Changeset 253544 in webkit
- Timestamp:
- Dec 16, 2019 3:04:41 AM (4 years ago)
- Location:
- trunk
- Files:
-
- 2 added
- 4 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/LayoutTests/ChangeLog
r253540 r253544 1 2019-12-16 youenn fablet <youenn@apple.com> 2 3 SecurityOrigin should be unique for null blob URLs that have been unregistered 4 https://bugs.webkit.org/show_bug.cgi?id=205169 5 6 Reviewed by Darin Adler. 7 8 * http/tests/security/blob-null-url-location-origin-expected.txt: Added. 9 * http/tests/security/blob-null-url-location-origin.html: Added. 10 * platform/win/TestExpectations: Skipping test as timing out in windows. 11 1 12 2019-12-15 Emilio Cobos Álvarez <emilio@crisal.io> 2 13 -
trunk/LayoutTests/platform/win/TestExpectations
r253486 r253544 744 744 http/tests/security/contentSecurityPolicy/same-origin-plugin-document-blocked-in-child-window-report.php [ Skip ] 745 745 http/tests/security/contentSecurityPolicy/same-origin-plugin-document-with-csp-blocked-in-child-window.html [ Skip ] 746 747 http/tests/security/blob-null-url-location-origin.html [ Skip ] 746 748 747 749 ################################################################################ -
trunk/Source/WebCore/ChangeLog
r253541 r253544 1 2019-12-16 youenn fablet <youenn@apple.com> 2 3 SecurityOrigin should be unique for null blob URLs that have been unregistered 4 https://bugs.webkit.org/show_bug.cgi?id=205169 5 6 Reviewed by Darin Adler. 7 8 In case we cannot retrieve a cached origin for a null origin, just create a unique one. 9 This is better than having an origin with an empty host and empty scheme. 10 11 Test: http/tests/security/blob-null-url-location-origin.html 12 13 * fileapi/ThreadableBlobRegistry.cpp: 14 (WebCore::ThreadableBlobRegistry::unregisterBlobURL): 15 (WebCore::ThreadableBlobRegistry::getCachedOrigin): 16 1 17 2019-12-15 Emilio Cobos Álvarez <emilio@crisal.io> 2 18 -
trunk/Source/WebCore/fileapi/ThreadableBlobRegistry.cpp
r250061 r253544 90 90 } 91 91 92 static inline bool isBlobURLContainsNullOrigin(const URL& url) 93 { 94 ASSERT(url.protocolIsBlob()); 95 return BlobURL::getOrigin(url) == "null"; 96 } 97 92 98 void ThreadableBlobRegistry::registerBlobURL(SecurityOrigin* origin, const URL& url, const URL& srcURL) 93 99 { 94 100 // If the blob URL contains null origin, as in the context with unique security origin or file URL, save the mapping between url and origin so that the origin can be retrived when doing security origin check. 95 if (origin && BlobURL::getOrigin(url) == "null")101 if (origin && isBlobURLContainsNullOrigin(url)) 96 102 originMap()->add(url.string(), origin); 97 103 … … 146 152 void ThreadableBlobRegistry::unregisterBlobURL(const URL& url) 147 153 { 148 if ( BlobURL::getOrigin(url) == "null")154 if (isBlobURLContainsNullOrigin(url)) 149 155 originMap()->remove(url.string()); 150 156 … … 160 166 RefPtr<SecurityOrigin> ThreadableBlobRegistry::getCachedOrigin(const URL& url) 161 167 { 162 return originMap()->get(url.string()); 168 if (auto cachedOrigin = originMap()->get(url.string())) 169 return cachedOrigin; 170 171 if (!url.protocolIsBlob() || !isBlobURLContainsNullOrigin(url)) 172 return nullptr; 173 174 // If we do not have a cached origin for null blob URLs, we use a unique origin. 175 return SecurityOrigin::createUnique(); 163 176 } 164 177
Note: See TracChangeset
for help on using the changeset viewer.