Changeset 244853 in webkit
- Timestamp:
- May 1, 2019 3:08:00 PM (5 years ago)
- Location:
- trunk
- Files:
-
- 7 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/Source/WebCore/ChangeLog
r244851 r244853 1 2019-05-01 Jiewen Tan <jiewen_tan@apple.com> 2 3 Move Document::domainIsRegisterable to SecurityOrigin::isMatchingRegistrableDomainSuffix 4 https://bugs.webkit.org/show_bug.cgi?id=181950 5 <rdar://problem/43357371> 6 7 Reviewed by Brent Fulgham. 8 9 This patch moves Document::domainIsRegisterable to SecurityOrigin::isMatchingRegistrableDomainSuffix 10 to be more aligned with the HTML standard: 11 https://html.spec.whatwg.org/multipage/origin.html#is-a-registrable-domain-suffix-of-or-is-equal-to. 12 Besides that, it also removes redundant codes within the original method that is also done in 13 OriginAccessEntry::matchesOrigin. 14 15 Covered by new API tests. 16 17 * dom/Document.cpp: 18 (WebCore::Document::setDomain): 19 (WebCore::Document::domainIsRegisterable const): Deleted. 20 * dom/Document.h: 21 * page/SecurityOrigin.cpp: 22 (WebCore::SecurityOrigin::isMatchingRegistrableDomainSuffix const): 23 * page/SecurityOrigin.h: 24 1 25 2019-05-01 Ryosuke Niwa <rniwa@webkit.org> 2 26 -
trunk/Source/WebCore/dom/Document.cpp
r244815 r244853 136 136 #include "NodeRareData.h" 137 137 #include "NodeWithIndex.h" 138 #include "OriginAccessEntry.h"139 138 #include "OverflowEvent.h" 140 139 #include "PageConsoleClient.h" … … 4858 4857 } 4859 4858 4860 bool Document::domainIsRegisterable(const String& newDomain) const4861 {4862 if (newDomain.isEmpty())4863 return false;4864 4865 const String& effectiveDomain = domain();4866 4867 // If the new domain is the same as the old domain, return true so that4868 // we still call securityOrigin().setDomainForDOM. This will change the4869 // security check behavior. For example, if a page loaded on port 80004870 // assigns its current domain using document.domain, the page will4871 // allow other pages loaded on different ports in the same domain that4872 // have also assigned to access this page.4873 if (equalIgnoringASCIICase(effectiveDomain, newDomain))4874 return true;4875 4876 // e.g. newDomain = webkit.org (10) and domain() = www.webkit.org (14)4877 unsigned oldLength = effectiveDomain.length();4878 unsigned newLength = newDomain.length();4879 if (newLength >= oldLength)4880 return false;4881 4882 auto ipAddressSetting = settings().treatIPAddressAsDomain() ? OriginAccessEntry::TreatIPAddressAsDomain : OriginAccessEntry::TreatIPAddressAsIPAddress;4883 OriginAccessEntry accessEntry { securityOrigin().protocol(), newDomain, OriginAccessEntry::AllowSubdomains, ipAddressSetting };4884 if (!accessEntry.matchesOrigin(securityOrigin()))4885 return false;4886 4887 if (effectiveDomain[oldLength - newLength - 1] != '.')4888 return false;4889 if (StringView { effectiveDomain }.substring(oldLength - newLength) != newDomain)4890 return false;4891 4892 auto potentialPublicSuffix = newDomain;4893 if (potentialPublicSuffix.startsWith('.'))4894 potentialPublicSuffix.remove(0, 1);4895 4896 #if ENABLE(PUBLIC_SUFFIX_LIST)4897 return !isPublicSuffix(potentialPublicSuffix);4898 #else4899 return true;4900 #endif4901 }4902 4903 4859 ExceptionOr<void> Document::setDomain(const String& newDomain) 4904 4860 { … … 4918 4874 return Exception { SecurityError, "The document has a null effectiveDomain." }; 4919 4875 4920 if (! domainIsRegisterable(newDomain))4876 if (!securityOrigin().isMatchingRegistrableDomainSuffix(newDomain, settings().treatIPAddressAsDomain())) 4921 4877 return Exception { SecurityError, "Attempted to use a non-registrable domain." }; 4922 4878 -
trunk/Source/WebCore/dom/Document.h
r244815 r244853 1645 1645 void platformSuspendOrStopActiveDOMObjects(); 1646 1646 1647 bool domainIsRegisterable(const String&) const;1648 1649 1647 void enableTemporaryTimeUserGesture(); 1650 1648 -
trunk/Source/WebCore/page/SecurityOrigin.cpp
r244573 r244853 31 31 32 32 #include "BlobURL.h" 33 #include "OriginAccessEntry.h" 33 34 #include "SchemeRegistry.h" 34 35 #include "SecurityPolicy.h" … … 433 434 } 434 435 436 bool SecurityOrigin::isMatchingRegistrableDomainSuffix(const String& domainSuffix, bool treatIPAddressAsDomain) const 437 { 438 if (domainSuffix.isEmpty()) 439 return false; 440 441 auto ipAddressSetting = treatIPAddressAsDomain ? OriginAccessEntry::TreatIPAddressAsDomain : OriginAccessEntry::TreatIPAddressAsIPAddress; 442 OriginAccessEntry accessEntry { protocol(), domainSuffix, OriginAccessEntry::AllowSubdomains, ipAddressSetting }; 443 if (!accessEntry.matchesOrigin(*this)) 444 return false; 445 446 // Always return true if it is an exact match. 447 if (domainSuffix.length() == host().length()) 448 return true; 449 450 #if ENABLE(PUBLIC_SUFFIX_LIST) 451 return !isPublicSuffix(domainSuffix); 452 #else 453 return true; 454 #endif 455 } 456 435 457 void SecurityOrigin::grantLoadLocalResources() 436 458 { -
trunk/Source/WebCore/page/SecurityOrigin.h
r244573 r244853 205 205 WEBCORE_EXPORT bool isSameOriginAs(const SecurityOrigin&) const; 206 206 207 // This method implements the "is a registrable domain suffix of or is equal to" algorithm from the HTML Standard: 208 // https://html.spec.whatwg.org/multipage/origin.html#is-a-registrable-domain-suffix-of-or-is-equal-to 209 WEBCORE_EXPORT bool isMatchingRegistrableDomainSuffix(const String&, bool treatIPAddressAsDomain = false) const; 210 207 211 bool isPotentiallyTrustworthy() const { return m_isPotentiallyTrustworthy; } 208 212 void setIsPotentiallyTrustworthy(bool value) { m_isPotentiallyTrustworthy = value; } -
trunk/Tools/ChangeLog
r244852 r244853 1 2019-05-01 Jiewen Tan <jiewen_tan@apple.com> 2 3 Move Document::domainIsRegisterable to SecurityOrigin::isMatchingRegistrableDomainSuffix 4 https://bugs.webkit.org/show_bug.cgi?id=181950 5 <rdar://problem/43357371> 6 7 Reviewed by Brent Fulgham. 8 9 * TestWebKitAPI/Tests/WebCore/SecurityOrigin.cpp: 10 (TestWebKitAPI::TEST_F): 11 1 12 2019-05-01 Aakash Jain <aakash_jain@apple.com> 2 13 -
trunk/Tools/TestWebKitAPI/Tests/WebCore/SecurityOrigin.cpp
r240437 r244853 184 184 } 185 185 186 TEST_F(SecurityOriginTest, IsRegistrableDomainSuffix) 187 { 188 auto exampleOrigin = SecurityOrigin::create(URL(URL(), "http://www.example.com")); 189 EXPECT_TRUE(exampleOrigin->isMatchingRegistrableDomainSuffix("example.com")); 190 EXPECT_TRUE(exampleOrigin->isMatchingRegistrableDomainSuffix("www.example.com")); 191 #if !ENABLE(PUBLIC_SUFFIX_LIST) 192 EXPECT_TRUE(exampleOrigin->isMatchingRegistrableDomainSuffix("com")); 193 #endif 194 EXPECT_FALSE(exampleOrigin->isMatchingRegistrableDomainSuffix("")); 195 EXPECT_FALSE(exampleOrigin->isMatchingRegistrableDomainSuffix(".")); 196 EXPECT_FALSE(exampleOrigin->isMatchingRegistrableDomainSuffix(".example.com")); 197 EXPECT_FALSE(exampleOrigin->isMatchingRegistrableDomainSuffix(".www.example.com")); 198 EXPECT_FALSE(exampleOrigin->isMatchingRegistrableDomainSuffix("example.com.")); 199 #if ENABLE(PUBLIC_SUFFIX_LIST) 200 EXPECT_FALSE(exampleOrigin->isMatchingRegistrableDomainSuffix("com")); 201 #endif 202 203 auto exampleDotOrigin = SecurityOrigin::create(URL(URL(), "http://www.example.com.")); 204 EXPECT_TRUE(exampleDotOrigin->isMatchingRegistrableDomainSuffix("example.com.")); 205 EXPECT_TRUE(exampleDotOrigin->isMatchingRegistrableDomainSuffix("www.example.com.")); 206 #if !ENABLE(PUBLIC_SUFFIX_LIST) 207 EXPECT_TRUE(exampleOrigin->isMatchingRegistrableDomainSuffix("com.")); 208 #endif 209 EXPECT_FALSE(exampleDotOrigin->isMatchingRegistrableDomainSuffix("")); 210 EXPECT_FALSE(exampleDotOrigin->isMatchingRegistrableDomainSuffix(".")); 211 EXPECT_FALSE(exampleDotOrigin->isMatchingRegistrableDomainSuffix(".example.com.")); 212 EXPECT_FALSE(exampleDotOrigin->isMatchingRegistrableDomainSuffix(".www.example.com.")); 213 EXPECT_FALSE(exampleDotOrigin->isMatchingRegistrableDomainSuffix("example.com")); 214 #if ENABLE(PUBLIC_SUFFIX_LIST) 215 EXPECT_FALSE(exampleDotOrigin->isMatchingRegistrableDomainSuffix("com")); 216 #endif 217 218 auto ipOrigin = SecurityOrigin::create(URL(URL(), "http://127.0.0.1")); 219 EXPECT_TRUE(ipOrigin->isMatchingRegistrableDomainSuffix("127.0.0.1", true)); 220 EXPECT_FALSE(ipOrigin->isMatchingRegistrableDomainSuffix("127.0.0.2", true)); 221 222 auto comOrigin = SecurityOrigin::create(URL(URL(), "http://com")); 223 EXPECT_TRUE(comOrigin->isMatchingRegistrableDomainSuffix("com")); 224 } 225 186 226 } // namespace TestWebKitAPI
Note: See TracChangeset
for help on using the changeset viewer.