Changeset 127749 in webkit

Timestamp:

Sep 6, 2012 9:49:30 AM (12 years ago)

Author:

Carlos Garcia Campos

Message:

[GTK] Add API to get/set the security policy of a given URI scheme
​https://bugs.webkit.org/show_bug.cgi?id=95549

Reviewed by Martin Robinson.

Add WebKitSecurityPolicy enum with flags that represent the
security policy of a URI scheme. Add methods to get and set the
security policy flags for a given URI scheme.

• docs/webkitgtk-sections.txt: Add new symbols.
• tests/testglobals.c:

(test_globals_security_policy):
(main):

• webkit/webkitglobals.cpp:

(webkit_set_security_policy_for_uri_scheme):
(webkit_get_security_policy_for_uri_scheme):

• webkit/webkitglobals.h:

Location:

trunk/Source/WebKit/gtk

Files:

• ChangeLog (modified) (1 diff)
• docs/webkitgtk-sections.txt (modified) (1 diff)
• tests/testglobals.c (modified) (2 diffs)
• webkit/webkitglobals.cpp (modified) (2 diffs)
• webkit/webkitglobals.h (modified) (2 diffs)

trunk/Source/WebKit/gtk/ChangeLog

@@ +1 @@
+2012-09-06  Carlos Garcia Campos  <cgarcia@igalia.com>
+
+        [GTK] Add API to get/set the security policy of a given URI scheme
+        https://bugs.webkit.org/show_bug.cgi?id=95549
+
+        Reviewed by Martin Robinson.
+
+        Add WebKitSecurityPolicy enum with flags that represent the
+        security policy of a URI scheme. Add methods to get and set the
+        security policy flags for a given URI scheme.
+
+        * docs/webkitgtk-sections.txt: Add new symbols.
+        * tests/testglobals.c:
+        (test_globals_security_policy):
+        (main):
+        * webkit/webkitglobals.cpp:
+        (webkit_set_security_policy_for_uri_scheme):
+        (webkit_get_security_policy_for_uri_scheme):
+        * webkit/webkitglobals.h:
+
 2012-09-05  Kaustubh Atrawalkar  <kaustubh@motorola.com>
 

trunk/Source/WebKit/gtk/docs/webkitgtk-sections.txt

@@ -537 +537 @@
 WebKitContextMenuAction
 webkit_context_menu_item_get_action
+<SUBSECTION SecurityPolicy>
+WebKitSecurityPolicy
+webkit_set_security_policy_for_uri_scheme
+webkit_get_security_policy_for_uri_scheme
 <SUBSECTION Private>
 WEBKITGTK_API_VERSION

trunk/Source/WebKit/gtk/tests/testglobals.c

@@ -46 +46 @@
 }
 
+static void test_globals_security_policy()
+{
+    // Check default policy for well known schemes.
+    WebKitSecurityPolicy policy = webkit_get_security_policy_for_uri_scheme("http");
+    guint mask = WEBKIT_SECURITY_POLICY_CORS_ENABLED;
+    g_assert_cmpuint(policy & mask, ==, mask);
+
+    policy = webkit_get_security_policy_for_uri_scheme("https");
+    mask = WEBKIT_SECURITY_POLICY_SECURE | WEBKIT_SECURITY_POLICY_CORS_ENABLED;
+    g_assert_cmpuint(policy & mask, ==, mask);
+
+    policy = webkit_get_security_policy_for_uri_scheme("file");
+    mask = WEBKIT_SECURITY_POLICY_LOCAL;
+    g_assert_cmpuint(policy & mask, ==, mask);
+
+    policy = webkit_get_security_policy_for_uri_scheme("data");
+    mask = WEBKIT_SECURITY_POLICY_NO_ACCESS_TO_OTHER_SCHEME | WEBKIT_SECURITY_POLICY_SECURE;
+    g_assert_cmpuint(policy & mask, ==, mask);
+
+    policy = webkit_get_security_policy_for_uri_scheme("about");
+    mask = WEBKIT_SECURITY_POLICY_NO_ACCESS_TO_OTHER_SCHEME | WEBKIT_SECURITY_POLICY_SECURE | WEBKIT_SECURITY_POLICY_EMPTY_DOCUMENT;
+    g_assert_cmpuint(policy & mask, ==, mask);
+
+    // Custom scheme.
+    policy = webkit_get_security_policy_for_uri_scheme("foo");
+    g_assert(!policy);
+
+    policy |= WEBKIT_SECURITY_POLICY_LOCAL;
+    webkit_set_security_policy_for_uri_scheme("foo", policy);
+    g_assert_cmpuint(webkit_get_security_policy_for_uri_scheme("foo"), ==, policy);
+
+    policy |= WEBKIT_SECURITY_POLICY_NO_ACCESS_TO_OTHER_SCHEME;
+    webkit_set_security_policy_for_uri_scheme("foo", policy);
+    g_assert_cmpuint(webkit_get_security_policy_for_uri_scheme("foo"), ==, policy);
+
+    policy |= WEBKIT_SECURITY_POLICY_DISPLAY_ISOLATED;
+    webkit_set_security_policy_for_uri_scheme("foo", policy);
+    g_assert_cmpuint(webkit_get_security_policy_for_uri_scheme("foo"), ==, policy);
+
+    policy |= WEBKIT_SECURITY_POLICY_SECURE;
+    webkit_set_security_policy_for_uri_scheme("foo", policy);
+    g_assert_cmpuint(webkit_get_security_policy_for_uri_scheme("foo"), ==, policy);
+
+    policy |= WEBKIT_SECURITY_POLICY_CORS_ENABLED;
+    webkit_set_security_policy_for_uri_scheme("foo", policy);
+    g_assert_cmpuint(webkit_get_security_policy_for_uri_scheme("foo"), ==, policy);
+
+    policy |= WEBKIT_SECURITY_POLICY_EMPTY_DOCUMENT;
+    webkit_set_security_policy_for_uri_scheme("foo", policy);
+    g_assert_cmpuint(webkit_get_security_policy_for_uri_scheme("foo"), ==, policy);
+}
+
 int main(int argc, char** argv)
 {
@@ -53 +105 @@
     g_test_add_func("/webkit/globals/default_session",
                     test_globals_default_session);
+    g_test_add_func("/webkit/globals/security-policy",
+                    test_globals_security_policy);
     return g_test_run();
 }

trunk/Source/WebKit/gtk/webkit/webkitglobals.cpp

@@ -41 +41 @@
 #include "ResourceHandleInternal.h"
 #include "ResourceResponse.h"
+#include "SchemeRegistry.h"
 #include "webkitapplicationcache.h"
 #include "webkitfavicondatabase.h"
@@ -492 +493 @@
 }
 
+/**
+ * webkit_set_security_policy_for_uri_scheme:
+ * @scheme: a URI scheme
+ * @policy: a #WebKitSecurityPolicy
+ *
+ * Set the security policy for the given URI scheme.
+ *
+ * Since: 2.0
+ */
+void webkit_set_security_policy_for_uri_scheme(const char *scheme, WebKitSecurityPolicy policy)
+{
+    g_return_if_fail(scheme);
+
+    if (!policy)
+        return;
+
+    String urlScheme = String::fromUTF8(scheme);
+
+    if (policy & WEBKIT_SECURITY_POLICY_LOCAL)
+        SchemeRegistry::registerURLSchemeAsLocal(urlScheme);
+    if (policy & WEBKIT_SECURITY_POLICY_NO_ACCESS_TO_OTHER_SCHEME)
+        SchemeRegistry::registerURLSchemeAsNoAccess(urlScheme);
+    if (policy & WEBKIT_SECURITY_POLICY_DISPLAY_ISOLATED)
+        SchemeRegistry::registerURLSchemeAsDisplayIsolated(urlScheme);
+    if (policy & WEBKIT_SECURITY_POLICY_SECURE)
+        SchemeRegistry::registerURLSchemeAsSecure(urlScheme);
+    if (policy & WEBKIT_SECURITY_POLICY_CORS_ENABLED)
+        SchemeRegistry::registerURLSchemeAsCORSEnabled(urlScheme);
+    if (policy & WEBKIT_SECURITY_POLICY_EMPTY_DOCUMENT)
+        SchemeRegistry::registerURLSchemeAsEmptyDocument(urlScheme);
+}
+
+/**
+ * webkit_get_security_policy_for_uri_scheme:
+ * @scheme: a URI scheme
+ *
+ * Get the security policy for the given URI scheme.
+ *
+ * Returns: a #WebKitSecurityPolicy
+ *
+ * Since: 2.0
+ */
+WebKitSecurityPolicy webkit_get_security_policy_for_uri_scheme(const char *scheme)
+{
+    g_return_val_if_fail(scheme, static_cast<WebKitSecurityPolicy>(0));
+
+    guint policy = 0;
+    String urlScheme = String::fromUTF8(scheme);
+
+    if (SchemeRegistry::shouldTreatURLSchemeAsLocal(urlScheme))
+        policy |= WEBKIT_SECURITY_POLICY_LOCAL;
+    if (SchemeRegistry::shouldTreatURLSchemeAsNoAccess(urlScheme))
+        policy |= WEBKIT_SECURITY_POLICY_NO_ACCESS_TO_OTHER_SCHEME;
+    if (SchemeRegistry::shouldTreatURLSchemeAsDisplayIsolated(urlScheme))
+        policy |= WEBKIT_SECURITY_POLICY_DISPLAY_ISOLATED;
+    if (SchemeRegistry::shouldTreatURLSchemeAsSecure(urlScheme))
+        policy |= WEBKIT_SECURITY_POLICY_SECURE;
+    if (SchemeRegistry::shouldTreatURLSchemeAsCORSEnabled(urlScheme))
+        policy |= WEBKIT_SECURITY_POLICY_CORS_ENABLED;
+    if (SchemeRegistry::shouldLoadURLSchemeAsEmptyDocument(urlScheme))
+        policy |= WEBKIT_SECURITY_POLICY_EMPTY_DOCUMENT;
+
+    return static_cast<WebKitSecurityPolicy>(policy);
+}
+
 void webkitInit()
 {

trunk/Source/WebKit/gtk/webkit/webkitglobals.h

@@ -143 +143 @@
 } WebKitContextMenuAction;
 
+/**
+ * WebKitSecurityPolicy:
+ * @WEBKIT_SECURITY_POLICY_LOCAL: Local URI scheme, other non-local pages
+ *   cannot link to or access URIs of this scheme.
+ * @WEBKIT_SECURITY_POLICY_NO_ACCESS_TO_OTHER_SCHEME: Pages loaded with this URI scheme
+ *   cannot access pages loaded with any other URI scheme.
+ * @WEBKIT_SECURITY_POLICY_DISPLAY_ISOLATED: Pages cannot display these URIs
+ *   unless they are from the same scheme.
+ * @WEBKIT_SECURITY_POLICY_SECURE: Secure URI scheme, doesn't generate mixed
+ *   content warnings when included by an HTTPS page.
+ * @WEBKIT_SECURITY_POLICY_CORS_ENABLED: URI scheme that can be sent
+ *   CORS (Cross-origin resource sharing) requests. See W3C CORS specification
+ *   http://www.w3.org/TR/cors/.
+ * @WEBKIT_SECURITY_POLICY_EMPTY_DOCUMENT: Strictly empty documents allowed
+ *   to commit synchronously.
+ *
+ * Flags used to represent the security policy of a URI scheme.
+ *
+ * Since: 2.0
+ */
+typedef enum {
+    WEBKIT_SECURITY_POLICY_LOCAL                     = 1 << 1,
+    WEBKIT_SECURITY_POLICY_NO_ACCESS_TO_OTHER_SCHEME = 1 << 2,
+    WEBKIT_SECURITY_POLICY_DISPLAY_ISOLATED          = 1 << 3,
+    WEBKIT_SECURITY_POLICY_SECURE                    = 1 << 4,
+    WEBKIT_SECURITY_POLICY_CORS_ENABLED              = 1 << 5,
+    WEBKIT_SECURITY_POLICY_EMPTY_DOCUMENT            = 1 << 6
+} WebKitSecurityPolicy;
+
 WEBKIT_API SoupSession*
 webkit_get_default_session                      (void);
@@ -172 +201 @@
 webkit_context_menu_item_get_action            (GtkMenuItem* item);
 
+WEBKIT_API void
+webkit_set_security_policy_for_uri_scheme      (const gchar         *scheme,
+                                                WebKitSecurityPolicy policy);
+
+WEBKIT_API WebKitSecurityPolicy
+webkit_get_security_policy_for_uri_scheme      (const gchar         *scheme);
+
 G_END_DECLS