Changeset 32597 in webkit
- Timestamp:
- Apr 26, 2008 6:56:37 PM (16 years ago)
- Location:
- trunk
- Files:
-
- 4 added
- 29 edited
- 6 moved
Legend:
- Unmodified
- Added
- Removed
-
trunk/LayoutTests/ChangeLog
r32591 r32597 1 2008-04-26 Adam Barth <hk9565@gmail.com> 2 3 Reviewed by Adam Roben and Sam Weinig. 4 5 Update LayoutTests for new postMessage API. 6 7 Collin Jackson <collinj-webkit@collinjackson.com> also contributed to this patch. 8 9 * http/tests/security/postMessage/domain-and-uri-unaffected-by-base-tag-expected.txt: Removed. 10 * http/tests/security/postMessage/domain-and-uri-unaffected-by-base-tag.html: Removed. 11 * http/tests/security/postMessage/domain-unaffected-by-document-domain-expected.txt: Removed. 12 * http/tests/security/postMessage/domain-unaffected-by-document-domain.html: Removed. 13 * http/tests/security/postMessage/invalid-origin-throws-exception-expected.txt: Added. 14 * http/tests/security/postMessage/invalid-origin-throws-exception.html: Added. 15 * http/tests/security/postMessage/javascript-page-still-sends-domain-expected.txt: Removed. 16 * http/tests/security/postMessage/javascript-page-still-sends-domain.html: Removed. 17 * http/tests/security/postMessage/javascript-page-still-sends-origin-expected.txt: Copied from LayoutTests/http/tests/security/postMessage/javascript-page-still-sends-domain-expected.txt. 18 * http/tests/security/postMessage/javascript-page-still-sends-origin.html: Copied from LayoutTests/http/tests/security/postMessage/javascript-page-still-sends-domain.html. 19 * http/tests/security/postMessage/origin-unaffected-by-base-tag-expected.txt: Copied from LayoutTests/http/tests/security/postMessage/domain-and-uri-unaffected-by-base-tag-expected.txt. 20 * http/tests/security/postMessage/origin-unaffected-by-base-tag.html: Copied from LayoutTests/http/tests/security/postMessage/domain-and-uri-unaffected-by-base-tag.html. 21 * http/tests/security/postMessage/origin-unaffected-by-document-domain-expected.txt: Copied from LayoutTests/http/tests/security/postMessage/domain-unaffected-by-document-domain-expected.txt. 22 * http/tests/security/postMessage/origin-unaffected-by-document-domain.html: Copied from LayoutTests/http/tests/security/postMessage/domain-unaffected-by-document-domain.html. 23 * http/tests/security/postMessage/target-origin-expected.txt: Added. 24 * http/tests/security/postMessage/target-origin.html: Added. 25 1 26 2008-04-26 Anatoli Papirovski <apapirovski@mac.com> 2 27 -
trunk/LayoutTests/http/tests/messaging/cross-domain-message-send-expected.txt
r29051 r32597 1 1 2 data: Something uri: http://127.0.0.1:8000/messaging/cross-domain-message-send.html domain: 127.0.0.12 data: Something origin: http://127.0.0.1:8000 -
trunk/LayoutTests/http/tests/messaging/resources/cross-domain-message-receive.html
r29051 r32597 10 10 var result = ""; 11 11 result += "data: " + e.data + "\n"; 12 result += "uri: " + e.uri + "\n"; 13 result += "domain: " + e.domain + "\n"; 12 result += "origin: " + e.origin + "\n"; 14 13 e.source.postMessage(result); 15 14 } -
trunk/LayoutTests/http/tests/security/postMessage/javascript-page-still-sends-origin-expected.txt
r32583 r32597 1 window.location.href = http://127.0.0.1:8000/security/postMessage/javascript-page-still-sends- domain.html1 window.location.href = http://127.0.0.1:8000/security/postMessage/javascript-page-still-sends-origin.html 2 2 3 Received message: data="Hello from child" domain="localhost" uri="http://localhost:8000/security/postMessage/resources/javascript-post-message-sender.html"3 Received message: data="Hello from child" origin="http://localhost:8000" -
trunk/LayoutTests/http/tests/security/postMessage/javascript-page-still-sends-origin.html
r32583 r32597 9 9 10 10 function recv(e) { 11 var msg = 'Received message: data="' + e.data + '" domain="' + e.domain + '" uri="' + e.uri+ '"';11 var msg = 'Received message: data="' + e.data + '" origin="' + e.origin + '"'; 12 12 13 13 document.getElementById("result").firstChild.data = msg; -
trunk/LayoutTests/http/tests/security/postMessage/origin-unaffected-by-base-tag-expected.txt
r32583 r32597 1 window.location.href = http://127.0.0.1:8000/security/postMessage/ domain-and-uri-unaffected-by-base-tag.html1 window.location.href = http://127.0.0.1:8000/security/postMessage/origin-unaffected-by-base-tag.html 2 2 3 Received message: data="Message from parent" domain="127.0.0.1" uri="http://127.0.0.1:8000/security/postMessage/domain-and-uri-unaffected-by-base-tag.html"3 Received message: data="Message from parent" origin="http://127.0.0.1:8000" -
trunk/LayoutTests/http/tests/security/postMessage/origin-unaffected-by-document-domain-expected.txt
r32583 r32597 1 window.location.href = http://127.0.0.1:8000/security/postMessage/ domain-unaffected-by-document-domain.html1 window.location.href = http://127.0.0.1:8000/security/postMessage/origin-unaffected-by-document-domain.html 2 2 document.domain = 0.0.1 3 3 4 Received message: data="Message from parent" domain="127.0.0.1" uri="http://127.0.0.1:8000/security/postMessage/domain-unaffected-by-document-domain.html"4 Received message: data="Message from parent" origin="http://127.0.0.1:8000" -
trunk/LayoutTests/http/tests/security/postMessage/resources/post-message-listener.html
r29678 r32597 5 5 <script> 6 6 function recv(e) { 7 var msg = 'Received message: data="' + e.data + '" domain="' + e.domain + '" uri="' + e.uri+ '"';7 var msg = 'Received message: data="' + e.data + '" origin="' + e.origin + '"'; 8 8 top.postMessage(msg); 9 9 } -
trunk/WebCore/ChangeLog
r32596 r32597 1 2008-04-26 Adam Barth <hk9565@gmail.com> 2 3 Reviewed by Adam Roben and Sam Weinig. 4 5 Fixes bug http://bugs.webkit.org/show_bug.cgi?id=17331 6 Fixes bug http://bugs.webkit.org/show_bug.cgi?id=16848 7 8 Updates postMessage implementation to match HTML 5 specification: 9 1) Adds origin parameter to postMessage. 10 2) Removes domain and uri attributes of MessageEvent in favor of 11 origin attribute. 12 13 In order to do this correctly, we need to distinguish between hosts and domains 14 in the SecurityOrigin class. There are now three ways to compare security origins: 15 1) isSameSchemeHostPort compares scheme, host, and port, and is used for postMessage 16 2) equal compares all aspects of the security origin, and is used for hash keys 17 3) canAccess understands the semantics of schemes such as file:// and data:// URLs, 18 and should be used for scripting access checks. 19 20 Changed SecurityOrigin::toString() to generate identifiers that are suitable for 21 being used as a MessageEvent's origin property. In the future, they could be used 22 as database string identifiers as well. Re-used KURL parser to parse serialized 23 SecurityOrigins. 24 25 Collin Jackson <collinj-webkit@collinjackson.com> also contributed to this patch. 26 27 Tests: http/tests/security/postMessage/invalid-origin-throws-exception.html 28 http/tests/security/postMessage/javascript-page-still-sends-origin.html 29 http/tests/security/postMessage/origin-unaffected-by-base-tag.html 30 http/tests/security/postMessage/origin-unaffected-by-document-domain.html 31 http/tests/security/postMessage/target-origin.html 32 33 * WebCore.base.exp: 34 * bindings/js/JSDOMWindowCustom.cpp: 35 (WebCore::JSDOMWindow::postMessage): 36 * dom/Document.cpp: 37 (WebCore::Document::domain): 38 * dom/MessageEvent.cpp: 39 (WebCore::MessageEvent::MessageEvent): 40 (WebCore::MessageEvent::initMessageEvent): 41 * dom/MessageEvent.h: 42 (WebCore::MessageEvent::origin): 43 * dom/MessageEvent.idl: 44 * html/CanvasRenderingContext2D.cpp: 45 (WebCore::CanvasRenderingContext2D::checkOrigin): 46 (WebCore::CanvasRenderingContext2D::createPattern): 47 * page/DOMWindow.cpp: 48 (WebCore::DOMWindow::postMessage): 49 * page/DOMWindow.h: 50 * page/DOMWindow.idl: 51 * platform/SecurityOrigin.cpp: 52 (WebCore::SecurityOrigin::SecurityOrigin): 53 (WebCore::SecurityOrigin::create): 54 (WebCore::SecurityOrigin::createForFrame): 55 (WebCore::SecurityOrigin::copy): 56 (WebCore::SecurityOrigin::setDomainFromDOM): 57 (WebCore::SecurityOrigin::canAccess): 58 (WebCore::SecurityOrigin::isSecureTransitionTo): 59 (WebCore::SecurityOrigin::toString): 60 (WebCore::SecurityOrigin::createFromString): 61 (WebCore::SecurityOrigin::createFromDatabaseIdentifier): 62 (WebCore::SecurityOrigin::databaseIdentifier): 63 (WebCore::SecurityOrigin::equal): 64 (WebCore::SecurityOrigin::isSameSchemeHostPort): 65 * platform/SecurityOrigin.h: 66 (WebCore::SecurityOrigin::host): 67 (WebCore::SecurityOrigin::domain): 68 * platform/SecurityOriginHash.h: 69 (WebCore::SecurityOriginTraits::deletedValue): 70 * storage/DatabaseTracker.cpp: 71 (WebCore::DatabaseTracker::hasEntryForDatabase): 72 (WebCore::DatabaseTracker::originPath): 73 (WebCore::DatabaseTracker::fullPathForDatabase): 74 (WebCore::DatabaseTracker::populateOrigins): 75 (WebCore::DatabaseTracker::databaseNamesForOrigin): 76 (WebCore::DatabaseTracker::detailsForNameAndOrigin): 77 (WebCore::DatabaseTracker::setDatabaseDetails): 78 (WebCore::DatabaseTracker::setQuota): 79 (WebCore::DatabaseTracker::addDatabase): 80 (WebCore::DatabaseTracker::deleteOrigin): 81 (WebCore::DatabaseTracker::deleteDatabase): 82 1 83 2008-04-26 Kevin Ollivier <kevino@theolliviers.com> 2 84 -
trunk/WebCore/WebCore.base.exp
r32581 r32597 288 288 __ZN7WebCore14ResourceLoader14cancelledErrorEv 289 289 __ZN7WebCore14ResourceLoader19setShouldBufferDataEb 290 __ZN7WebCore14SecurityOrigin6createERKNS_6StringES3_tPS0_ 290 __ZN7WebCore14SecurityOrigin6createERKNS_4KURLE 291 __ZNK7WebCore14SecurityOrigin5equalEPKS0_ 291 292 __ZN7WebCore15ArchiveResource6createEN3WTF10PassRefPtrINS_12SharedBufferEEERKNS_4KURLERKNS_6StringESA_SA_RKNS_16ResourceResponseE 292 293 __ZN7WebCore15BackForwardList10removeItemEPNS_11HistoryItemE -
trunk/WebCore/bindings/js/JSDOMWindowCustom.cpp
r32015 r32597 208 208 209 209 DOMWindow* source = toJSDOMWindow(exec->dynamicGlobalObject())->impl(); 210 String domain = source->frame()->loader()->url().host();211 String uri = source->frame()->loader()->url().string();212 210 String message = args[0]->toString(exec); 213 211 … … 215 213 return jsUndefined(); 216 214 217 window->postMessage(message, domain, uri, source); 215 String targetOrigin = valueToStringWithUndefinedOrNullCheck(exec, args[1]); 216 if (exec->hadException()) 217 return jsUndefined(); 218 219 ExceptionCode ec = 0; 220 window->postMessage(message, targetOrigin, source, ec); 221 setDOMException(exec, ec); 218 222 219 223 return jsUndefined(); -
trunk/WebCore/dom/Document.cpp
r32413 r32597 2756 2756 String Document::domain() const 2757 2757 { 2758 return m_securityOrigin-> host();2758 return m_securityOrigin->domain(); 2759 2759 } 2760 2760 -
trunk/WebCore/dom/MessageEvent.cpp
r30269 r32597 42 42 } 43 43 44 MessageEvent::MessageEvent(const String& data, const String& domain, const String& uri, DOMWindow* source)44 MessageEvent::MessageEvent(const String& data, const String& origin, DOMWindow* source) 45 45 : Event(messageEvent, true, true) 46 46 , m_data(data) 47 , m_domain(domain) 48 , m_uri(uri) 47 , m_origin(origin) 49 48 , m_source(source) 50 49 { … … 55 54 } 56 55 57 void MessageEvent::initMessageEvent(const AtomicString& type, bool canBubble, bool cancelable, const String& data, const String& domain, const String& uri, DOMWindow* source)56 void MessageEvent::initMessageEvent(const AtomicString& type, bool canBubble, bool cancelable, const String& data, const String& origin, DOMWindow* source) 58 57 { 59 58 if (dispatched()) … … 63 62 64 63 m_data = data; 65 m_domain = domain; 66 m_uri = uri; 64 m_origin = origin; 67 65 m_source = source; 68 66 } -
trunk/WebCore/dom/MessageEvent.h
r30269 r32597 40 40 public: 41 41 MessageEvent(); 42 MessageEvent(const String& data, const String& domain, const String& uri, DOMWindow* source);42 MessageEvent(const String& data, const String& origin, DOMWindow* source); 43 43 virtual ~MessageEvent(); 44 44 45 void initMessageEvent(const AtomicString& type, bool canBubble, bool cancelable, const String& data, const String& domain, const String& uri, DOMWindow* source);45 void initMessageEvent(const AtomicString& type, bool canBubble, bool cancelable, const String& data, const String& origin, DOMWindow* source); 46 46 47 47 const String& data() const { return m_data; } 48 const String& domain() const { return m_domain; } 49 const String& uri() const { return m_uri; } 48 const String& origin() const { return m_origin; } 50 49 DOMWindow* source() const { return m_source.get(); } 51 50 … … 54 53 private: 55 54 String m_data; 56 String m_domain; 57 String m_uri; 55 String m_origin; 58 56 RefPtr<DOMWindow> m_source; 59 57 }; -
trunk/WebCore/dom/MessageEvent.idl
r30269 r32597 30 30 31 31 readonly attribute DOMString data; 32 readonly attribute DOMString domain; 33 readonly attribute DOMString uri; 32 readonly attribute DOMString origin; 34 33 readonly attribute DOMWindow source; 35 34 36 void initMessageEvent(in DOMString typeArg, in boolean canBubbleArg, in boolean cancelableArg, in DOMString dataArg, in DOMString domainArg, in DOMString uriArg, in DOMWindow sourceArg);35 void initMessageEvent(in DOMString typeArg, in boolean canBubbleArg, in boolean cancelableArg, in DOMString dataArg, in DOMString originArg, in DOMWindow sourceArg); 37 36 38 37 }; -
trunk/WebCore/html/CanvasRenderingContext2D.cpp
r31961 r32597 911 911 void CanvasRenderingContext2D::checkOrigin(const KURL& url) 912 912 { 913 RefPtr<SecurityOrigin> origin = SecurityOrigin::create(url .protocol(), url.host(), url.port(), 0);913 RefPtr<SecurityOrigin> origin = SecurityOrigin::create(url); 914 914 SecurityOrigin::Reason reason; 915 915 if (!m_canvas->document()->securityOrigin()->canAccess(origin.get(), reason)) … … 1062 1062 if (CachedImage* cachedImage = image->cachedImage()) { 1063 1063 KURL url(cachedImage->url()); 1064 RefPtr<SecurityOrigin> origin = SecurityOrigin::create(url .protocol(), url.host(), url.port(), 0);1064 RefPtr<SecurityOrigin> origin = SecurityOrigin::create(url); 1065 1065 SecurityOrigin::Reason reason; 1066 1066 originClean = m_canvas->document()->securityOrigin()->canAccess(origin.get(), reason); -
trunk/WebCore/page/DOMWindow.cpp
r32225 r32597 31 31 #include "CSSRuleList.h" 32 32 #include "CSSStyleSelector.h" 33 #include "CString.h" 33 34 #include "Chrome.h" 34 35 #include "Console.h" … … 36 37 #include "Document.h" 37 38 #include "Element.h" 39 #include "ExceptionCode.h" 38 40 #include "FloatRect.h" 39 41 #include "Frame.h" … … 321 323 322 324 #if ENABLE(CROSS_DOCUMENT_MESSAGING) 323 void DOMWindow::postMessage(const String& message, const String& domain, const String& uri, DOMWindow* source) const 324 { 325 ExceptionCode ec; 326 document()->dispatchEvent(new MessageEvent(message, domain, uri, source), ec, true); 325 void DOMWindow::postMessage(const String& message, const String& targetOrigin, DOMWindow* source, ExceptionCode& ecForSender) const 326 { 327 if (!m_frame) 328 return; 329 330 if (!targetOrigin.isNull()) { 331 KURL desiredTargetURL(targetOrigin); 332 if (!desiredTargetURL.isValid()) { 333 ecForSender = SYNTAX_ERR; 334 return; 335 } 336 337 RefPtr<SecurityOrigin> desiredTargetOrigin = SecurityOrigin::create(desiredTargetURL); 338 SecurityOrigin* actualTargetOrigin = document()->securityOrigin(); 339 if (desiredTargetOrigin->isEmpty() || !desiredTargetOrigin->isSameSchemeHostPort(actualTargetOrigin)) { 340 // The sender is not allowed to find out the origin of 341 // the recipient, so we fail silently and log a message 342 // to the console. 343 String message = String::format("Unable to post message to %s. Recipient has origin %s.\n", 344 targetOrigin.utf8().data(), actualTargetOrigin->toString().utf8().data()); 345 console()->addMessage(JSMessageSource, ErrorMessageLevel, message, 0, String()); 346 return; 347 } 348 } 349 350 Document* sourceDocument = source->document(); 351 if (!sourceDocument) 352 return; 353 String sourceOrigin = sourceDocument->securityOrigin()->toString(); 354 355 // Sender is not allowed to see exceptions other than syntax errors 356 ExceptionCode ec; 357 document()->dispatchEvent(new MessageEvent(message, sourceOrigin, source), ec, true); 327 358 } 328 359 #endif -
trunk/WebCore/page/DOMWindow.h
r32006 r32597 166 166 #endif 167 167 #if ENABLE(CROSS_DOCUMENT_MESSAGING) 168 void postMessage(const String& message, const String& domain, const String& uri, DOMWindow* source) const;168 void postMessage(const String& message, const String& targetOrigin, DOMWindow* source, ExceptionCode& ecForSender) const; 169 169 #endif 170 170 -
trunk/WebCore/page/DOMWindow.idl
r32015 r32597 149 149 #if defined(ENABLE_CROSS_DOCUMENT_MESSAGING) 150 150 // cross-document messaging 151 [DoNotCheckDomainSecurity, Custom] void postMessage(in DOMString message); 151 [DoNotCheckDomainSecurity, Custom] void postMessage(in DOMString message, in [Optional] DOMString targetOrigin) 152 raises(DOMException); 152 153 #endif 153 154 -
trunk/WebCore/platform/SecurityOrigin.cpp
r32498 r32597 30 30 #include "SecurityOrigin.h" 31 31 32 #include "CString.h" 32 33 #include "Document.h" 33 34 #include "Frame.h" … … 54 55 } 55 56 56 SecurityOrigin::SecurityOrigin(const String& protocol, const String& host, unsigned short port) 57 : m_protocol(protocol.isNull() ? "" : protocol.lower()) 58 , m_host(host.isNull() ? "" : host.lower()) 59 , m_port(port) 60 , m_portSet(port) 57 SecurityOrigin::SecurityOrigin(const KURL& url) 58 : m_protocol(url.protocol().isNull() ? "" : url.protocol().lower()) 59 , m_host(url.host().isNull() ? "" : url.host().lower()) 60 , m_port(url.port()) 61 61 , m_noAccess(false) 62 62 , m_domainWasSetInDOM(false) … … 70 70 m_noAccess = true; 71 71 72 73 if (isDefaultPortForProtocol(m_port, m_protocol)) { 72 // document.domain starts as m_host, but can be set by the DOM. 73 m_domain = m_host; 74 75 if (isDefaultPortForProtocol(m_port, m_protocol)) 74 76 m_port = 0; 75 m_portSet = false; 76 } 77 } 78 79 SecurityOrigin::SecurityOrigin(const SecurityOrigin* other) 80 : m_protocol(other->m_protocol.copy()) 81 , m_host(other->m_host.copy()) 82 , m_domain(other->m_domain.copy()) 83 , m_port(other->m_port) 84 , m_noAccess(other->m_noAccess) 85 , m_domainWasSetInDOM(other->m_domainWasSetInDOM) 86 { 77 87 } 78 88 … … 82 92 } 83 93 84 PassRefPtr<SecurityOrigin> SecurityOrigin::create(const String& protocol, const String& host, unsigned short port, SecurityOrigin* ownerFrameOrigin) 85 { 86 RefPtr<SecurityOrigin> origin = adoptRef(new SecurityOrigin(protocol, host, port)); 94 PassRefPtr<SecurityOrigin> SecurityOrigin::create(const KURL& url) 95 { 96 return adoptRef(new SecurityOrigin(url)); 97 } 98 99 PassRefPtr<SecurityOrigin> SecurityOrigin::createForFrame(Frame* frame) 100 { 101 if (!frame) 102 return create(KURL()); 103 104 FrameLoader* loader = frame->loader(); 105 const KURL& url = loader->url(); 106 107 Frame* ownerFrame = frame->tree()->parent(); 108 if (!ownerFrame) 109 ownerFrame = loader->opener(); 110 111 SecurityOrigin* ownerFrameOrigin = 0; 112 if (ownerFrame && ownerFrame->document()) 113 ownerFrameOrigin = ownerFrame->document()->securityOrigin(); 114 115 RefPtr<SecurityOrigin> origin = create(url); 87 116 88 117 // If we do not obtain a meaningful origin from the URL, then we try to find one … … 96 125 } 97 126 98 PassRefPtr<SecurityOrigin> SecurityOrigin::createForFrame(Frame* frame)99 {100 if (!frame)101 return create("", "", 0, 0);102 103 FrameLoader* loader = frame->loader();104 const KURL& url = loader->url();105 106 Frame* ownerFrame = frame->tree()->parent();107 if (!ownerFrame)108 ownerFrame = loader->opener();109 110 SecurityOrigin* ownerFrameOrigin = 0;111 if (ownerFrame && ownerFrame->document())112 ownerFrameOrigin = ownerFrame->document()->securityOrigin();113 114 return create(url.protocol(), url.host(), url.port(), ownerFrameOrigin);115 }116 117 127 PassRefPtr<SecurityOrigin> SecurityOrigin::copy() 118 128 { 119 return create(m_protocol.copy(), m_host.copy(), m_port, 0); 120 } 121 129 return adoptRef(new SecurityOrigin(this)); 130 } 122 131 123 132 void SecurityOrigin::setDomainFromDOM(const String& newDomain) 124 133 { 125 134 m_domainWasSetInDOM = true; 126 m_ host= newDomain.lower();135 m_domain = newDomain.lower(); 127 136 } 128 137 … … 167 176 return true; 168 177 } else if (m_domainWasSetInDOM && other->m_domainWasSetInDOM) { 169 if (m_ host == other->m_host)178 if (m_domain == other->m_domain) 170 179 return true; 171 180 } else { … … 187 196 return true; 188 197 189 if (FrameLoader::shouldTreatSchemeAsLocal(m_protocol)) 190 return true; 191 192 return equalIgnoringCase(m_host, String(url.host())) && equalIgnoringCase(m_protocol, String(url.protocol())) && m_port == url.port(); 198 RefPtr<SecurityOrigin> other = SecurityOrigin::create(url); 199 Reason reason; 200 return canAccess(other.get(), reason); 193 201 } 194 202 195 203 String SecurityOrigin::toString() const 196 204 { 197 return m_protocol + ":" + m_host + ":" + String::number(m_port); 205 if (isEmpty()) 206 return String(); 207 208 if (m_protocol == "file") 209 return String("file://"); 210 211 Vector<UChar> result; 212 result.reserveCapacity(m_protocol.length() + m_host.length() + 10); 213 append(result, m_protocol); 214 append(result, "://"); 215 append(result, m_host); 216 217 if (m_port) { 218 append(result, ":"); 219 append(result, String::number(m_port)); 220 } 221 222 return String::adopt(result); 223 } 224 225 PassRefPtr<SecurityOrigin> SecurityOrigin::createFromString(const String& originString) 226 { 227 return SecurityOrigin::create(KURL(originString)); 198 228 } 199 229 200 230 static const char SeparatorCharacter = '_'; 201 231 202 PassRefPtr<SecurityOrigin> SecurityOrigin::createFrom Identifier(const String& stringIdentifier)232 PassRefPtr<SecurityOrigin> SecurityOrigin::createFromDatabaseIdentifier(const String& databaseIdentifier) 203 233 { 204 234 // Make sure there's a first separator 205 int separator1 = stringIdentifier.find(SeparatorCharacter);235 int separator1 = databaseIdentifier.find(SeparatorCharacter); 206 236 if (separator1 == -1) 207 return create( "", "", 0, 0);237 return create(KURL()); 208 238 209 239 // Make sure there's a second separator 210 int separator2 = stringIdentifier.find(SeparatorCharacter, separator1 + 1);240 int separator2 = databaseIdentifier.find(SeparatorCharacter, separator1 + 1); 211 241 if (separator2 == -1) 212 return create( "", "", 0, 0);242 return create(KURL()); 213 243 214 244 // Make sure there's not a third separator 215 if ( stringIdentifier.reverseFind(SeparatorCharacter) != separator2)216 return create( "", "", 0, 0);245 if (databaseIdentifier.reverseFind(SeparatorCharacter) != separator2) 246 return create(KURL()); 217 247 218 248 // Make sure the port section is a valid port number or doesn't exist 219 249 bool portOkay; 220 int port = stringIdentifier.right(stringIdentifier.length() - separator2 - 1).toInt(&portOkay);221 if (!portOkay && separator2 + 1 == static_cast<int>( stringIdentifier.length()))222 return create( "", "", 0, 0);250 int port = databaseIdentifier.right(databaseIdentifier.length() - separator2 - 1).toInt(&portOkay); 251 if (!portOkay && separator2 + 1 == static_cast<int>(databaseIdentifier.length())) 252 return create(KURL()); 223 253 224 254 if (port < 0 || port > 65535) 225 return create( "", "", 0, 0);255 return create(KURL()); 226 256 227 257 // Split out the 3 sections of data 228 String protocol = stringIdentifier.substring(0, separator1); 229 String host = stringIdentifier.substring(separator1 + 1, separator2 - separator1 - 1); 230 return create(protocol, host, port, 0); 231 } 232 233 234 String SecurityOrigin::stringIdentifier() const 258 String protocol = databaseIdentifier.substring(0, separator1); 259 String host = databaseIdentifier.substring(separator1 + 1, separator2 - separator1 - 1); 260 return create(KURL(protocol + "://" + host + ":" + String::number(port))); 261 } 262 263 String SecurityOrigin::databaseIdentifier() const 235 264 { 236 265 static String separatorString = String(&SeparatorCharacter, 1); … … 238 267 } 239 268 269 bool SecurityOrigin::equal(const SecurityOrigin* other) const 270 { 271 if (!isSameSchemeHostPort(other)) 272 return false; 273 274 if (m_domainWasSetInDOM != other->m_domainWasSetInDOM) 275 return false; 276 277 if (m_domainWasSetInDOM && m_domain != other->m_domain) 278 return false; 279 280 return true; 281 } 282 283 bool SecurityOrigin::isSameSchemeHostPort(const SecurityOrigin* other) const 284 { 285 if (m_host != other->m_host) 286 return false; 287 288 if (m_protocol != other->m_protocol) 289 return false; 290 291 if (m_port != other->m_port) 292 return false; 293 294 return true; 295 } 296 240 297 } // namespace WebCore -
trunk/WebCore/platform/SecurityOrigin.h
r30522 r32597 44 44 public: 45 45 static PassRefPtr<SecurityOrigin> createForFrame(Frame*); 46 static PassRefPtr<SecurityOrigin> createFromIdentifier(const String&); 47 static PassRefPtr<SecurityOrigin> create(const String& protocol, const String& host, unsigned short port, SecurityOrigin* ownerFrameOrigin); 46 static PassRefPtr<SecurityOrigin> createFromDatabaseIdentifier(const String&); 47 static PassRefPtr<SecurityOrigin> createFromString(const String&); 48 static PassRefPtr<SecurityOrigin> create(const KURL&); 48 49 49 50 PassRefPtr<SecurityOrigin> copy(); 50 51 51 52 void setDomainFromDOM(const String& newDomain); 53 String protocol() const { return m_protocol; } 52 54 String host() const { return m_host; } 53 String protocol() const { return m_protocol; }55 String domain() const { return m_domain; } 54 56 unsigned short port() const { return m_port; } 55 57 … … 63 65 bool isEmpty() const; 64 66 String toString() const; 65 66 String stringIdentifier() const;67 67 68 // do not use this for access checks, it's there only for using this as a hashtable key 69 bool equal(SecurityOrigin* other) const { return m_protocol == other->m_protocol && m_host == other->m_host && m_port == other->m_port; } 70 68 // Serialize the security origin for storage in the database. This format is 69 // deprecated and should be used only for compatibility with old databases; 70 // use toString() and createFromString() instead. 71 String databaseIdentifier() const; 72 73 // This method checks for equality between SecurityOrigins, not whether 74 // one origin can access another. It is used for hash table keys. 75 // For access checks, use canAccess(). 76 // FIXME: If this method is really only useful for hash table keys, it 77 // should be refactored into SecurityOriginHash. 78 bool equal(const SecurityOrigin*) const; 79 80 // This method checks for equality, ignoring the value of document.domain 81 // (and whether it was set) but considering the host. It is used for postMessage. 82 bool isSameSchemeHostPort(const SecurityOrigin*) const; 83 71 84 private: 72 SecurityOrigin(const String& protocol, const String& host, unsigned short port); 85 explicit SecurityOrigin(const KURL&); 86 explicit SecurityOrigin(const SecurityOrigin*); 73 87 74 88 String m_protocol; 75 89 String m_host; 90 String m_domain; 76 91 unsigned short m_port; 77 bool m_portSet;78 92 bool m_noAccess; 79 93 bool m_domainWasSetInDOM; -
trunk/WebCore/platform/SecurityOriginHash.h
r30231 r32597 30 30 #define SecurityOriginHash_h 31 31 32 #include "KURL.h" 32 33 #include "SecurityOrigin.h" 33 34 #include <wtf/RefPtr.h> … … 60 61 static const bool emptyValueIsZero = true; 61 62 static const RefPtr<SecurityOrigin>& deletedValue() 62 { 63 // Ok ay deleted value because file: protocols should always have port 064 static const RefPtr<SecurityOrigin> securityOriginDeletedValue = SecurityOrigin::create( "file", "", 1, 0);63 { 64 // Ok deleted value assuming "invalid-protocol" is not a valid protocol 65 static const RefPtr<SecurityOrigin> securityOriginDeletedValue = SecurityOrigin::create(KURL("invalid-protocol:")); 65 66 return securityOriginDeletedValue; 66 67 } -
trunk/WebCore/storage/DatabaseTracker.cpp
r31730 r32597 179 179 return false; 180 180 181 statement.bindText(1, origin-> stringIdentifier());181 statement.bindText(1, origin->databaseIdentifier()); 182 182 statement.bindText(2, databaseIdentifier); 183 183 … … 190 190 if (m_databaseDirectoryPath.isEmpty()) 191 191 return String(); 192 return pathByAppendingComponent(m_databaseDirectoryPath, origin-> stringIdentifier());192 return pathByAppendingComponent(m_databaseDirectoryPath, origin->databaseIdentifier()); 193 193 } 194 194 … … 200 200 return String(); 201 201 202 String originIdentifier = origin-> stringIdentifier();202 String originIdentifier = origin->databaseIdentifier(); 203 203 String originPath = this->originPath(origin); 204 204 … … 227 227 228 228 if (result != SQLResultDone) { 229 LOG_ERROR("Failed to retrieve filename from Database Tracker for origin %s, name %s", origin-> stringIdentifier().ascii().data(), name.ascii().data());229 LOG_ERROR("Failed to retrieve filename from Database Tracker for origin %s, name %s", origin->databaseIdentifier().ascii().data(), name.ascii().data()); 230 230 return String(); 231 231 } … … 289 289 int result; 290 290 while ((result = statement.step()) == SQLResultRow) { 291 RefPtr<SecurityOrigin> origin = SecurityOrigin::createFrom Identifier(statement.getColumnText(0));291 RefPtr<SecurityOrigin> origin = SecurityOrigin::createFromDatabaseIdentifier(statement.getColumnText(0)); 292 292 m_quotaMap->set(origin.get(), statement.getColumnInt64(1)); 293 293 } … … 317 317 return false; 318 318 319 statement.bindText(1, origin-> stringIdentifier());319 statement.bindText(1, origin->databaseIdentifier()); 320 320 321 321 int result; … … 324 324 325 325 if (result != SQLResultDone) { 326 LOG_ERROR("Failed to retrieve all database names for origin %s", origin-> stringIdentifier().ascii().data());326 LOG_ERROR("Failed to retrieve all database names for origin %s", origin->databaseIdentifier().ascii().data()); 327 327 return false; 328 328 } … … 338 338 return m_proposedDatabase->second; 339 339 340 String originIdentifier = origin-> stringIdentifier();340 String originIdentifier = origin->databaseIdentifier(); 341 341 342 342 openTrackerDatabase(false); … … 366 366 ASSERT(currentThread() == m_thread); 367 367 368 String originIdentifier = origin-> stringIdentifier();368 String originIdentifier = origin->databaseIdentifier(); 369 369 int64_t guid = 0; 370 370 … … 546 546 SQLiteStatement statement(m_database, "INSERT INTO Origins VALUES (?, ?)"); 547 547 if (statement.prepare() != SQLResultOk) { 548 LOG_ERROR("Unable to establish origin %s in the tracker", origin-> stringIdentifier().ascii().data());548 LOG_ERROR("Unable to establish origin %s in the tracker", origin->databaseIdentifier().ascii().data()); 549 549 } else { 550 statement.bindText(1, origin-> stringIdentifier());550 statement.bindText(1, origin->databaseIdentifier()); 551 551 statement.bindInt64(2, quota); 552 552 553 553 if (statement.step() != SQLResultDone) 554 LOG_ERROR("Unable to establish origin %s in the tracker", origin-> stringIdentifier().ascii().data());554 LOG_ERROR("Unable to establish origin %s in the tracker", origin->databaseIdentifier().ascii().data()); 555 555 } 556 556 } else { … … 559 559 if (!error) { 560 560 statement.bindInt64(1, quota); 561 statement.bindText(2, origin-> stringIdentifier());561 statement.bindText(2, origin->databaseIdentifier()); 562 562 563 563 error = !statement.executeCommand(); … … 565 565 566 566 if (error) 567 LOG_ERROR("Failed to set quota %llu in tracker database for origin %s", quota, origin-> stringIdentifier().ascii().data());567 LOG_ERROR("Failed to set quota %llu in tracker database for origin %s", quota, origin->databaseIdentifier().ascii().data()); 568 568 } 569 569 … … 591 591 return false; 592 592 593 statement.bindText(1, origin-> stringIdentifier());593 statement.bindText(1, origin->databaseIdentifier()); 594 594 statement.bindText(2, name); 595 595 statement.bindText(3, path); 596 596 597 597 if (!statement.executeCommand()) { 598 LOG_ERROR("Failed to add database %s to origin %s: %s\n", name.ascii().data(), origin-> stringIdentifier().ascii().data(), m_database.lastErrorMsg());598 LOG_ERROR("Failed to add database %s to origin %s: %s\n", name.ascii().data(), origin->databaseIdentifier().ascii().data(), m_database.lastErrorMsg()); 599 599 return false; 600 600 } … … 626 626 Vector<String> databaseNames; 627 627 if (!databaseNamesForOrigin(origin, databaseNames)) { 628 LOG_ERROR("Unable to retrieve list of database names for origin %s", origin-> stringIdentifier().ascii().data());628 LOG_ERROR("Unable to retrieve list of database names for origin %s", origin->databaseIdentifier().ascii().data()); 629 629 return; 630 630 } … … 632 632 for (unsigned i = 0; i < databaseNames.size(); ++i) { 633 633 if (!deleteDatabaseFile(origin, databaseNames[i])) { 634 LOG_ERROR("Unable to delete file for database %s in origin %s", databaseNames[i].ascii().data(), origin-> stringIdentifier().ascii().data());634 LOG_ERROR("Unable to delete file for database %s in origin %s", databaseNames[i].ascii().data(), origin->databaseIdentifier().ascii().data()); 635 635 return; 636 636 } … … 639 639 SQLiteStatement statement(m_database, "DELETE FROM Databases WHERE origin=?"); 640 640 if (statement.prepare() != SQLResultOk) { 641 LOG_ERROR("Unable to prepare deletion of databases from origin %s from tracker", origin-> stringIdentifier().ascii().data());641 LOG_ERROR("Unable to prepare deletion of databases from origin %s from tracker", origin->databaseIdentifier().ascii().data()); 642 642 return; 643 643 } 644 644 645 statement.bindText(1, origin-> stringIdentifier());645 statement.bindText(1, origin->databaseIdentifier()); 646 646 647 647 if (!statement.executeCommand()) { 648 LOG_ERROR("Unable to execute deletion of databases from origin %s from tracker", origin-> stringIdentifier().ascii().data());648 LOG_ERROR("Unable to execute deletion of databases from origin %s from tracker", origin->databaseIdentifier().ascii().data()); 649 649 return; 650 650 } … … 652 652 SQLiteStatement originStatement(m_database, "DELETE FROM Origins WHERE origin=?"); 653 653 if (originStatement.prepare() != SQLResultOk) { 654 LOG_ERROR("Unable to prepare deletion of origin %s from tracker", origin-> stringIdentifier().ascii().data());655 return; 656 } 657 658 originStatement.bindText(1, origin-> stringIdentifier());654 LOG_ERROR("Unable to prepare deletion of origin %s from tracker", origin->databaseIdentifier().ascii().data()); 655 return; 656 } 657 658 originStatement.bindText(1, origin->databaseIdentifier()); 659 659 660 660 if (!originStatement.executeCommand()) { 661 LOG_ERROR("Unable to execute deletion of databases from origin %s from tracker", origin-> stringIdentifier().ascii().data());661 LOG_ERROR("Unable to execute deletion of databases from origin %s from tracker", origin->databaseIdentifier().ascii().data()); 662 662 return; 663 663 } … … 697 697 698 698 if (!deleteDatabaseFile(origin, name)) { 699 LOG_ERROR("Unable to delete file for database %s in origin %s", name.ascii().data(), origin-> stringIdentifier().ascii().data());699 LOG_ERROR("Unable to delete file for database %s in origin %s", name.ascii().data(), origin->databaseIdentifier().ascii().data()); 700 700 return; 701 701 } … … 703 703 SQLiteStatement statement(m_database, "DELETE FROM Databases WHERE origin=? AND name=?"); 704 704 if (statement.prepare() != SQLResultOk) { 705 LOG_ERROR("Unable to prepare deletion of database %s from origin %s from tracker", name.ascii().data(), origin-> stringIdentifier().ascii().data());705 LOG_ERROR("Unable to prepare deletion of database %s from origin %s from tracker", name.ascii().data(), origin->databaseIdentifier().ascii().data()); 706 706 return; 707 707 } 708 708 709 statement.bindText(1, origin-> stringIdentifier());709 statement.bindText(1, origin->databaseIdentifier()); 710 710 statement.bindText(2, name); 711 711 712 712 if (!statement.executeCommand()) { 713 LOG_ERROR("Unable to execute deletion of database %s from origin %s from tracker", name.ascii().data(), origin-> stringIdentifier().ascii().data());713 LOG_ERROR("Unable to execute deletion of database %s from origin %s from tracker", name.ascii().data(), origin->databaseIdentifier().ascii().data()); 714 714 return; 715 715 } -
trunk/WebKit/mac/ChangeLog
r32583 r32597 1 2008-04-20 Adam Barth <hk9565@gmail.com> 2 3 Reviewed by Adam Roben and Sam Weinig. 4 5 Updated WebSecurityOrigin to match new SecurityOrigin API. 6 7 Collin Jackson <collinj-webkit@collinjackson.com> also contributed to this patch. 8 9 * Storage/WebSecurityOrigin.mm: 10 (-[WebSecurityOrigin host]): 11 (-[WebSecurityOrigin domain]): 12 * Storage/WebSecurityOriginPrivate.h: 13 1 14 2008-04-25 Mark Rowe <mrowe@apple.com> 2 15 -
trunk/WebKit/mac/Storage/WebSecurityOrigin.mm
r30712 r32597 30 30 31 31 #import <WebCore/DatabaseTracker.h> 32 #import <WebCore/KURL.h> 32 33 #import <WebCore/SecurityOrigin.h> 33 34 … … 35 36 36 37 @implementation WebSecurityOrigin 37 38 - (id)initWithProtocol:(NSString *)protocol domain:(NSString *)domain 39 { 40 return [self initWithProtocol:protocol domain:domain port:0]; 41 } 42 43 - (id)initWithProtocol:(NSString *)protocol domain:(NSString *)domain port:(unsigned short)port 38 - (id)initWithURL:(NSURL *)url 44 39 { 45 40 self = [super init]; 46 41 if (!self) 47 42 return nil; 48 49 RefPtr<SecurityOrigin> origin = SecurityOrigin::create( protocol, domain, port, 0);43 44 RefPtr<SecurityOrigin> origin = SecurityOrigin::create(KURL([url absoluteURL])); 50 45 origin->ref(); 51 46 _private = reinterpret_cast<WebSecurityOriginPrivate*>(origin.get()); … … 59 54 } 60 55 56 - (NSString*)host 57 { 58 return reinterpret_cast<SecurityOrigin*>(_private)->host(); 59 } 60 61 // Deprecated. Use host instead. This needs to stay here until we ship a new Safari. 61 62 - (NSString*)domain 62 63 { 63 return reinterpret_cast<SecurityOrigin*>(_private)->host();64 return [self host]; 64 65 } 65 66 -
trunk/WebKit/mac/Storage/WebSecurityOriginPrivate.h
r29663 r32597 33 33 } 34 34 35 - (id)initWithProtocol:(NSString *)protocol domain:(NSString *)domain; 36 - (id)initWithProtocol:(NSString *)protocol domain:(NSString *)domain port:(unsigned short)port; 35 - (id)initWithURL:(NSURL *)url; 37 36 38 37 - (NSString*)protocol; 39 - (NSString*) domain;38 - (NSString*)host; 40 39 41 40 // Returns zero if the port is the default port for the protocol, non-zero otherwise -
trunk/WebKit/win/ChangeLog
r32576 r32597 1 2008-04-26 Adam Barth <hk9565@gmail.com> 2 3 Reviewed by Adam Roben and Sam Weinig. 4 5 Renamed "domain" method to "host" to match SecurityOrigin. 6 7 * Interfaces/IWebSecurityOrigin.idl: 8 * WebSecurityOrigin.cpp: 9 (WebSecurityOrigin::host): 10 * WebSecurityOrigin.h: 11 1 12 2008-04-25 Anders Carlsson <andersca@apple.com> 2 13 -
trunk/WebKit/win/Interfaces/IWebSecurityOrigin.idl
r30180 r32597 41 41 { 42 42 HRESULT protocol([out, retval] BSTR* result); 43 HRESULT domain([out, retval] BSTR* result);43 HRESULT host([out, retval] BSTR* result); 44 44 HRESULT port([out, retval] unsigned short* result); 45 45 -
trunk/WebKit/win/WebSecurityOrigin.cpp
r29663 r32597 100 100 } 101 101 102 HRESULT STDMETHODCALLTYPE WebSecurityOrigin:: domain(102 HRESULT STDMETHODCALLTYPE WebSecurityOrigin::host( 103 103 /* [retval][out] */ BSTR* result) 104 104 { -
trunk/WebKit/win/WebSecurityOrigin.h
r30180 r32597 53 53 /* [retval][out] */ BSTR* result); 54 54 55 virtual HRESULT STDMETHODCALLTYPE domain(55 virtual HRESULT STDMETHODCALLTYPE host( 56 56 /* [retval][out] */ BSTR* result); 57 57 -
trunk/WebKitTools/ChangeLog
r32596 r32597 1 2008-04-26 Adam Barth <hk9565@gmail.com> 2 3 Reviewed by Adam Roben and Sam Weinig. 4 5 Updates LayoutTestController to use host instead of domain. 6 7 Collin Jackson <collinj-webkit@collinjackson.com> also contributed to this patch. 8 9 * DumpRenderTree/mac/LayoutTestControllerMac.mm: 10 (LayoutTestController::setDatabaseQuota): 11 * DumpRenderTree/mac/UIDelegate.mm: 12 (-[UIDelegate webView:frame:exceededDatabaseQuotaForSecurityOrigin:database:]): 13 1 14 2008-04-26 Kevin Ollivier <kevino@theolliviers.com> 2 15 -
trunk/WebKitTools/DumpRenderTree/mac/LayoutTestControllerMac.mm
r30205 r32597 180 180 void LayoutTestController::setDatabaseQuota(unsigned long long quota) 181 181 { 182 WebSecurityOrigin *origin = [[WebSecurityOrigin alloc] initWith Protocol:@"file" domain:nil];182 WebSecurityOrigin *origin = [[WebSecurityOrigin alloc] initWithURL:[NSURL URLWithString:@"file:///"]]; 183 183 [origin setQuota:quota]; 184 184 [origin release]; -
trunk/WebKitTools/DumpRenderTree/mac/UIDelegate.mm
r30866 r32597 132 132 { 133 133 if (!done && layoutTestController->dumpDatabaseCallbacks()) 134 printf("UI DELEGATE DATABASE CALLBACK: exceededDatabaseQuotaForSecurityOrigin:{%s, %s, %i} database:%s\n", [[origin protocol] UTF8String], [[origin domain] UTF8String],134 printf("UI DELEGATE DATABASE CALLBACK: exceededDatabaseQuotaForSecurityOrigin:{%s, %s, %i} database:%s\n", [[origin protocol] UTF8String], [[origin host] UTF8String], 135 135 [origin port], [databaseIdentifier UTF8String]); 136 136
Note: See TracChangeset
for help on using the changeset viewer.