content/common/frame_replication_state.h - chromium/src - Git at Google

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

 #ifndef CONTENT_COMMON_FRAME_REPLICATION_STATE_H_
 #define CONTENT_COMMON_FRAME_REPLICATION_STATE_H_

 #include "content/common/content_export.h"
 #include "url/origin.h"

 namespace content {

 // Sandboxing flags for iframes.  These flags are set via an iframe's "sandbox"
 // attribute in the renderer process and forwarded to the browser process,
 // which replicates them to other processes as needed.  For a list of sandbox
 // flags, see
 // http://www.whatwg.org/specs/web-apps/current-work/#attr-iframe-sandbox
 // Must be kept in sync with blink::WebSandboxFlags. Enforced in
 // render_frame_impl.cc.
 enum class SandboxFlags : int {
   NONE = 0,
   NAVIGATION = 1,
   PLUGINS = 1 << 1,
   ORIGIN = 1 << 2,
   FORMS = 1 << 3,
   SCRIPTS = 1 << 4,
   TOP_NAVIGATION = 1 << 5,
   POPUPS = 1 << 6,
   AUTOMATIC_FEATURES = 1 << 7,
   POINTER_LOCK = 1 << 8,
   DOCUMENT_DOMAIN = 1 << 9,
   ORIENTATION_LOCK = 1 << 10,
   ALL = -1
 };

 inline SandboxFlags operator&(SandboxFlags a, SandboxFlags b) {
   return static_cast<SandboxFlags>(static_cast<int>(a) & static_cast<int>(b));
 }

 inline SandboxFlags operator~(SandboxFlags flags) {
   return static_cast<SandboxFlags>(~static_cast<int>(flags));
 }

 // This structure holds information that needs to be replicated between a
 // RenderFrame and any of its associated RenderFrameProxies.
 struct CONTENT_EXPORT FrameReplicationState {
   FrameReplicationState();
   FrameReplicationState(const std::string& name, SandboxFlags sandbox_flags);
   ~FrameReplicationState();

   // Current serialized security origin of the frame.  Unique origins are
   // represented as the string "null" per RFC 6454.  This field is updated
   // whenever a frame navigation commits.
   //
   // TODO(alexmos): For now, |origin| updates are immediately sent to all frame
   // proxies when in --site-per-process mode. This isn't ideal, since Blink
   // typically needs a proxy's origin only when performing security checks on
   // the ancestors of a local frame.  So, as a future improvement, we could
   // delay sending origin updates to proxies until they have a local descendant
   // (if ever). This would reduce leaking a user's browsing history into a
   // compromized renderer.
   url::Origin origin;

   // Current sandbox flags of the frame.  |sandbox_flags| are initialized for
   // new child frames using the value of the <iframe> element's "sandbox"
   // attribute. They are updated dynamically whenever a parent frame updates an
   // <iframe>'s sandbox attribute via JavaScript.
   //
   // Updates to |sandbox_flags| are sent to proxies, but only after a
   // subsequent navigation of the (sandboxed) frame, since the flags only take
   // effect on navigation (see also FrameTreeNode::effective_sandbox_flags_).
   // The proxies need updated flags so that they can be inherited properly if a
   // proxy ever becomes a parent of a local frame.
   SandboxFlags sandbox_flags;

   // The assigned name of the frame. This name can be empty, unlike the unique
   // name generated internally in the DOM tree.
   //
   // |name| is set when a new child frame is created using the value of the
   // <iframe> element's "name" attribute (see
   // RenderFrameHostImpl::OnCreateChildFrame), and it is updated dynamically
   // whenever a frame sets its window.name.
   //
   // |name| updates are immediately sent to all frame proxies (when in
   // --site-per-process mode), so that other frames can look up or navigate a
   // frame using its updated name (e.g., using window.open(url, frame_name)).
   std::string name;

   // TODO(alexmos): Eventually, this structure can also hold other state that
   // needs to be replicated, such as frame sizing info.
 };

 }  // namespace content

 #endif  // CONTENT_COMMON_FRAME_REPLICATION_STATE_H_
	// Copyright 2014 The Chromium Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.

	#ifndef CONTENT_COMMON_FRAME_REPLICATION_STATE_H_
	#define CONTENT_COMMON_FRAME_REPLICATION_STATE_H_

	#include "content/common/content_export.h"
	#include "url/origin.h"

	namespace content {

	// Sandboxing flags for iframes. These flags are set via an iframe's "sandbox"
	// attribute in the renderer process and forwarded to the browser process,
	// which replicates them to other processes as needed. For a list of sandbox
	// flags, see
	// http://www.whatwg.org/specs/web-apps/current-work/#attr-iframe-sandbox
	// Must be kept in sync with blink::WebSandboxFlags. Enforced in
	// render_frame_impl.cc.
	enum class SandboxFlags : int {
	NONE = 0,
	NAVIGATION = 1,
	PLUGINS = 1 << 1,
	ORIGIN = 1 << 2,
	FORMS = 1 << 3,
	SCRIPTS = 1 << 4,
	TOP_NAVIGATION = 1 << 5,
	POPUPS = 1 << 6,
	AUTOMATIC_FEATURES = 1 << 7,
	POINTER_LOCK = 1 << 8,
	DOCUMENT_DOMAIN = 1 << 9,
	ORIENTATION_LOCK = 1 << 10,
	ALL = -1
	};

	inline SandboxFlags operator&(SandboxFlags a, SandboxFlags b) {
	return static_cast<SandboxFlags>(static_cast<int>(a) & static_cast<int>(b));
	}

	inline SandboxFlags operator~(SandboxFlags flags) {
	return static_cast<SandboxFlags>(~static_cast<int>(flags));
	}

	// This structure holds information that needs to be replicated between a
	// RenderFrame and any of its associated RenderFrameProxies.
	struct CONTENT_EXPORT FrameReplicationState {
	FrameReplicationState();
	FrameReplicationState(const std::string& name, SandboxFlags sandbox_flags);
	~FrameReplicationState();

	// Current serialized security origin of the frame. Unique origins are
	// represented as the string "null" per RFC 6454. This field is updated
	// whenever a frame navigation commits.
	//
	// TODO(alexmos): For now, \|origin\| updates are immediately sent to all frame
	// proxies when in --site-per-process mode. This isn't ideal, since Blink
	// typically needs a proxy's origin only when performing security checks on
	// the ancestors of a local frame. So, as a future improvement, we could
	// delay sending origin updates to proxies until they have a local descendant
	// (if ever). This would reduce leaking a user's browsing history into a
	// compromized renderer.
	url::Origin origin;

	// Current sandbox flags of the frame. \|sandbox_flags\| are initialized for
	// new child frames using the value of the <iframe> element's "sandbox"
	// attribute. They are updated dynamically whenever a parent frame updates an
	// <iframe>'s sandbox attribute via JavaScript.
	//
	// Updates to \|sandbox_flags\| are sent to proxies, but only after a
	// subsequent navigation of the (sandboxed) frame, since the flags only take
	// effect on navigation (see also FrameTreeNode::effective_sandbox_flags_).
	// The proxies need updated flags so that they can be inherited properly if a
	// proxy ever becomes a parent of a local frame.
	SandboxFlags sandbox_flags;

	// The assigned name of the frame. This name can be empty, unlike the unique
	// name generated internally in the DOM tree.
	//
	// \|name\| is set when a new child frame is created using the value of the
	// <iframe> element's "name" attribute (see
	// RenderFrameHostImpl::OnCreateChildFrame), and it is updated dynamically
	// whenever a frame sets its window.name.
	//
	// \|name\| updates are immediately sent to all frame proxies (when in
	// --site-per-process mode), so that other frames can look up or navigate a
	// frame using its updated name (e.g., using window.open(url, frame_name)).
	std::string name;

	// TODO(alexmos): Eventually, this structure can also hold other state that
	// needs to be replicated, such as frame sizing info.
	};

	} // namespace content

	#endif // CONTENT_COMMON_FRAME_REPLICATION_STATE_H_