Changeset 28912 in webkit


Ignore:
Timestamp:
Dec 20, 2007 2:39:51 PM (16 years ago)
Author:
weinig@apple.com
Message:

WebCore:

Reviewed and landed by Sam Weinig.

http://bugs.webkit.org/show_bug.cgi?id=15313
<rdar://problem/5514516>

The same-origin check was incorrect in two cases (both fixed in this
patch):

A) If both the source and the target have set their document.domain

to the same value, the protocol must also match in order for
access to be allowed. Without this requirement, the browser is
vulnerable to the following attack:

1) Suppose there is an HTTPS site (www.example.com) that sets

document.domain = "example.com".

2) A network attacker redirects the browser to http://www.example.com/

a) injects script to set document.domain = "example.com", and
b) opens a window to https://www.example.com/

3) Now the network attacker can inject script into the HTTPS page,

stealing cookies and issuing banking transactions.

B) If only one of the source and target has set document.domain, then

access should be denied. With this behavior, the browser is
vulnerable to the following attack:

1) Suppose http://foo.example.com/ opens an iframe to

http://foo.example.com/frame.html that
a) sets document.domain = "example.com", and
b) opens an iframe to http://bar.example.com/
This is a common usage of document.domain for cross-domain
communication, see for example:

http://www.collinjackson.com/research/papers/fp801-jackson.pdf

2) The inner-most iframe, which is from bar.example.com, sets

document.domain = "example.com".

3) Now the inner-most iframe can inject script into the middle

iframe (say via document.write). This bar.example.com script
now has access to the outer-most frame (from foo.example.com).

Both these changes cause WebKit to match the behavior of Firefox 2 and
IE6 in these cases. This patch includes regression tests for both
issues.

Internet Explorer 7 and Opera 9 are more strict in that they require
the port numbers to match when both pages have document.domain set.
Opera 9 allows access when only one page has set document.domain, but
this is a security vulnerability.

Tests: http/tests/security/cross-frame-access-child-explicit-domain.html

http/tests/security/cross-frame-access-parent-explicit-domain.html

  • bindings/js/kjs_window.cpp: (KJS::createWindow): (KJS::Window::allowsAccessFrom):
  • dom/Document.cpp: (WebCore::Document::domain): (WebCore::Document::setDomain): (WebCore::Document::initSecurityOrigin):
  • dom/Document.h: (WebCore::Document::securityOrigin):
  • loader/FrameLoader.cpp: (WebCore::FrameLoader::begin): (WebCore::FrameLoader::checkCallImplicitClose): (WebCore::FrameLoader::shouldAllowNavigation):
  • platform/SecurityOrigin.cpp: (WebCore::SecurityOrigin::setForURL): (WebCore::SecurityOrigin::createForFrame): (WebCore::SecurityOrigin::canAccess):
  • platform/SecurityOrigin.h: (WebCore::SecurityOrigin::domain):
  • storage/Database.cpp: (WebCore::Database::openDatabase): (WebCore::Database::Database): (WebCore::Database::securityOriginData):
  • storage/Database.h: (WebCore::Database::databaseDebugName):
  • storage/DatabaseTracker.cpp: (WebCore::DatabaseTracker::canEstablishDatabase):
  • storage/SQLTransaction.cpp: (WebCore::SQLTransaction::postflightAndCommit): (WebCore::SQLTransaction::cleanupAfterTransactionErrorCallback):

LayoutTests:

Reviewed and landed by Sam Weinig.

Update LayoutTests for http://bugs.webkit.org/show_bug.cgi?id=15313

  • http/tests/security/cross-frame-access-child-explicit-domain-expected.txt: Added.
  • http/tests/security/cross-frame-access-child-explicit-domain.html: Added.
  • http/tests/security/cross-frame-access-custom-expected.txt:
  • http/tests/security/cross-frame-access-parent-explicit-domain-expected.txt: Added.
  • http/tests/security/cross-frame-access-parent-explicit-domain.html: Added.
  • http/tests/security/cross-frame-access-port-explicit-domain-expected.txt:
  • http/tests/security/cross-frame-access-protocol-explicit-domain-expected.txt:
  • http/tests/security/cross-frame-access-protocol-explicit-domain.html:
Location:
trunk
Files:
4 added
16 edited

Legend:

Unmodified
Added
Removed
  • trunk/LayoutTests/ChangeLog

    r28908 r28912  
     12007-12-20  Adam Barth  <hk9565@gmail.com>
     2
     3        Reviewed and landed by Sam Weinig.
     4
     5        Update LayoutTests for http://bugs.webkit.org/show_bug.cgi?id=15313
     6
     7        * http/tests/security/cross-frame-access-child-explicit-domain-expected.txt: Added.
     8        * http/tests/security/cross-frame-access-child-explicit-domain.html: Added.
     9        * http/tests/security/cross-frame-access-custom-expected.txt:
     10        * http/tests/security/cross-frame-access-parent-explicit-domain-expected.txt: Added.
     11        * http/tests/security/cross-frame-access-parent-explicit-domain.html: Added.
     12        * http/tests/security/cross-frame-access-port-explicit-domain-expected.txt:
     13        * http/tests/security/cross-frame-access-protocol-explicit-domain-expected.txt:
     14        * http/tests/security/cross-frame-access-protocol-explicit-domain.html:
     15
    1162007-12-20  johnnyding.webkit  <johnnyding.webkit@gmail.com>
    217       
  • trunk/LayoutTests/http/tests/security/cross-frame-access-custom-expected.txt

    r24346 r28912  
     1CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://127.0.0.1:8000/security/resources/cross-frame-iframe-with-explicit-domain-set.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-child-explicit-domain.html. Domains, protocols and ports must match.
     2
    13CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe-for-get-test.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-custom.html. Domains, protocols and ports must match.
    24
  • trunk/LayoutTests/http/tests/security/cross-frame-access-port-explicit-domain-expected.txt

    r24863 r28912  
     1CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://127.0.0.1:8000/security/resources/cross-frame-iframe.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-parent-explicit-domain.html. Domains, protocols and ports must match.
     2
    13This test currently fails because we check the port and protocol even if document.domain is explicitly set (rdar://problem/5366437).
    24
  • trunk/LayoutTests/http/tests/security/cross-frame-access-protocol-explicit-domain-expected.txt

    r24863 r28912  
     1CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL https://127.0.0.1:8443/security/resources/cross-frame-iframe-with-explicit-domain-set.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-protocol-explicit-domain.html. Domains, protocols and ports must match.
     2
    13This test currently fails because we check the port and protocol even if document.domain is explicitly set (rdar://problem/5366437).
    24
    35
    4 PASS: Cross frame access to https from http, after explicitly setting document.domain, was allowed!
     6PASS: Cross frame access to https from http, after explicitly setting document.domain, was denied.
    57
    68
     
    810Frame: 'aFrame'
    911--------
    10 PASS: Cross frame access to https from http, after explicitly setting document.domain, was allowed!
    11 
    1212Inner iframe with explicit document.domain set.
  • trunk/LayoutTests/http/tests/security/cross-frame-access-protocol-explicit-domain.html

    r24781 r28912  
    1313    var url = "https://127.0.0.1:8443/security/resources/cross-frame-iframe-with-explicit-domain-set.html";
    1414    var iframeId ="aFrame";
    15     var passMessage = "PASS: Cross frame access to https from http, after explicitly setting document.domain, was allowed!";
    16     var failMessage = "Fail: Cross frame access to https from http, after explicitly setting document.domain, was denied.";
    17     canAccessFrame(url, iframeId, passMessage, failMessage);
     15    var passMessage = "PASS: Cross frame access to https from http, after explicitly setting document.domain, was denied.";
     16    var failMessage = "Fail: Cross frame access to https from http, after explicitly setting document.domain, was allowed.";
     17    cannotAccessFrame(url, iframeId, passMessage, failMessage);
    1818</script>
    1919</body>
  • trunk/WebCore/ChangeLog

    r28911 r28912  
     12007-12-20  Adam Barth  <hk9565@gmail.com>
     2
     3        Reviewed and landed by Sam Weinig.
     4
     5        http://bugs.webkit.org/show_bug.cgi?id=15313
     6        <rdar://problem/5514516>
     7
     8        The same-origin check was incorrect in two cases (both fixed in this
     9        patch):
     10
     11        A) If both the source and the target have set their document.domain
     12           to the same value, the protocol must also match in order for
     13           access to be allowed.  Without this requirement, the browser is
     14           vulnerable to the following attack:
     15
     16           1) Suppose there is an HTTPS site (www.example.com) that sets
     17              document.domain = "example.com".
     18           2) A network attacker redirects the browser to http://www.example.com/
     19              a) injects script to set document.domain = "example.com", and
     20              b) opens a window to https://www.example.com/
     21           3) Now the network attacker can inject script into the HTTPS page,
     22              stealing cookies and issuing banking transactions.
     23
     24        B) If only one of the source and target has set document.domain, then
     25           access should be denied.  With this behavior, the browser is
     26           vulnerable to the following attack:
     27
     28           1) Suppose http://foo.example.com/ opens an iframe to
     29              http://foo.example.com/frame.html that
     30              a) sets document.domain = "example.com", and
     31              b) opens an iframe to http://bar.example.com/
     32              This is a common usage of document.domain for cross-domain
     33              communication, see for example:
     34                http://www.collinjackson.com/research/papers/fp801-jackson.pdf
     35           2) The inner-most iframe, which is from bar.example.com, sets
     36              document.domain = "example.com".
     37           3) Now the inner-most iframe can inject script into the middle
     38              iframe (say via document.write).  This bar.example.com script
     39              now has access to the outer-most frame (from foo.example.com).
     40
     41        Both these changes cause WebKit to match the behavior of Firefox 2 and
     42        IE6 in these cases.  This patch includes regression tests for both
     43        issues.
     44
     45        Internet Explorer 7 and Opera 9 are more strict in that they require
     46        the port numbers to match when both pages have document.domain set.
     47        Opera 9 allows access when only one page has set document.domain, but
     48        this is a security vulnerability.
     49
     50        Tests: http/tests/security/cross-frame-access-child-explicit-domain.html
     51               http/tests/security/cross-frame-access-parent-explicit-domain.html
     52
     53        * bindings/js/kjs_window.cpp:
     54        (KJS::createWindow):
     55        (KJS::Window::allowsAccessFrom):
     56        * dom/Document.cpp:
     57        (WebCore::Document::domain):
     58        (WebCore::Document::setDomain):
     59        (WebCore::Document::initSecurityOrigin):
     60        * dom/Document.h:
     61        (WebCore::Document::securityOrigin):
     62        * loader/FrameLoader.cpp:
     63        (WebCore::FrameLoader::begin):
     64        (WebCore::FrameLoader::checkCallImplicitClose):
     65        (WebCore::FrameLoader::shouldAllowNavigation):
     66        * platform/SecurityOrigin.cpp:
     67        (WebCore::SecurityOrigin::setForURL):
     68        (WebCore::SecurityOrigin::createForFrame):
     69        (WebCore::SecurityOrigin::canAccess):
     70        * platform/SecurityOrigin.h:
     71        (WebCore::SecurityOrigin::domain):
     72        * storage/Database.cpp:
     73        (WebCore::Database::openDatabase):
     74        (WebCore::Database::Database):
     75        (WebCore::Database::securityOriginData):
     76        * storage/Database.h:
     77        (WebCore::Database::databaseDebugName):
     78        * storage/DatabaseTracker.cpp:
     79        (WebCore::DatabaseTracker::canEstablishDatabase):
     80        * storage/SQLTransaction.cpp:
     81        (WebCore::SQLTransaction::postflightAndCommit):
     82        (WebCore::SQLTransaction::cleanupAfterTransactionErrorCallback):
     83
    1842007-12-20  Rodney Dawes  <dobey@wayofthemonkey.com>
    285
  • trunk/WebCore/bindings/js/kjs_window.cpp

    r28884 r28912  
    356356        if (created) {
    357357            newFrame->loader()->changeLocation(KURL(completedURL.deprecatedString()), activeFrame->loader()->outgoingReferrer(), false, userGesture);
    358             if (Document* oldDoc = openerFrame->document()) {
    359                 newFrame->document()->setDomainInternal(oldDoc->domain());
     358            if (Document* oldDoc = openerFrame->document())
    360359                newFrame->document()->setBaseURL(oldDoc->baseURL());
    361             }
    362360        } else if (!url.isEmpty())
    363361            newFrame->loader()->scheduleLocationChange(completedURL, activeFrame->loader()->outgoingReferrer(), false, userGesture);
     
    820818    WebCore::Document* originDocument = originFrame->document();
    821819
    822     const SecurityOrigin& originSecurityOrigin = originDocument->securityOrigin();
    823     const SecurityOrigin& targetSecurityOrigin = targetDocument->securityOrigin();
    824 
    825     if (originSecurityOrigin.canAccess(targetSecurityOrigin))
     820    const SecurityOrigin* originSecurityOrigin = originDocument->securityOrigin();
     821    const SecurityOrigin* targetSecurityOrigin = targetDocument->securityOrigin();
     822
     823    if (originSecurityOrigin->canAccess(targetSecurityOrigin))
    826824        return true;
    827825
  • trunk/WebCore/dom/Document.cpp

    r28875 r28912  
    25952595String Document::domain() const
    25962596{
    2597     if (m_domain.isEmpty()) // not set yet (we set it on demand to save time and space)
    2598         m_domain = KURL(url()).host(); // Initially set to the host
    2599     return m_domain;
     2597    return m_securityOrigin->domain();
    26002598}
    26012599
    26022600void Document::setDomain(const String& newDomain)
    26032601{
    2604     // Not set yet (we set it on demand to save time and space)
    2605     // Initially set to the host
    2606     if (m_domain.isEmpty())
    2607         m_domain = KURL(url()).host();
    2608 
    26092602    // Both NS and IE specify that changing the domain is only allowed when
    26102603    // the new domain is a suffix of the old domain.
     
    26182611    // allow other pages loaded on different ports in the same domain that
    26192612    // have also assigned to access this page.
    2620     if (equalIgnoringCase(m_domain, newDomain)) {
    2621         m_securityOrigin.setDomainFromDOM(newDomain);
    2622         return;
    2623     }
    2624 
    2625     int oldLength = m_domain.length();
     2613    if (equalIgnoringCase(domain(), newDomain)) {
     2614        m_securityOrigin->setDomainFromDOM(newDomain);
     2615        return;
     2616    }
     2617
     2618    int oldLength = domain().length();
    26262619    int newLength = newDomain.length();
    2627     // e.g. newDomain = webkit.org (10) and m_domain = www.webkit.org (14)
     2620    // e.g. newDomain = webkit.org (10) and domain() = www.webkit.org (14)
    26282621    if (newLength >= oldLength)
    26292622        return;
    26302623
    2631     String test = m_domain.copy();
     2624    String test = domain().copy();
    26322625    // Check that it's a subdomain, not e.g. "ebkit.org"
    26332626    if (test[oldLength - newLength - 1] != '.')
    26342627        return;
    26352628
    2636     // Now test is "webkit.org" from m_domain
     2629    // Now test is "webkit.org" from domain()
    26372630    // and we check that it's the same thing as newDomain
    26382631    test.remove(0, oldLength - newLength);
     
    26402633        return;
    26412634
    2642     m_domain = newDomain;
    2643     m_securityOrigin.setDomainFromDOM(newDomain);
    2644 }
    2645 
    2646 void Document::setDomainInternal(const String& newDomain)
    2647 {
    2648     m_domain = newDomain;
     2635    m_securityOrigin->setDomainFromDOM(newDomain);
    26492636}
    26502637
     
    37273714void Document::initSecurityOrigin()
    37283715{
    3729     if (!m_frame)
    3730         return;
    3731     m_securityOrigin.setForFrame(m_frame);
     3716    m_securityOrigin = SecurityOrigin::createForFrame(m_frame);
    37323717}
    37333718
  • trunk/WebCore/dom/Document.h

    r28875 r28912  
    554554    String domain() const;
    555555    void setDomain(const String& newDomain);
    556     void setDomainInternal(const String& newDomain);
    557556
    558557    String lastModified() const;
     
    849848
    850849    void initSecurityOrigin();
    851     const SecurityOrigin& securityOrigin() const { return m_securityOrigin; }
     850    SecurityOrigin* securityOrigin() const { return m_securityOrigin.get(); }
    852851
    853852    bool processingLoadEvent() const { return m_processingLoadEvent; }
     
    867866    void updateFocusAppearanceTimerFired(Timer<Document>*);
    868867
    869     mutable String m_domain;
    870 
    871     SecurityOrigin m_securityOrigin;
     868    RefPtr<SecurityOrigin> m_securityOrigin;
    872869
    873870    RenderObject* m_savedRenderer;
  • trunk/WebCore/loader/FrameLoader.cpp

    r28875 r28912  
    888888void FrameLoader::begin(const KURL& url, bool dispatch)
    889889{
    890     bool resetScripting = !(m_isDisplayingInitialEmptyDocument && m_frame->document() && m_frame->document()->securityOrigin().isSecureTransitionTo(url));
     890    bool resetScripting = !(m_isDisplayingInitialEmptyDocument && m_frame->document() && m_frame->document()->securityOrigin()->isSecureTransitionTo(url));
    891891    clear(resetScripting, resetScripting);
    892892    if (dispatch)
     
    13031303            return;
    13041304
    1305     // All frames completed -> set their domain to the frameset's domain
    1306     // This must only be done when loading the frameset initially (#22039),
    1307     // not when following a link in a frame (#44162).
    1308     if (m_frame->document()) {
    1309         String domain = m_frame->document()->domain();
    1310         for (Frame* child = m_frame->tree()->firstChild(); child; child = child->tree()->nextSibling())
    1311             if (child->document())
    1312                 child->document()->setDomainInternal(domain);
    1313     }
    1314 
    13151305    m_didCallImplicitClose = true;
    13161306    m_wasUnloadEventEmitted = false;
     
    23522342    Document* activeDocument = m_frame->document();
    23532343    ASSERT(activeDocument);
    2354     const SecurityOrigin& activeSecurityOrigin = activeDocument->securityOrigin();
     2344    const SecurityOrigin* activeSecurityOrigin = activeDocument->securityOrigin();
    23552345    for (Frame* ancestorFrame = targetFrame; ancestorFrame; ancestorFrame = ancestorFrame->tree()->parent()) {
    23562346        Document* ancestorDocument = ancestorFrame->document();
     
    23582348            return true;
    23592349
    2360         const SecurityOrigin& ancestorSecurityOrigin = ancestorDocument->securityOrigin();
    2361         if (activeSecurityOrigin.canAccess(ancestorSecurityOrigin))
     2350        const SecurityOrigin* ancestorSecurityOrigin = ancestorDocument->securityOrigin();
     2351        if (activeSecurityOrigin->canAccess(ancestorSecurityOrigin))
    23622352            return true;
    23632353    }
  • trunk/WebCore/platform/SecurityOrigin.cpp

    r28343 r28912  
    6363}
    6464
    65 void SecurityOrigin::setForFrame(Frame* frame)
     65void SecurityOrigin::setForURL(const KURL& url)
    6666{
    6767    clear();
     68
     69    if (url.isEmpty())
     70      return;
     71
     72    m_protocol = url.protocol().lower();
     73    m_host = url.host().lower();
     74    m_port = url.port();
     75
     76    if (m_port)
     77        m_portSet = true;
     78
     79    // data: URLs are not allowed access to anything other than themselves.
     80    if (m_protocol == "data")
     81        m_noAccess = true;
     82}
     83
     84PassRefPtr<SecurityOrigin> SecurityOrigin::createForFrame(Frame* frame)
     85{
     86    RefPtr<SecurityOrigin> origin = new SecurityOrigin();
     87
     88    if (!frame)
     89        return origin;
    6890
    6991    FrameLoader* loader = frame->loader();
    7092    const KURL& securityPolicyURL = loader->url();
    7193
    72     if (!securityPolicyURL.isEmpty()) {
    73         m_protocol = securityPolicyURL.protocol().lower();
    74         m_host = securityPolicyURL.host().lower();
    75         m_port = securityPolicyURL.port();
    76         if (m_port)
    77             m_portSet = true;
     94    origin->setForURL(securityPolicyURL);
    7895
    79         // data: URLs are not allowed access to anything other than themselves.
    80         if (m_protocol == "data") {
    81             m_noAccess = true;
    82             return;
    83         }
     96    if (!origin->isEmpty() && origin->m_protocol != "about")
     97        return origin;
    8498
    85         // Only in the case of about:blank or javascript: URLs (which create documents using the "about"
    86         // protocol) do we want to use the parent or openers URL as the origin.
    87         if (m_protocol != "about")
    88             return;
    89     }
     99    // In the case of about:blank or javascript: URLs (which create
     100    // documents using the "about" protocol) do we want to use the
     101    // parent or openers origin.
    90102
    91103    Frame* openerFrame = frame->tree()->parent();
     
    93105        openerFrame = loader->opener();
    94106        if (!openerFrame)
    95             return;
     107            return origin;
    96108    }
    97109
    98110    Document* openerDocument = openerFrame->document();
    99111    if (!openerDocument)
    100         return;
     112        return origin;
    101113
    102     *this = openerDocument->securityOrigin();
     114    // We alias the SecurityOrigins to match Firefox, see Bug 15313
     115    // http://bugs.webkit.org/show_bug.cgi?id=15313
     116    return openerDocument->securityOrigin();
    103117}
    104118
     
    109123}
    110124
    111 bool SecurityOrigin::canAccess(const SecurityOrigin& other) const
     125bool SecurityOrigin::canAccess(const SecurityOrigin* other) const
    112126{
    113127    if (FrameLoader::shouldTreatSchemeAsLocal(m_protocol))
    114128        return true;
    115129
    116     if (m_noAccess || other.m_noAccess)
     130    if (m_noAccess || other->m_noAccess)
    117131        return false;
    118132
    119     if (m_domainWasSetInDOM && other.m_domainWasSetInDOM && m_host == other.m_host)
    120         return true;
    121  
    122     return m_host == other.m_host && m_protocol == other.m_protocol && m_port == other.m_port;
     133    // Here are two cases where we should permit access:
     134    //
     135    // 1) Neither document has set document.domain.  In this case, we insist
     136    //    that the scheme, host, and port of the URLs match.
     137    //
     138    // 2) Both documents have set document.domain.  In this case, we insist
     139    //    that the documents have set document.domain to the same value and
     140    //    that the scheme of the URLs match.
     141    //
     142    // This matches the behavior of Firefox 2 and Internet Explorer 6.
     143    //
     144    // Internet Explorer 7 and Opera 9 are more strict in that they require
     145    // the port numbers to match when both pages have document.domain set.
     146    //
     147    // FIXME: Evaluate whether we can tighten this policy to require matched
     148    //        port numbers.
     149    //
     150    // Opera 9 allows access when only one page has set document.domain, but
     151    // this is a security vulnerability.
     152
     153    if (m_protocol == other->m_protocol) {
     154        if (!m_domainWasSetInDOM && !other->m_domainWasSetInDOM) {
     155            if (m_host == other->m_host && m_port == other->m_port)
     156                return true;
     157        }
     158        if (m_domainWasSetInDOM && other->m_domainWasSetInDOM) {
     159            if (m_host == other->m_host)
     160                return true;
     161        }
     162    }
     163
     164    return false;
    123165}
    124166
  • trunk/WebCore/platform/SecurityOrigin.h

    r27821 r28912  
    3030#define SecurityOrigin_h
    3131
     32#include <wtf/RefCounted.h>
     33#include <wtf/PassRefPtr.h>
     34
    3235#include "PlatformString.h"
    3336
     
    3841    class SecurityOriginData;
    3942   
    40     class SecurityOrigin {
     43    class SecurityOrigin : public RefCounted<SecurityOrigin> {
    4144    public:
    42         SecurityOrigin();
     45        static PassRefPtr<SecurityOrigin> createForFrame(Frame*);
    4346
    44         void setForFrame(Frame*);
    4547        void setDomainFromDOM(const String& newDomain);
     48        String domain() const { return m_host; }
    4649
    47         bool canAccess(const SecurityOrigin&) const;
     50        bool canAccess(const SecurityOrigin*) const;
    4851        bool isSecureTransitionTo(const KURL&) const;
    4952
     
    5356       
    5457    private:
     58        SecurityOrigin();
     59        bool isEmpty() const;
     60
    5561        void clear();
    56         bool isEmpty() const;
     62        void setForURL(const KURL& url);
    5763
    5864        String m_protocol;
  • trunk/WebCore/storage/Database.cpp

    r28502 r28912  
    9898    if (!DatabaseTracker::tracker().canEstablishDatabase(document, name, displayName, estimatedSize)) {
    9999        // There should be an exception raised here in addition to returning a null Database object.  The question has been raised with the WHATWG
    100         LOG(StorageAPI, "Database %s for origin %s not allowed to be established", name.ascii().data(), document->securityOrigin().toString().ascii().data());
     100        LOG(StorageAPI, "Database %s for origin %s not allowed to be established", name.ascii().data(), document->securityOrigin()->toString().ascii().data());
    101101        return 0;
    102102    }
     
    109109    }
    110110   
    111     DatabaseTracker::tracker().setDatabaseDetails(document->securityOrigin().securityOriginData(), name, displayName, estimatedSize);
     111    DatabaseTracker::tracker().setDatabaseDetails(document->securityOrigin()->securityOriginData(), name, displayName, estimatedSize);
    112112
    113113    if (Page* page = document->frame()->page())
     
    132132    initializeThreading();
    133133
    134     m_guid = guidForOriginAndName(m_securityOrigin.toString(), name);
     134    m_guid = guidForOriginAndName(m_securityOrigin->toString(), name);
    135135
    136136    {
     
    149149    ASSERT(m_databaseThread);
    150150
    151     m_filename = DatabaseTracker::tracker().fullPathForDatabase(m_securityOrigin.securityOriginData(), m_name);
     151    m_filename = DatabaseTracker::tracker().fullPathForDatabase(m_securityOrigin->securityOriginData(), m_name);
    152152}
    153153
     
    551551{
    552552    // Return a deep copy for ref counting thread safety
    553     return m_securityOrigin.securityOriginData().copy();
     553    return m_securityOrigin->securityOriginData().copy();
    554554}
    555555
  • trunk/WebCore/storage/Database.h

    r28502 r28912  
    4545#include <wtf/OwnPtr.h>
    4646#include <wtf/PassRefPtr.h>
     47#include <wtf/RefPtr.h>
    4748#include <wtf/Deque.h>
    4849
     
    126127
    127128    Document* m_document;
    128     SecurityOrigin m_securityOrigin;
     129    RefPtr<SecurityOrigin> m_securityOrigin;
    129130    String m_name;
    130131    int m_guid;
     
    141142
    142143#ifndef NDEBUG
    143     String databaseDebugName() const { return m_securityOrigin.toString() + "::" + m_name; }
     144    String databaseDebugName() const { return m_securityOrigin->toString() + "::" + m_name; }
    144145#endif
    145146
  • trunk/WebCore/storage/DatabaseTracker.cpp

    r28829 r28912  
    126126bool DatabaseTracker::canEstablishDatabase(Document* document, const String& name, const String& displayName, unsigned long estimatedSize)
    127127{
    128     SecurityOriginData originData = document->securityOrigin().securityOriginData();
     128    SecurityOriginData originData = document->securityOrigin()->securityOriginData();
    129129   
    130130    // If this origin has no databases yet, establish an entry in the tracker database with the default quota
  • trunk/WebCore/storage/SQLTransaction.cpp

    r28543 r28912  
    335335    // The commit was successful, notify the delegates if the transaction modified this database
    336336    if (m_modifiedDatabase)
    337         DatabaseTracker::tracker().scheduleNotifyDatabaseChanged(m_database->m_securityOrigin.securityOriginData(), m_database->m_name);
     337        DatabaseTracker::tracker().scheduleNotifyDatabaseChanged(m_database->m_securityOrigin->securityOriginData(), m_database->m_name);
    338338   
    339339    // Transaction Step 10 - End transaction steps
     
    392392        } else if (m_modifiedDatabase) {
    393393            // But if the commit was successful, notify the delegates if the transaction modified this database
    394             DatabaseTracker::tracker().scheduleNotifyDatabaseChanged(m_database->m_securityOrigin.securityOriginData(), m_database->m_name);
     394            DatabaseTracker::tracker().scheduleNotifyDatabaseChanged(m_database->m_securityOrigin->securityOriginData(), m_database->m_name);
    395395        }
    396396       
Note: See TracChangeset for help on using the changeset viewer.