 +46,7 @@ #include "third_party/WebKit/Source/WebKit/chromium/public/WebInputEvent.h" #include "third_party/WebKit/Source/WebKit/chromium/public/WebPluginContainer.h" #include "third_party/WebKit/Source/WebKit/chromium/public/WebRect.h" +#include "third_party/WebKit/Source/WebKit/chromium/public/WebSecurityOrigin.h" #include "third_party/WebKit/Source/WebKit/chromium/public/WebString.h" #include "third_party/WebKit/Source/WebKit/chromium/public/WebURL.h" #include "third_party/WebKit/Source/WebKit/chromium/public/WebURLRequest.h" @@ -1651,6 +1652,8 @@ int32_t PluginInstance::LockMouse(PP_Instance instance, } if (lock_mouse_callback_.func) return PP_ERROR_INPROGRESS; + if (!CanAccessMainFrame()) + return PP_ERROR_NOACCESS; lock_mouse_callback_ = callback; // We will be notified on completion via OnLockMouseACK(), either @@ -1673,5 +1676,22 @@ void PluginInstance::DoSetCursor(WebCursorInfo* cursor) { fullscreen_container_->DidChangeCursor(*cursor); } +bool PluginInstance::CanAccessMainFrame() const { + if (!container_) + return false; + WebKit::WebDocument containing_document = container_->element().document(); + + if (!containing_document.frame() || + !containing_document.frame()->view() || + !containing_document.frame()->view()->mainFrame()) { + return false; + } + WebKit::WebDocument main_document = + containing_document.frame()->view()->mainFrame()->document(); + + return containing_document.securityOrigin().canAccess( + main_document.securityOrigin()); +} + } // namespace ppapi } // namespace webkit diff --git a/webkit/plugins/ppapi/ppapi_plugin_instance.h b/webkit/plugins/ppapi/ppapi_plugin_instance.h index 6109278..a035b61 100644 --- a/webkit/plugins/ppapi/ppapi_plugin_instance.h +++ b/webkit/plugins/ppapi/ppapi_plugin_instance.h @@ -399,6 +399,10 @@ class PluginInstance : public base::RefCounted<PluginInstance>, void DoSetCursor(WebKit::WebCursorInfo* cursor); + // Checks if the security origin of the document containing this instance can + // assess the security origin of the main frame document. + bool CanAccessMainFrame() const; + PluginDelegate* delegate_; scoped_refptr<PluginModule> module_; scoped_ptr< ::ppapi::PPP_Instance_Combined> instance_interface_; |