Allow blocking of IndexedDB in third-party contexts
[WebKit-https.git] / Source / WebCore / Modules / indexeddb / IDBFactory.cpp
index 2d3c0d3..7ad7566 100644 (file)
@@ -95,10 +95,14 @@ static String getIndexedDBDatabasePath(ScriptExecutionContext* context)
 }
 }
 
-PassRefPtr<IDBRequest> IDBFactory::getDatabaseNames(ScriptExecutionContext* context, ExceptionCode&)
+PassRefPtr<IDBRequest> IDBFactory::getDatabaseNames(ScriptExecutionContext* context, ExceptionCode& ec)
 {
     if (!isContextValid(context))
         return 0;
+    if (!context->securityOrigin()->canAccessDatabase(context->topOrigin())) {
+        ec = SECURITY_ERR;
+        return 0;
+    }
 
     RefPtr<IDBRequest> request = IDBRequest::create(context, IDBAny::create(this), 0);
     m_backend->getDatabaseNames(request, context->securityOrigin(), context, getIndexedDBDatabasePath(context));
@@ -125,6 +129,10 @@ PassRefPtr<IDBOpenDBRequest> IDBFactory::openInternal(ScriptExecutionContext* co
     }
     if (!isContextValid(context))
         return 0;
+    if (!context->securityOrigin()->canAccessDatabase(context->topOrigin())) {
+        ec = SECURITY_ERR;
+        return 0;
+    }
 
     RefPtr<IDBDatabaseCallbacksImpl> databaseCallbacks = IDBDatabaseCallbacksImpl::create();
     int64_t transactionId = IDBDatabase::nextTransactionId();
@@ -146,6 +154,10 @@ PassRefPtr<IDBOpenDBRequest> IDBFactory::deleteDatabase(ScriptExecutionContext*
     }
     if (!isContextValid(context))
         return 0;
+    if (!context->securityOrigin()->canAccessDatabase(context->topOrigin())) {
+        ec = SECURITY_ERR;
+        return 0;
+    }
 
     RefPtr<IDBOpenDBRequest> request = IDBOpenDBRequest::create(context, 0, 0, IDBDatabaseMetadata::DefaultIntVersion);
     m_backend->deleteDatabase(name, request, context->securityOrigin(), context, getIndexedDBDatabasePath(context));