Changeset 149866 in webkit

Timestamp:

May 10, 2013 4:59:15 AM (11 years ago)

Author:

andersca@apple.com

Message:

Begin making SecurityOrigin immutable
​https://bugs.webkit.org/show_bug.cgi?id=115898

Reviewed by Andreas Kling.

Replace SecurityOrigin::setDomainFromDOM and SecurityOrigin::grantUniversalAccess with
member functions that return new SecurityOrigin objects.

• dom/Document.cpp:

(WebCore::Document::setDomain):
Update the security origin to one returned by copyWithDomainSetFromDOM.

(WebCore::Document::initSecurityContext):
Set the security origin to one returned by copyWithUniversalAccessGranted().

• page/SecurityOrigin.cpp:

(WebCore::SecurityOrigin::SecurityOrigin):
Add a new constructor that takes all the member variables as parameters. This is a little unwieldy at the moment,
but all the boolean parameters could be replaced by a bitmask of flags.

(WebCore::SecurityOrigin::isolatedCopy):
Call the new constructor.

(WebCore::SecurityOrigin::copyWithDomainSetFromDOM):
Return a new security origin with m_domainWasSetInDOM set to true and the domain updated.

(WebCore::SecurityOrigin::copyWithUniversalAccessGranted):
Return a new security origin with m_universalAccess set to true.

Location:

trunk/Source/WebCore

Files:

• ChangeLog (modified) (1 diff)
• dom/Document.cpp (modified) (4 diffs)
• page/SecurityOrigin.cpp (modified) (3 diffs)
• page/SecurityOrigin.h (modified) (3 diffs)

trunk/Source/WebCore/ChangeLog

@@ +1 @@
+2013-05-10  Anders Carlsson  <andersca@apple.com>
+
+        Begin making SecurityOrigin immutable
+        https://bugs.webkit.org/show_bug.cgi?id=115898
+
+        Reviewed by Andreas Kling.
+
+        Replace SecurityOrigin::setDomainFromDOM and SecurityOrigin::grantUniversalAccess with
+        member functions that return new SecurityOrigin objects.
+
+        * dom/Document.cpp:
+        (WebCore::Document::setDomain):
+        Update the security origin to one returned by copyWithDomainSetFromDOM.
+    
+        (WebCore::Document::initSecurityContext):
+        Set the security origin to one returned by copyWithUniversalAccessGranted().
+
+        * page/SecurityOrigin.cpp:
+        (WebCore::SecurityOrigin::SecurityOrigin):
+        Add a new constructor that takes all the member variables as parameters. This is a little unwieldy at the moment,
+        but all the boolean parameters could be replaced by a bitmask of flags.
+
+        (WebCore::SecurityOrigin::isolatedCopy):
+        Call the new constructor.
+
+        (WebCore::SecurityOrigin::copyWithDomainSetFromDOM):
+        Return a new security origin with m_domainWasSetInDOM set to true and the domain updated.
+
+        (WebCore::SecurityOrigin::copyWithUniversalAccessGranted):
+        Return a new security origin with m_universalAccess set to true.
+
 2013-05-10  Anders Carlsson  <andersca@apple.com>
 

trunk/Source/WebCore/dom/Document.cpp

@@ -3805 +3805 @@
 
     // If the new domain is the same as the old domain, still call
-    // securityOrigin()->setDomainForDOM. This will change the
+    // securityOrigin()->copyWithDomainSetFromDOM. This will change the
     // security check behavior. For example, if a page loaded on port 8000
     // assigns its current domain using document.domain, the page will
@@ -3811 +3811 @@
     // have also assigned to access this page.
     if (equalIgnoringCase(domain(), newDomain)) {
-        securityOrigin()->setDomainFromDOM(newDomain);
+        setSecurityOrigin(securityOrigin()->copyWithDomainSetFromDOM(newDomain));
         return;
     }
@@ -3838 +3838 @@
     }
 
-    securityOrigin()->setDomainFromDOM(newDomain);
+    setSecurityOrigin(securityOrigin()->copyWithDomainSetFromDOM(newDomain));
 }
 
@@ -4598 +4598 @@
             // Web security is turned off. We should let this document access every other document. This is used primary by testing
             // harnesses for web sites.
-            securityOrigin()->grantUniversalAccess();
+            setSecurityOrigin(securityOrigin()->copyWithUniversalAccessGranted());
         } else if (securityOrigin()->isLocal()) {
             if (settings->allowUniversalAccessFromFileURLs() || m_frame->loader()->client()->shouldForceUniversalAccessFromLocalURL(m_url)) {
                 // Some clients want local URLs to have universal access, but that setting is dangerous for other clients.
-                securityOrigin()->grantUniversalAccess();
+                setSecurityOrigin(securityOrigin()->copyWithUniversalAccessGranted());
             } else if (!settings->allowFileAccessFromFileURLs()) {
                 // Some clients want local URLs to have even tighter restrictions by default, and not be able to access other local files.

trunk/Source/WebCore/page/SecurityOrigin.cpp

@@ -157 +157 @@
 }
 
-SecurityOrigin::SecurityOrigin(const SecurityOrigin* other)
-    : m_protocol(other->m_protocol.isolatedCopy())
-    , m_host(other->m_host.isolatedCopy())
-    , m_domain(other->m_domain.isolatedCopy())
-    , m_filePath(other->m_filePath.isolatedCopy())
-    , m_port(other->m_port)
-    , m_isUnique(other->m_isUnique)
-    , m_universalAccess(other->m_universalAccess)
-    , m_domainWasSetInDOM(other->m_domainWasSetInDOM)
-    , m_canLoadLocalResources(other->m_canLoadLocalResources)
-    , m_storageBlockingPolicy(other->m_storageBlockingPolicy)
-    , m_enforceFilePathSeparation(other->m_enforceFilePathSeparation)
-    , m_needsDatabaseIdentifierQuirkForFiles(other->m_needsDatabaseIdentifierQuirkForFiles)
+SecurityOrigin::SecurityOrigin(const String& protocol, const String& host, const String& domain, const String& filePath, unsigned short port, bool isUnique, bool universalAccess, bool domainWasSetInDOM, bool canLoadLocalResources, StorageBlockingPolicy storageBlockingPolicy, bool enforceFilePathSeparation, bool needsDatabaseIdentifierQuirkForFiles)
+    : m_protocol(protocol)
+    , m_host(host)
+    , m_domain(domain)
+    , m_filePath(filePath)
+    , m_port(port)
+    , m_isUnique(isUnique)
+    , m_universalAccess(universalAccess)
+    , m_domainWasSetInDOM(domainWasSetInDOM)
+    , m_canLoadLocalResources(canLoadLocalResources)
+    , m_storageBlockingPolicy(storageBlockingPolicy)
+    , m_enforceFilePathSeparation(enforceFilePathSeparation)
+    , m_needsDatabaseIdentifierQuirkForFiles(needsDatabaseIdentifierQuirkForFiles)
 {
 }
@@ -208 +208 @@
 PassRefPtr<SecurityOrigin> SecurityOrigin::isolatedCopy() const
 {
-    return adoptRef(new SecurityOrigin(this));
-}
-
-void SecurityOrigin::setDomainFromDOM(const String& newDomain)
-{
-    m_domainWasSetInDOM = true;
-    m_domain = newDomain.lower();
+    return adoptRef(new SecurityOrigin(m_protocol.isolatedCopy(), m_host.isolatedCopy(), m_domain.isolatedCopy(), m_filePath.isolatedCopy(), m_port, m_isUnique, m_universalAccess, m_domainWasSetInDOM, m_canLoadLocalResources, m_storageBlockingPolicy, m_enforceFilePathSeparation, m_needsDatabaseIdentifierQuirkForFiles));
+}
+
+PassRefPtr<SecurityOrigin> SecurityOrigin::copyWithDomainSetFromDOM(const String& newDomain) const
+{
+    String domain = newDomain.lower();
+    if (m_domainWasSetInDOM && m_domain == domain)
+        return const_cast<SecurityOrigin*>(this);
+
+    return adoptRef(new SecurityOrigin(m_protocol, m_host, domain, m_filePath, m_port, m_isUnique, m_universalAccess, true, m_canLoadLocalResources, m_storageBlockingPolicy, m_enforceFilePathSeparation, m_needsDatabaseIdentifierQuirkForFiles));
 }
 
@@ -435 +438 @@
 }
 
-void SecurityOrigin::grantUniversalAccess()
-{
-    m_universalAccess = true;
+PassRefPtr<SecurityOrigin> SecurityOrigin::copyWithUniversalAccessGranted() const
+{
+    if (m_universalAccess)
+        return const_cast<SecurityOrigin*>(this);
+
+    return adoptRef(new SecurityOrigin(m_protocol, m_host, m_domain, m_filePath, m_port, m_isUnique, true, m_domainWasSetInDOM, m_canLoadLocalResources, m_storageBlockingPolicy, m_enforceFilePathSeparation, m_needsDatabaseIdentifierQuirkForFiles));
 }
 

trunk/Source/WebCore/page/SecurityOrigin.h

@@ -75 +75 @@
     PassRefPtr<SecurityOrigin> isolatedCopy() const;
 
-    // Set the domain property of this security origin to newDomain. This
+    // Create a new security origin with the domain property set to newDomain. This
     // function does not check whether newDomain is a suffix of the current
     // domain. The caller is responsible for validating newDomain.
-    void setDomainFromDOM(const String& newDomain);
+    PassRefPtr<SecurityOrigin> copyWithDomainSetFromDOM(const String& newDomain) const;
     bool domainWasSetInDOM() const { return m_domainWasSetInDOM; }
 
@@ -138 +138 @@
     //
     // WARNING: This is an extremely powerful ability. Use with caution!
-    void grantUniversalAccess();
+    PassRefPtr<SecurityOrigin> copyWithUniversalAccessGranted() const;
 
     void setStorageBlockingPolicy(StorageBlockingPolicy policy) { m_storageBlockingPolicy = policy; }
@@ -216 +216 @@
     explicit SecurityOrigin(const KURL&);
     explicit SecurityOrigin(const SecurityOrigin*);
+    SecurityOrigin(const String& protocol, const String& host, const String& domain, const String& filePath, unsigned short port, bool isUnique, bool universalAccess, bool domainWasSetInDOM, bool canLoadLocalResources, StorageBlockingPolicy, bool enforceFilePathSeparation, bool needsDatabaseIdentifierQuirkForFiles);
 
     // FIXME: Rename this function to something more semantic.