Changeset 147526 in webkit


Ignore:
Timestamp:
Apr 3, 2013 1:31:07 AM (11 years ago)
Author:
mkwst@chromium.org
Message:

Extract URL that doesn't inherit a parent's SecurityOrigin out into a constant.
https://bugs.webkit.org/show_bug.cgi?id=113780

Reviewed by Jochen Eisinger.

We're scheduling navigations to 'data:text/html,' in XSSAuditor in
order to end up on a page that doesn't inherit its parent's
SecurityOrigin. We'll be reusing this mechainsm to solve
http://wkbug.com/112903

This patch makes us more explicit about what we're doing and why.
It doesn't change any behavior: XSSAuditor tests should still pass.

  • html/parser/XSSAuditorDelegate.cpp:

(WebCore::XSSAuditorDelegate::didBlockScript):

Use SecurityOrigin::urlWithUniqueSecurityOrigin rather than a
literal string to make our intentions clear.

  • page/SecurityOrigin.cpp:

(WebCore::SecurityOrigin::urlWithUniqueSecurityOrigin):

  • page/SecurityOrigin.h:

Add the new static method.

Location:
trunk/Source/WebCore
Files:
4 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/WebCore/ChangeLog

    r147523 r147526  
     12013-04-03  Mike West  <mkwst@chromium.org>
     2
     3        Extract URL that doesn't inherit a parent's SecurityOrigin out into a constant.
     4        https://bugs.webkit.org/show_bug.cgi?id=113780
     5
     6        Reviewed by Jochen Eisinger.
     7
     8        We're scheduling navigations to 'data:text/html,' in XSSAuditor in
     9        order to end up on a page that doesn't inherit its parent's
     10        SecurityOrigin. We'll be reusing this mechainsm to solve
     11        http://wkbug.com/112903
     12
     13        This patch makes us more explicit about what we're doing and why.
     14        It doesn't change any behavior: XSSAuditor tests should still pass.
     15
     16        * html/parser/XSSAuditorDelegate.cpp:
     17        (WebCore::XSSAuditorDelegate::didBlockScript):
     18            Use SecurityOrigin::urlWithUniqueSecurityOrigin rather than a
     19            literal string to make our intentions clear.
     20        * page/SecurityOrigin.cpp:
     21        (WebCore::SecurityOrigin::urlWithUniqueSecurityOrigin):
     22        * page/SecurityOrigin.h:
     23            Add the new static method.
     24
    1252013-04-02  Chris Fleizach  <cfleizach@apple.com>
    226

  • trunk/Source/WebCore/html/parser/XSSAuditorDelegate.cpp

    r145801 r147526  
    112112
    113113    if (xssInfo.m_didBlockEntirePage)
    114         m_document->frame()->navigationScheduler()->scheduleLocationChange(m_document->securityOrigin(), String("data:text/html,<p></p>"), blankURL());
     114        m_document->frame()->navigationScheduler()->scheduleLocationChange(m_document->securityOrigin(), SecurityOrigin::urlWithUniqueSecurityOrigin(), String());
    115115}
    116116

  • trunk/Source/WebCore/page/SecurityOrigin.cpp

    r146580 r147526  
    593593}
    594594
     595String SecurityOrigin::urlWithUniqueSecurityOrigin()
     596{
     597    ASSERT(isMainThread());
     598    DEFINE_STATIC_LOCAL(const String, uniqueSecurityOriginURL, (ASCIILiteral("data:,")));
     599    return uniqueSecurityOriginURL;
     600}
     601
    595602} // namespace WebCore

  • trunk/Source/WebCore/page/SecurityOrigin.h

    r146115 r147526  
    211211    bool isSameSchemeHostPort(const SecurityOrigin*) const;
    212212
     213    static String urlWithUniqueSecurityOrigin();
     214
    213215private:
    214216    SecurityOrigin();
Note: See TracChangeset for help on using the changeset viewer.