Changeset 149869 in webkit
- Timestamp:
- May 10, 2013 5:22:43 AM (11 years ago)
- Location:
- trunk/Source/WebCore
- Files:
-
- 4 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/Source/WebCore/ChangeLog
r149867 r149869 1 2013-05-10 Anders Carlsson <andersca@apple.com> 2 3 Unreviewed, rolling out r149866. 4 http://trac.webkit.org/changeset/149866 5 https://bugs.webkit.org/show_bug.cgi?id=115898 6 7 Broke tests 8 9 * dom/Document.cpp: 10 (WebCore::Document::setDomain): 11 (WebCore::Document::initSecurityContext): 12 * page/SecurityOrigin.cpp: 13 (WebCore::SecurityOrigin::SecurityOrigin): 14 (WebCore::SecurityOrigin::isolatedCopy): 15 (WebCore::SecurityOrigin::setDomainFromDOM): 16 (WebCore::SecurityOrigin::grantUniversalAccess): 17 * page/SecurityOrigin.h: 18 (SecurityOrigin): 19 1 20 2013-05-10 Andrei Bucur <abucur@adobe.com> 2 21 -
trunk/Source/WebCore/dom/Document.cpp
r149866 r149869 3805 3805 3806 3806 // If the new domain is the same as the old domain, still call 3807 // securityOrigin()-> copyWithDomainSetFromDOM. This will change the3807 // securityOrigin()->setDomainForDOM. This will change the 3808 3808 // security check behavior. For example, if a page loaded on port 8000 3809 3809 // assigns its current domain using document.domain, the page will … … 3811 3811 // have also assigned to access this page. 3812 3812 if (equalIgnoringCase(domain(), newDomain)) { 3813 se tSecurityOrigin(securityOrigin()->copyWithDomainSetFromDOM(newDomain));3813 securityOrigin()->setDomainFromDOM(newDomain); 3814 3814 return; 3815 3815 } … … 3838 3838 } 3839 3839 3840 se tSecurityOrigin(securityOrigin()->copyWithDomainSetFromDOM(newDomain));3840 securityOrigin()->setDomainFromDOM(newDomain); 3841 3841 } 3842 3842 … … 4598 4598 // Web security is turned off. We should let this document access every other document. This is used primary by testing 4599 4599 // harnesses for web sites. 4600 se tSecurityOrigin(securityOrigin()->copyWithUniversalAccessGranted());4600 securityOrigin()->grantUniversalAccess(); 4601 4601 } else if (securityOrigin()->isLocal()) { 4602 4602 if (settings->allowUniversalAccessFromFileURLs() || m_frame->loader()->client()->shouldForceUniversalAccessFromLocalURL(m_url)) { 4603 4603 // Some clients want local URLs to have universal access, but that setting is dangerous for other clients. 4604 se tSecurityOrigin(securityOrigin()->copyWithUniversalAccessGranted());4604 securityOrigin()->grantUniversalAccess(); 4605 4605 } else if (!settings->allowFileAccessFromFileURLs()) { 4606 4606 // Some clients want local URLs to have even tighter restrictions by default, and not be able to access other local files. -
trunk/Source/WebCore/page/SecurityOrigin.cpp
r149866 r149869 157 157 } 158 158 159 SecurityOrigin::SecurityOrigin(const S tring& protocol, const String& host, const String& domain, const String& filePath, unsigned short port, bool isUnique, bool universalAccess, bool domainWasSetInDOM, bool canLoadLocalResources, StorageBlockingPolicy storageBlockingPolicy, bool enforceFilePathSeparation, bool needsDatabaseIdentifierQuirkForFiles)160 : m_protocol( protocol)161 , m_host( host)162 , m_domain( domain)163 , m_filePath( filePath)164 , m_port( port)165 , m_isUnique( isUnique)166 , m_universalAccess( universalAccess)167 , m_domainWasSetInDOM( domainWasSetInDOM)168 , m_canLoadLocalResources( canLoadLocalResources)169 , m_storageBlockingPolicy( storageBlockingPolicy)170 , m_enforceFilePathSeparation( enforceFilePathSeparation)171 , m_needsDatabaseIdentifierQuirkForFiles( needsDatabaseIdentifierQuirkForFiles)159 SecurityOrigin::SecurityOrigin(const SecurityOrigin* other) 160 : m_protocol(other->m_protocol.isolatedCopy()) 161 , m_host(other->m_host.isolatedCopy()) 162 , m_domain(other->m_domain.isolatedCopy()) 163 , m_filePath(other->m_filePath.isolatedCopy()) 164 , m_port(other->m_port) 165 , m_isUnique(other->m_isUnique) 166 , m_universalAccess(other->m_universalAccess) 167 , m_domainWasSetInDOM(other->m_domainWasSetInDOM) 168 , m_canLoadLocalResources(other->m_canLoadLocalResources) 169 , m_storageBlockingPolicy(other->m_storageBlockingPolicy) 170 , m_enforceFilePathSeparation(other->m_enforceFilePathSeparation) 171 , m_needsDatabaseIdentifierQuirkForFiles(other->m_needsDatabaseIdentifierQuirkForFiles) 172 172 { 173 173 } … … 208 208 PassRefPtr<SecurityOrigin> SecurityOrigin::isolatedCopy() const 209 209 { 210 return adoptRef(new SecurityOrigin(m_protocol.isolatedCopy(), m_host.isolatedCopy(), m_domain.isolatedCopy(), m_filePath.isolatedCopy(), m_port, m_isUnique, m_universalAccess, m_domainWasSetInDOM, m_canLoadLocalResources, m_storageBlockingPolicy, m_enforceFilePathSeparation, m_needsDatabaseIdentifierQuirkForFiles)); 211 } 212 213 PassRefPtr<SecurityOrigin> SecurityOrigin::copyWithDomainSetFromDOM(const String& newDomain) const 214 { 215 String domain = newDomain.lower(); 216 if (m_domainWasSetInDOM && m_domain == domain) 217 return const_cast<SecurityOrigin*>(this); 218 219 return adoptRef(new SecurityOrigin(m_protocol, m_host, domain, m_filePath, m_port, m_isUnique, m_universalAccess, true, m_canLoadLocalResources, m_storageBlockingPolicy, m_enforceFilePathSeparation, m_needsDatabaseIdentifierQuirkForFiles)); 210 return adoptRef(new SecurityOrigin(this)); 211 } 212 213 void SecurityOrigin::setDomainFromDOM(const String& newDomain) 214 { 215 m_domainWasSetInDOM = true; 216 m_domain = newDomain.lower(); 220 217 } 221 218 … … 438 435 } 439 436 440 PassRefPtr<SecurityOrigin> SecurityOrigin::copyWithUniversalAccessGranted() const 441 { 442 if (m_universalAccess) 443 return const_cast<SecurityOrigin*>(this); 444 445 return adoptRef(new SecurityOrigin(m_protocol, m_host, m_domain, m_filePath, m_port, m_isUnique, true, m_domainWasSetInDOM, m_canLoadLocalResources, m_storageBlockingPolicy, m_enforceFilePathSeparation, m_needsDatabaseIdentifierQuirkForFiles)); 437 void SecurityOrigin::grantUniversalAccess() 438 { 439 m_universalAccess = true; 446 440 } 447 441 -
trunk/Source/WebCore/page/SecurityOrigin.h
r149866 r149869 75 75 PassRefPtr<SecurityOrigin> isolatedCopy() const; 76 76 77 // Create a new security origin with the domain property setto newDomain. This77 // Set the domain property of this security origin to newDomain. This 78 78 // function does not check whether newDomain is a suffix of the current 79 79 // domain. The caller is responsible for validating newDomain. 80 PassRefPtr<SecurityOrigin> copyWithDomainSetFromDOM(const String& newDomain) const;80 void setDomainFromDOM(const String& newDomain); 81 81 bool domainWasSetInDOM() const { return m_domainWasSetInDOM; } 82 82 … … 138 138 // 139 139 // WARNING: This is an extremely powerful ability. Use with caution! 140 PassRefPtr<SecurityOrigin> copyWithUniversalAccessGranted() const;140 void grantUniversalAccess(); 141 141 142 142 void setStorageBlockingPolicy(StorageBlockingPolicy policy) { m_storageBlockingPolicy = policy; } … … 216 216 explicit SecurityOrigin(const KURL&); 217 217 explicit SecurityOrigin(const SecurityOrigin*); 218 SecurityOrigin(const String& protocol, const String& host, const String& domain, const String& filePath, unsigned short port, bool isUnique, bool universalAccess, bool domainWasSetInDOM, bool canLoadLocalResources, StorageBlockingPolicy, bool enforceFilePathSeparation, bool needsDatabaseIdentifierQuirkForFiles);219 218 220 219 // FIXME: Rename this function to something more semantic.
Note: See TracChangeset
for help on using the changeset viewer.