Added security check for cross origin

This CL adds a security check for cross origin with
BindingSecurity::ShouldAllowAccessToCreationContext().
|js_event|, a V8 wrapper object for event object, must be created in the
relevant realm of the event target, but it is possible that listener's
relevant context cannnot access the relevant realm of event target
(ex. when Document.origin is changed).
We have to check this before invoking event listener.

Bug: 872138, 884516
Change-Id: Ic5d0c8e6cda4db57a2097ce230e75cc59905b350
Reviewed-on: https://chromium-review.googlesource.com/c/1270300
Commit-Queue: Yuki Yamada <yukiy@google.com>
Reviewed-by: Kentaro Hara <haraken@chromium.org>
Reviewed-by: Hitoshi Yoshida <peria@chromium.org>
Reviewed-by: Yuki Shiino <yukishiino@chromium.org>
Cr-Commit-Position: refs/heads/master@{#599154}
1 file changed