Changeset 244853 in webkit


Ignore:
Timestamp:
May 1, 2019 3:08:00 PM (5 years ago)
Author:
jiewen_tan@apple.com
Message:

Move Document::domainIsRegisterable to SecurityOrigin::isMatchingRegistrableDomainSuffix
https://bugs.webkit.org/show_bug.cgi?id=181950
<rdar://problem/43357371>

Reviewed by Brent Fulgham.

Source/WebCore:

This patch moves Document::domainIsRegisterable to SecurityOrigin::isMatchingRegistrableDomainSuffix
to be more aligned with the HTML standard:
https://html.spec.whatwg.org/multipage/origin.html#is-a-registrable-domain-suffix-of-or-is-equal-to.
Besides that, it also removes redundant codes within the original method that is also done in
OriginAccessEntry::matchesOrigin.

Covered by new API tests.

  • dom/Document.cpp:

(WebCore::Document::setDomain):
(WebCore::Document::domainIsRegisterable const): Deleted.

  • dom/Document.h:
  • page/SecurityOrigin.cpp:

(WebCore::SecurityOrigin::isMatchingRegistrableDomainSuffix const):

  • page/SecurityOrigin.h:

Tools:

  • TestWebKitAPI/Tests/WebCore/SecurityOrigin.cpp:

(TestWebKitAPI::TEST_F):

Location:
trunk
Files:
7 edited

Legend:

Unmodified
Added
Removed
  • trunk/Source/WebCore/ChangeLog

    r244851 r244853  
     12019-05-01  Jiewen Tan  <jiewen_tan@apple.com>
     2
     3        Move Document::domainIsRegisterable to SecurityOrigin::isMatchingRegistrableDomainSuffix
     4        https://bugs.webkit.org/show_bug.cgi?id=181950
     5        <rdar://problem/43357371>
     6
     7        Reviewed by Brent Fulgham.
     8
     9        This patch moves Document::domainIsRegisterable to SecurityOrigin::isMatchingRegistrableDomainSuffix
     10        to be more aligned with the HTML standard:
     11        https://html.spec.whatwg.org/multipage/origin.html#is-a-registrable-domain-suffix-of-or-is-equal-to.
     12        Besides that, it also removes redundant codes within the original method that is also done in
     13        OriginAccessEntry::matchesOrigin.
     14
     15        Covered by new API tests.
     16
     17        * dom/Document.cpp:
     18        (WebCore::Document::setDomain):
     19        (WebCore::Document::domainIsRegisterable const): Deleted.
     20        * dom/Document.h:
     21        * page/SecurityOrigin.cpp:
     22        (WebCore::SecurityOrigin::isMatchingRegistrableDomainSuffix const):
     23        * page/SecurityOrigin.h:
     24
    1252019-05-01  Ryosuke Niwa  <rniwa@webkit.org>
    226
  • trunk/Source/WebCore/dom/Document.cpp

    r244815 r244853  
    136136#include "NodeRareData.h"
    137137#include "NodeWithIndex.h"
    138 #include "OriginAccessEntry.h"
    139138#include "OverflowEvent.h"
    140139#include "PageConsoleClient.h"
     
    48584857}
    48594858
    4860 bool Document::domainIsRegisterable(const String& newDomain) const
    4861 {
    4862     if (newDomain.isEmpty())
    4863         return false;
    4864 
    4865     const String& effectiveDomain = domain();
    4866 
    4867     // If the new domain is the same as the old domain, return true so that
    4868     // we still call securityOrigin().setDomainForDOM. This will change the
    4869     // security check behavior. For example, if a page loaded on port 8000
    4870     // assigns its current domain using document.domain, the page will
    4871     // allow other pages loaded on different ports in the same domain that
    4872     // have also assigned to access this page.
    4873     if (equalIgnoringASCIICase(effectiveDomain, newDomain))
    4874         return true;
    4875 
    4876     // e.g. newDomain = webkit.org (10) and domain() = www.webkit.org (14)
    4877     unsigned oldLength = effectiveDomain.length();
    4878     unsigned newLength = newDomain.length();
    4879     if (newLength >= oldLength)
    4880         return false;
    4881 
    4882     auto ipAddressSetting = settings().treatIPAddressAsDomain() ? OriginAccessEntry::TreatIPAddressAsDomain : OriginAccessEntry::TreatIPAddressAsIPAddress;
    4883     OriginAccessEntry accessEntry { securityOrigin().protocol(), newDomain, OriginAccessEntry::AllowSubdomains, ipAddressSetting };
    4884     if (!accessEntry.matchesOrigin(securityOrigin()))
    4885         return false;
    4886 
    4887     if (effectiveDomain[oldLength - newLength - 1] != '.')
    4888         return false;
    4889     if (StringView { effectiveDomain }.substring(oldLength - newLength) != newDomain)
    4890         return false;
    4891 
    4892     auto potentialPublicSuffix = newDomain;
    4893     if (potentialPublicSuffix.startsWith('.'))
    4894         potentialPublicSuffix.remove(0, 1);
    4895 
    4896 #if ENABLE(PUBLIC_SUFFIX_LIST)
    4897     return !isPublicSuffix(potentialPublicSuffix);
    4898 #else
    4899     return true;
    4900 #endif
    4901 }
    4902 
    49034859ExceptionOr<void> Document::setDomain(const String& newDomain)
    49044860{
     
    49184874        return Exception { SecurityError, "The document has a null effectiveDomain." };
    49194875
    4920     if (!domainIsRegisterable(newDomain))
     4876    if (!securityOrigin().isMatchingRegistrableDomainSuffix(newDomain, settings().treatIPAddressAsDomain()))
    49214877        return Exception { SecurityError, "Attempted to use a non-registrable domain." };
    49224878
  • trunk/Source/WebCore/dom/Document.h

    r244815 r244853  
    16451645    void platformSuspendOrStopActiveDOMObjects();
    16461646
    1647     bool domainIsRegisterable(const String&) const;
    1648 
    16491647    void enableTemporaryTimeUserGesture();
    16501648
  • trunk/Source/WebCore/page/SecurityOrigin.cpp

    r244573 r244853  
    3131
    3232#include "BlobURL.h"
     33#include "OriginAccessEntry.h"
    3334#include "SchemeRegistry.h"
    3435#include "SecurityPolicy.h"
     
    433434}
    434435
     436bool SecurityOrigin::isMatchingRegistrableDomainSuffix(const String& domainSuffix, bool treatIPAddressAsDomain) const
     437{
     438    if (domainSuffix.isEmpty())
     439        return false;
     440
     441    auto ipAddressSetting = treatIPAddressAsDomain ? OriginAccessEntry::TreatIPAddressAsDomain : OriginAccessEntry::TreatIPAddressAsIPAddress;
     442    OriginAccessEntry accessEntry { protocol(), domainSuffix, OriginAccessEntry::AllowSubdomains, ipAddressSetting };
     443    if (!accessEntry.matchesOrigin(*this))
     444        return false;
     445
     446    // Always return true if it is an exact match.
     447    if (domainSuffix.length() == host().length())
     448        return true;
     449
     450#if ENABLE(PUBLIC_SUFFIX_LIST)
     451    return !isPublicSuffix(domainSuffix);
     452#else
     453    return true;
     454#endif
     455}
     456
    435457void SecurityOrigin::grantLoadLocalResources()
    436458{
  • trunk/Source/WebCore/page/SecurityOrigin.h

    r244573 r244853  
    205205    WEBCORE_EXPORT bool isSameOriginAs(const SecurityOrigin&) const;
    206206
     207    // This method implements the "is a registrable domain suffix of or is equal to" algorithm from the HTML Standard:
     208    // https://html.spec.whatwg.org/multipage/origin.html#is-a-registrable-domain-suffix-of-or-is-equal-to
     209    WEBCORE_EXPORT bool isMatchingRegistrableDomainSuffix(const String&, bool treatIPAddressAsDomain = false) const;
     210
    207211    bool isPotentiallyTrustworthy() const { return m_isPotentiallyTrustworthy; }
    208212    void setIsPotentiallyTrustworthy(bool value) { m_isPotentiallyTrustworthy = value; }
  • trunk/Tools/ChangeLog

    r244852 r244853  
     12019-05-01  Jiewen Tan  <jiewen_tan@apple.com>
     2
     3        Move Document::domainIsRegisterable to SecurityOrigin::isMatchingRegistrableDomainSuffix
     4        https://bugs.webkit.org/show_bug.cgi?id=181950
     5        <rdar://problem/43357371>
     6
     7        Reviewed by Brent Fulgham.
     8
     9        * TestWebKitAPI/Tests/WebCore/SecurityOrigin.cpp:
     10        (TestWebKitAPI::TEST_F):
     11
    1122019-05-01  Aakash Jain  <aakash_jain@apple.com>
    213
  • trunk/Tools/TestWebKitAPI/Tests/WebCore/SecurityOrigin.cpp

    r240437 r244853  
    184184}
    185185
     186TEST_F(SecurityOriginTest, IsRegistrableDomainSuffix)
     187{
     188    auto exampleOrigin = SecurityOrigin::create(URL(URL(), "http://www.example.com"));
     189    EXPECT_TRUE(exampleOrigin->isMatchingRegistrableDomainSuffix("example.com"));
     190    EXPECT_TRUE(exampleOrigin->isMatchingRegistrableDomainSuffix("www.example.com"));
     191#if !ENABLE(PUBLIC_SUFFIX_LIST)
     192    EXPECT_TRUE(exampleOrigin->isMatchingRegistrableDomainSuffix("com"));
     193#endif
     194    EXPECT_FALSE(exampleOrigin->isMatchingRegistrableDomainSuffix(""));
     195    EXPECT_FALSE(exampleOrigin->isMatchingRegistrableDomainSuffix("."));
     196    EXPECT_FALSE(exampleOrigin->isMatchingRegistrableDomainSuffix(".example.com"));
     197    EXPECT_FALSE(exampleOrigin->isMatchingRegistrableDomainSuffix(".www.example.com"));
     198    EXPECT_FALSE(exampleOrigin->isMatchingRegistrableDomainSuffix("example.com."));
     199#if ENABLE(PUBLIC_SUFFIX_LIST)
     200    EXPECT_FALSE(exampleOrigin->isMatchingRegistrableDomainSuffix("com"));
     201#endif
     202
     203    auto exampleDotOrigin = SecurityOrigin::create(URL(URL(), "http://www.example.com."));
     204    EXPECT_TRUE(exampleDotOrigin->isMatchingRegistrableDomainSuffix("example.com."));
     205    EXPECT_TRUE(exampleDotOrigin->isMatchingRegistrableDomainSuffix("www.example.com."));
     206#if !ENABLE(PUBLIC_SUFFIX_LIST)
     207    EXPECT_TRUE(exampleOrigin->isMatchingRegistrableDomainSuffix("com."));
     208#endif
     209    EXPECT_FALSE(exampleDotOrigin->isMatchingRegistrableDomainSuffix(""));
     210    EXPECT_FALSE(exampleDotOrigin->isMatchingRegistrableDomainSuffix("."));
     211    EXPECT_FALSE(exampleDotOrigin->isMatchingRegistrableDomainSuffix(".example.com."));
     212    EXPECT_FALSE(exampleDotOrigin->isMatchingRegistrableDomainSuffix(".www.example.com."));
     213    EXPECT_FALSE(exampleDotOrigin->isMatchingRegistrableDomainSuffix("example.com"));
     214#if ENABLE(PUBLIC_SUFFIX_LIST)
     215    EXPECT_FALSE(exampleDotOrigin->isMatchingRegistrableDomainSuffix("com"));
     216#endif
     217
     218    auto ipOrigin = SecurityOrigin::create(URL(URL(), "http://127.0.0.1"));
     219    EXPECT_TRUE(ipOrigin->isMatchingRegistrableDomainSuffix("127.0.0.1", true));
     220    EXPECT_FALSE(ipOrigin->isMatchingRegistrableDomainSuffix("127.0.0.2", true));
     221
     222    auto comOrigin = SecurityOrigin::create(URL(URL(), "http://com"));
     223    EXPECT_TRUE(comOrigin->isMatchingRegistrableDomainSuffix("com"));
     224}
     225
    186226} // namespace TestWebKitAPI
Note: See TracChangeset for help on using the changeset viewer.