Changeset 32597 in webkit

Timestamp:

Apr 26, 2008 6:56:37 PM (16 years ago)

Author:

weinig@apple.com

Message:

WebCore:

2008-04-26 Adam Barth <​hk9565@gmail.com>

Reviewed by Adam Roben and Sam Weinig.

Fixes bug ​http://bugs.webkit.org/show_bug.cgi?id=17331
Fixes bug ​http://bugs.webkit.org/show_bug.cgi?id=16848

Updates postMessage implementation to match HTML 5 specification:
1) Adds origin parameter to postMessage.
2) Removes domain and uri attributes of MessageEvent in favor of

origin attribute.

In order to do this correctly, we need to distinguish between hosts and domains
in the SecurityOrigin class. There are now three ways to compare security origins:
1) isSameSchemeHostPort compares scheme, host, and port, and is used for postMessage
2) equal compares all aspects of the security origin, and is used for hash keys
3) canAccess understands the semantics of schemes such as ​file:// and data:// URLs,

and should be used for scripting access checks.

Changed SecurityOrigin::toString() to generate identifiers that are suitable for
being used as a MessageEvent's origin property. In the future, they could be used
as database string identifiers as well. Re-used KURL parser to parse serialized
SecurityOrigins.

Collin Jackson <​collinj-webkit@collinjackson.com> also contributed to this patch.

Tests: http/tests/security/postMessage/invalid-origin-throws-exception.html

http/tests/security/postMessage/javascript-page-still-sends-origin.html
http/tests/security/postMessage/origin-unaffected-by-base-tag.html
http/tests/security/postMessage/origin-unaffected-by-document-domain.html
http/tests/security/postMessage/target-origin.html

• WebCore.base.exp:
• bindings/js/JSDOMWindowCustom.cpp: (WebCore::JSDOMWindow::postMessage):
• dom/Document.cpp: (WebCore::Document::domain):
• dom/MessageEvent.cpp: (WebCore::MessageEvent::MessageEvent): (WebCore::MessageEvent::initMessageEvent):
• dom/MessageEvent.h: (WebCore::MessageEvent::origin):
• dom/MessageEvent.idl:
• html/CanvasRenderingContext2D.cpp: (WebCore::CanvasRenderingContext2D::checkOrigin): (WebCore::CanvasRenderingContext2D::createPattern):
• page/DOMWindow.cpp: (WebCore::DOMWindow::postMessage):
• page/DOMWindow.h:
• page/DOMWindow.idl:
• platform/SecurityOrigin.cpp: (WebCore::SecurityOrigin::SecurityOrigin): (WebCore::SecurityOrigin::create): (WebCore::SecurityOrigin::createForFrame): (WebCore::SecurityOrigin::copy): (WebCore::SecurityOrigin::setDomainFromDOM): (WebCore::SecurityOrigin::canAccess): (WebCore::SecurityOrigin::isSecureTransitionTo): (WebCore::SecurityOrigin::toString): (WebCore::SecurityOrigin::createFromString): (WebCore::SecurityOrigin::createFromDatabaseIdentifier): (WebCore::SecurityOrigin::databaseIdentifier): (WebCore::SecurityOrigin::equal): (WebCore::SecurityOrigin::isSameSchemeHostPort):
• platform/SecurityOrigin.h: (WebCore::SecurityOrigin::host): (WebCore::SecurityOrigin::domain):
• platform/SecurityOriginHash.h: (WebCore::SecurityOriginTraits::deletedValue):
• storage/DatabaseTracker.cpp: (WebCore::DatabaseTracker::hasEntryForDatabase): (WebCore::DatabaseTracker::originPath): (WebCore::DatabaseTracker::fullPathForDatabase): (WebCore::DatabaseTracker::populateOrigins): (WebCore::DatabaseTracker::databaseNamesForOrigin): (WebCore::DatabaseTracker::detailsForNameAndOrigin): (WebCore::DatabaseTracker::setDatabaseDetails): (WebCore::DatabaseTracker::setQuota): (WebCore::DatabaseTracker::addDatabase): (WebCore::DatabaseTracker::deleteOrigin): (WebCore::DatabaseTracker::deleteDatabase):

WebKit/mac:

2008-04-20 Adam Barth <​hk9565@gmail.com>

Reviewed by Adam Roben and Sam Weinig.

Updated WebSecurityOrigin to match new SecurityOrigin API.

Collin Jackson <​collinj-webkit@collinjackson.com> also contributed to this patch.

• Storage/WebSecurityOrigin.mm: (-[WebSecurityOrigin host]): (-[WebSecurityOrigin domain]):
• Storage/WebSecurityOriginPrivate.h:

WebKit/win:

2008-04-26 Adam Barth <​hk9565@gmail.com>

Reviewed by Adam Roben and Sam Weinig.

Renamed "domain" method to "host" to match SecurityOrigin.

• Interfaces/IWebSecurityOrigin.idl:
• WebSecurityOrigin.cpp: (WebSecurityOrigin::host):
• WebSecurityOrigin.h:

WebKitTools:

2008-04-26 Adam Barth <​hk9565@gmail.com>

Reviewed by Adam Roben and Sam Weinig.

Updates LayoutTestController to use host instead of domain.

Collin Jackson <​collinj-webkit@collinjackson.com> also contributed to this patch.

• DumpRenderTree/mac/LayoutTestControllerMac.mm: (LayoutTestController::setDatabaseQuota):
• DumpRenderTree/mac/UIDelegate.mm: (-[UIDelegate webView:frame:exceededDatabaseQuotaForSecurityOrigin:database:]):

LayoutTests:

2008-04-26 Adam Barth <​hk9565@gmail.com>

Reviewed by Adam Roben and Sam Weinig.

Update LayoutTests for new postMessage API.

Collin Jackson <​collinj-webkit@collinjackson.com> also contributed to this patch.

• http/tests/security/postMessage/domain-and-uri-unaffected-by-base-tag-expected.txt: Removed.
• http/tests/security/postMessage/domain-and-uri-unaffected-by-base-tag.html: Removed.
• http/tests/security/postMessage/domain-unaffected-by-document-domain-expected.txt: Removed.
• http/tests/security/postMessage/domain-unaffected-by-document-domain.html: Removed.
• http/tests/security/postMessage/invalid-origin-throws-exception-expected.txt: Added.
• http/tests/security/postMessage/invalid-origin-throws-exception.html: Added.
• http/tests/security/postMessage/javascript-page-still-sends-domain-expected.txt: Removed.
• http/tests/security/postMessage/javascript-page-still-sends-domain.html: Removed.
• http/tests/security/postMessage/javascript-page-still-sends-origin-expected.txt: Copied from LayoutTests/http/tests/security/postMessage/javascript-page-still-sends-domain-expected.txt.
• http/tests/security/postMessage/javascript-page-still-sends-origin.html: Copied from LayoutTests/http/tests/security/postMessage/javascript-page-still-sends-domain.html.
• http/tests/security/postMessage/origin-unaffected-by-base-tag-expected.txt: Copied from LayoutTests/http/tests/security/postMessage/domain-and-uri-unaffected-by-base-tag-expected.txt.
• http/tests/security/postMessage/origin-unaffected-by-base-tag.html: Copied from LayoutTests/http/tests/security/postMessage/domain-and-uri-unaffected-by-base-tag.html.
• http/tests/security/postMessage/origin-unaffected-by-document-domain-expected.txt: Copied from LayoutTests/http/tests/security/postMessage/domain-unaffected-by-document-domain-expected.txt.
• http/tests/security/postMessage/origin-unaffected-by-document-domain.html: Copied from LayoutTests/http/tests/security/postMessage/domain-unaffected-by-document-domain.html.
• http/tests/security/postMessage/target-origin-expected.txt: Added.
• http/tests/security/postMessage/target-origin.html: Added.

Location:

trunk

Files:

• LayoutTests/ChangeLog (modified) (1 diff)
• LayoutTests/http/tests/messaging/cross-domain-message-send-expected.txt (modified) (1 diff)
• LayoutTests/http/tests/messaging/resources/cross-domain-message-receive.html (modified) (1 diff)
• LayoutTests/http/tests/security/postMessage/invalid-origin-throws-exception-expected.txt (added)
• LayoutTests/http/tests/security/postMessage/invalid-origin-throws-exception.html (added)
• LayoutTests/http/tests/security/postMessage/javascript-page-still-sends-origin-expected.txt (moved) (moved from trunk/LayoutTests/http/tests/security/postMessage/javascript-page-still-sends-domain-expected.txt) (1 diff)
• LayoutTests/http/tests/security/postMessage/javascript-page-still-sends-origin.html (moved) (moved from trunk/LayoutTests/http/tests/security/postMessage/javascript-page-still-sends-domain.html) (1 diff)
• LayoutTests/http/tests/security/postMessage/origin-unaffected-by-base-tag-expected.txt (moved) (moved from trunk/LayoutTests/http/tests/security/postMessage/domain-and-uri-unaffected-by-base-tag-expected.txt) (1 diff)
• LayoutTests/http/tests/security/postMessage/origin-unaffected-by-base-tag.html (moved) (moved from trunk/LayoutTests/http/tests/security/postMessage/domain-and-uri-unaffected-by-base-tag.html)
• LayoutTests/http/tests/security/postMessage/origin-unaffected-by-document-domain-expected.txt (moved) (moved from trunk/LayoutTests/http/tests/security/postMessage/domain-unaffected-by-document-domain-expected.txt) (1 diff)
• LayoutTests/http/tests/security/postMessage/origin-unaffected-by-document-domain.html (moved) (moved from trunk/LayoutTests/http/tests/security/postMessage/domain-unaffected-by-document-domain.html)
• LayoutTests/http/tests/security/postMessage/resources/post-message-listener.html (modified) (1 diff)
• LayoutTests/http/tests/security/postMessage/target-origin-expected.txt (added)
• LayoutTests/http/tests/security/postMessage/target-origin.html (added)
• WebCore/ChangeLog (modified) (1 diff)
• WebCore/WebCore.base.exp (modified) (1 diff)
• WebCore/bindings/js/JSDOMWindowCustom.cpp (modified) (2 diffs)
• WebCore/dom/Document.cpp (modified) (1 diff)
• WebCore/dom/MessageEvent.cpp (modified) (3 diffs)
• WebCore/dom/MessageEvent.h (modified) (2 diffs)
• WebCore/dom/MessageEvent.idl (modified) (1 diff)
• WebCore/html/CanvasRenderingContext2D.cpp (modified) (2 diffs)
• WebCore/page/DOMWindow.cpp (modified) (3 diffs)
• WebCore/page/DOMWindow.h (modified) (1 diff)
• WebCore/page/DOMWindow.idl (modified) (1 diff)
• WebCore/platform/SecurityOrigin.cpp (modified) (8 diffs)
• WebCore/platform/SecurityOrigin.h (modified) (2 diffs)
• WebCore/platform/SecurityOriginHash.h (modified) (2 diffs)
• WebCore/storage/DatabaseTracker.cpp (modified) (19 diffs)
• WebKit/mac/ChangeLog (modified) (1 diff)
• WebKit/mac/Storage/WebSecurityOrigin.mm (modified) (3 diffs)
• WebKit/mac/Storage/WebSecurityOriginPrivate.h (modified) (1 diff)
• WebKit/win/ChangeLog (modified) (1 diff)
• WebKit/win/Interfaces/IWebSecurityOrigin.idl (modified) (1 diff)
• WebKit/win/WebSecurityOrigin.cpp (modified) (1 diff)
• WebKit/win/WebSecurityOrigin.h (modified) (1 diff)
• WebKitTools/ChangeLog (modified) (1 diff)
• WebKitTools/DumpRenderTree/mac/LayoutTestControllerMac.mm (modified) (1 diff)
• WebKitTools/DumpRenderTree/mac/UIDelegate.mm (modified) (1 diff)

trunk/LayoutTests/ChangeLog

@@ +1 @@
+2008-04-26  Adam Barth  <hk9565@gmail.com>
+
+        Reviewed by Adam Roben and Sam Weinig.
+
+        Update LayoutTests for new postMessage API.
+
+        Collin Jackson <collinj-webkit@collinjackson.com> also contributed to this patch.
+
+        * http/tests/security/postMessage/domain-and-uri-unaffected-by-base-tag-expected.txt: Removed.
+        * http/tests/security/postMessage/domain-and-uri-unaffected-by-base-tag.html: Removed.
+        * http/tests/security/postMessage/domain-unaffected-by-document-domain-expected.txt: Removed.
+        * http/tests/security/postMessage/domain-unaffected-by-document-domain.html: Removed.
+        * http/tests/security/postMessage/invalid-origin-throws-exception-expected.txt: Added.
+        * http/tests/security/postMessage/invalid-origin-throws-exception.html: Added.
+        * http/tests/security/postMessage/javascript-page-still-sends-domain-expected.txt: Removed.
+        * http/tests/security/postMessage/javascript-page-still-sends-domain.html: Removed.
+        * http/tests/security/postMessage/javascript-page-still-sends-origin-expected.txt: Copied from LayoutTests/http/tests/security/postMessage/javascript-page-still-sends-domain-expected.txt.
+        * http/tests/security/postMessage/javascript-page-still-sends-origin.html: Copied from LayoutTests/http/tests/security/postMessage/javascript-page-still-sends-domain.html.
+        * http/tests/security/postMessage/origin-unaffected-by-base-tag-expected.txt: Copied from LayoutTests/http/tests/security/postMessage/domain-and-uri-unaffected-by-base-tag-expected.txt.
+        * http/tests/security/postMessage/origin-unaffected-by-base-tag.html: Copied from LayoutTests/http/tests/security/postMessage/domain-and-uri-unaffected-by-base-tag.html.
+        * http/tests/security/postMessage/origin-unaffected-by-document-domain-expected.txt: Copied from LayoutTests/http/tests/security/postMessage/domain-unaffected-by-document-domain-expected.txt.
+        * http/tests/security/postMessage/origin-unaffected-by-document-domain.html: Copied from LayoutTests/http/tests/security/postMessage/domain-unaffected-by-document-domain.html.
+        * http/tests/security/postMessage/target-origin-expected.txt: Added.
+        * http/tests/security/postMessage/target-origin.html: Added.
+
 2008-04-26  Anatoli Papirovski  <apapirovski@mac.com>
 

trunk/LayoutTests/http/tests/messaging/cross-domain-message-send-expected.txt

@@ -1 +1 @@
 
-data: Something uri: http://127.0.0.1:8000/messaging/cross-domain-message-send.html domain: 127.0.0.1
+data: Something origin: http://127.0.0.1:8000

trunk/LayoutTests/http/tests/messaging/resources/cross-domain-message-receive.html

@@ -10 +10 @@
     var result = "";
     result += "data: " + e.data + "\n";
-    result += "uri: " + e.uri + "\n";
-    result += "domain: " + e.domain + "\n";
+    result += "origin: " + e.origin + "\n";
     e.source.postMessage(result);   
 }

trunk/LayoutTests/http/tests/security/postMessage/javascript-page-still-sends-origin-expected.txt

@@ -1 @@
-window.location.href = http://127.0.0.1:8000/security/postMessage/javascript-page-still-sends-domain.html
+window.location.href = http://127.0.0.1:8000/security/postMessage/javascript-page-still-sends-origin.html
 
-Received message: data="Hello from child" domain="localhost" uri="http://localhost:8000/security/postMessage/resources/javascript-post-message-sender.html"
+Received message: data="Hello from child" origin="http://localhost:8000"

trunk/LayoutTests/http/tests/security/postMessage/javascript-page-still-sends-origin.html

@@ -9 +9 @@
 
 function recv(e) {
-    var msg = 'Received message: data="' + e.data + '" domain="' + e.domain + '" uri="' + e.uri + '"';
+    var msg = 'Received message: data="' + e.data + '" origin="' + e.origin + '"';
 
     document.getElementById("result").firstChild.data = msg;

trunk/LayoutTests/http/tests/security/postMessage/origin-unaffected-by-base-tag-expected.txt

@@ -1 @@
-window.location.href = http://127.0.0.1:8000/security/postMessage/domain-and-uri-unaffected-by-base-tag.html
+window.location.href = http://127.0.0.1:8000/security/postMessage/origin-unaffected-by-base-tag.html
 
-Received message: data="Message from parent" domain="127.0.0.1" uri="http://127.0.0.1:8000/security/postMessage/domain-and-uri-unaffected-by-base-tag.html"
+Received message: data="Message from parent" origin="http://127.0.0.1:8000"

trunk/LayoutTests/http/tests/security/postMessage/origin-unaffected-by-document-domain-expected.txt

@@ -1 @@
-window.location.href = http://127.0.0.1:8000/security/postMessage/domain-unaffected-by-document-domain.html
+window.location.href = http://127.0.0.1:8000/security/postMessage/origin-unaffected-by-document-domain.html
 document.domain = 0.0.1
 
-Received message: data="Message from parent" domain="127.0.0.1" uri="http://127.0.0.1:8000/security/postMessage/domain-unaffected-by-document-domain.html"
+Received message: data="Message from parent" origin="http://127.0.0.1:8000"

trunk/LayoutTests/http/tests/security/postMessage/resources/post-message-listener.html

@@ -5 +5 @@
 <script>
 function recv(e) {
-    var msg = 'Received message: data="' + e.data + '" domain="' + e.domain + '" uri="' + e.uri + '"';
+    var msg = 'Received message: data="' + e.data + '" origin="' + e.origin + '"';
     top.postMessage(msg);
 }

trunk/WebCore/ChangeLog

@@ +1 @@
+2008-04-26  Adam Barth  <hk9565@gmail.com>
+
+        Reviewed by Adam Roben and Sam Weinig.
+
+        Fixes bug http://bugs.webkit.org/show_bug.cgi?id=17331
+        Fixes bug http://bugs.webkit.org/show_bug.cgi?id=16848
+        
+        Updates postMessage implementation to match HTML 5 specification:
+        1) Adds origin parameter to postMessage.
+        2) Removes domain and uri attributes of MessageEvent in favor of
+           origin attribute.
+
+        In order to do this correctly, we need to distinguish between hosts and domains
+        in the SecurityOrigin class. There are now three ways to compare security origins:
+        1) isSameSchemeHostPort compares scheme, host, and port, and is used for postMessage
+        2) equal compares all aspects of the security origin, and is used for hash keys
+        3) canAccess understands the semantics of schemes such as file:// and data:// URLs,
+           and should be used for scripting access checks.
+
+        Changed SecurityOrigin::toString() to generate identifiers that are suitable for 
+        being used as a MessageEvent's origin property. In the future, they could be used 
+        as database string identifiers as well. Re-used KURL parser to parse serialized 
+        SecurityOrigins.
+
+        Collin Jackson <collinj-webkit@collinjackson.com> also contributed to this patch.
+        
+        Tests: http/tests/security/postMessage/invalid-origin-throws-exception.html
+               http/tests/security/postMessage/javascript-page-still-sends-origin.html
+               http/tests/security/postMessage/origin-unaffected-by-base-tag.html
+               http/tests/security/postMessage/origin-unaffected-by-document-domain.html
+               http/tests/security/postMessage/target-origin.html
+
+        * WebCore.base.exp:
+        * bindings/js/JSDOMWindowCustom.cpp:
+        (WebCore::JSDOMWindow::postMessage):
+        * dom/Document.cpp:
+        (WebCore::Document::domain):
+        * dom/MessageEvent.cpp:
+        (WebCore::MessageEvent::MessageEvent):
+        (WebCore::MessageEvent::initMessageEvent):
+        * dom/MessageEvent.h:
+        (WebCore::MessageEvent::origin):
+        * dom/MessageEvent.idl:
+        * html/CanvasRenderingContext2D.cpp:
+        (WebCore::CanvasRenderingContext2D::checkOrigin):
+        (WebCore::CanvasRenderingContext2D::createPattern):
+        * page/DOMWindow.cpp:
+        (WebCore::DOMWindow::postMessage):
+        * page/DOMWindow.h:
+        * page/DOMWindow.idl:
+        * platform/SecurityOrigin.cpp:
+        (WebCore::SecurityOrigin::SecurityOrigin):
+        (WebCore::SecurityOrigin::create):
+        (WebCore::SecurityOrigin::createForFrame):
+        (WebCore::SecurityOrigin::copy):
+        (WebCore::SecurityOrigin::setDomainFromDOM):
+        (WebCore::SecurityOrigin::canAccess):
+        (WebCore::SecurityOrigin::isSecureTransitionTo):
+        (WebCore::SecurityOrigin::toString):
+        (WebCore::SecurityOrigin::createFromString):
+        (WebCore::SecurityOrigin::createFromDatabaseIdentifier):
+        (WebCore::SecurityOrigin::databaseIdentifier):
+        (WebCore::SecurityOrigin::equal):
+        (WebCore::SecurityOrigin::isSameSchemeHostPort):
+        * platform/SecurityOrigin.h:
+        (WebCore::SecurityOrigin::host):
+        (WebCore::SecurityOrigin::domain):
+        * platform/SecurityOriginHash.h:
+        (WebCore::SecurityOriginTraits::deletedValue):
+        * storage/DatabaseTracker.cpp:
+        (WebCore::DatabaseTracker::hasEntryForDatabase):
+        (WebCore::DatabaseTracker::originPath):
+        (WebCore::DatabaseTracker::fullPathForDatabase):
+        (WebCore::DatabaseTracker::populateOrigins):
+        (WebCore::DatabaseTracker::databaseNamesForOrigin):
+        (WebCore::DatabaseTracker::detailsForNameAndOrigin):
+        (WebCore::DatabaseTracker::setDatabaseDetails):
+        (WebCore::DatabaseTracker::setQuota):
+        (WebCore::DatabaseTracker::addDatabase):
+        (WebCore::DatabaseTracker::deleteOrigin):
+        (WebCore::DatabaseTracker::deleteDatabase):
+
 2008-04-26  Kevin Ollivier  <kevino@theolliviers.com>
 

trunk/WebCore/WebCore.base.exp

@@ -288 +288 @@
 __ZN7WebCore14ResourceLoader14cancelledErrorEv
 __ZN7WebCore14ResourceLoader19setShouldBufferDataEb
-__ZN7WebCore14SecurityOrigin6createERKNS_6StringES3_tPS0_
+__ZN7WebCore14SecurityOrigin6createERKNS_4KURLE
+__ZNK7WebCore14SecurityOrigin5equalEPKS0_
 __ZN7WebCore15ArchiveResource6createEN3WTF10PassRefPtrINS_12SharedBufferEEERKNS_4KURLERKNS_6StringESA_SA_RKNS_16ResourceResponseE
 __ZN7WebCore15BackForwardList10removeItemEPNS_11HistoryItemE

trunk/WebCore/bindings/js/JSDOMWindowCustom.cpp

@@ -208 +208 @@
 
     DOMWindow* source = toJSDOMWindow(exec->dynamicGlobalObject())->impl();
-    String domain = source->frame()->loader()->url().host();
-    String uri = source->frame()->loader()->url().string();
     String message = args[0]->toString(exec);
 
@@ -215 +213 @@
         return jsUndefined();
 
-    window->postMessage(message, domain, uri, source);
+    String targetOrigin = valueToStringWithUndefinedOrNullCheck(exec, args[1]);
+    if (exec->hadException())
+        return jsUndefined();
+
+    ExceptionCode ec = 0;
+    window->postMessage(message, targetOrigin, source, ec);
+    setDOMException(exec, ec);
 
     return jsUndefined();

trunk/WebCore/dom/Document.cpp

@@ -2756 +2756 @@
 String Document::domain() const
 {
-    return m_securityOrigin->host();
+    return m_securityOrigin->domain();
 }
 

trunk/WebCore/dom/MessageEvent.cpp

@@ -42 +42 @@
 }
 
-MessageEvent::MessageEvent(const String& data, const String& domain, const String& uri, DOMWindow* source)
+MessageEvent::MessageEvent(const String& data, const String& origin, DOMWindow* source)
     : Event(messageEvent, true, true)
     , m_data(data)
-    , m_domain(domain)
-    , m_uri(uri)
+    , m_origin(origin)
     , m_source(source)
 {
@@ -55 +54 @@
 }
 
-void MessageEvent::initMessageEvent(const AtomicString& type, bool canBubble, bool cancelable, const String& data, const String& domain, const String& uri, DOMWindow* source)
+void MessageEvent::initMessageEvent(const AtomicString& type, bool canBubble, bool cancelable, const String& data, const String& origin, DOMWindow* source)
 {
     if (dispatched())
@@ -63 +62 @@
     
     m_data = data;
-    m_domain = domain;
-    m_uri = uri;
+    m_origin = origin;
     m_source = source;
 }

trunk/WebCore/dom/MessageEvent.h

@@ -40 +40 @@
     public:
         MessageEvent();
-        MessageEvent(const String& data, const String& domain, const String& uri, DOMWindow* source);
+        MessageEvent(const String& data, const String& origin, DOMWindow* source);
         virtual ~MessageEvent();
 
-        void initMessageEvent(const AtomicString& type, bool canBubble, bool cancelable, const String& data, const String& domain, const String& uri, DOMWindow* source);
+        void initMessageEvent(const AtomicString& type, bool canBubble, bool cancelable, const String& data, const String& origin, DOMWindow* source);
         
         const String& data() const { return m_data; }
-        const String& domain() const { return m_domain; }
-        const String& uri() const { return m_uri; }
+        const String& origin() const { return m_origin; }
         DOMWindow* source() const { return m_source.get(); }
         
@@ -54 +53 @@
     private:    
         String m_data;
-        String m_domain;
-        String m_uri;
+        String m_origin;
         RefPtr<DOMWindow> m_source;
     };

trunk/WebCore/dom/MessageEvent.idl

@@ -30 +30 @@
 
         readonly attribute DOMString data;
-        readonly attribute DOMString domain;
-        readonly attribute DOMString uri;
+        readonly attribute DOMString origin;
         readonly attribute DOMWindow source;
         
-        void initMessageEvent(in DOMString typeArg, in boolean canBubbleArg, in boolean cancelableArg, in DOMString dataArg, in DOMString domainArg, in DOMString uriArg, in DOMWindow sourceArg);
+        void initMessageEvent(in DOMString typeArg, in boolean canBubbleArg, in boolean cancelableArg, in DOMString dataArg, in DOMString originArg, in DOMWindow sourceArg);
 
     };

trunk/WebCore/html/CanvasRenderingContext2D.cpp

@@ -911 +911 @@
 void CanvasRenderingContext2D::checkOrigin(const KURL& url)
 {
-    RefPtr<SecurityOrigin> origin = SecurityOrigin::create(url.protocol(), url.host(), url.port(), 0);
+    RefPtr<SecurityOrigin> origin = SecurityOrigin::create(url);
     SecurityOrigin::Reason reason;
     if (!m_canvas->document()->securityOrigin()->canAccess(origin.get(), reason))
@@ -1062 +1062 @@
     if (CachedImage* cachedImage = image->cachedImage()) {
         KURL url(cachedImage->url());
-        RefPtr<SecurityOrigin> origin = SecurityOrigin::create(url.protocol(), url.host(), url.port(), 0);
+        RefPtr<SecurityOrigin> origin = SecurityOrigin::create(url);
         SecurityOrigin::Reason reason;
         originClean = m_canvas->document()->securityOrigin()->canAccess(origin.get(), reason);

trunk/WebCore/page/DOMWindow.cpp

@@ -31 +31 @@
 #include "CSSRuleList.h"
 #include "CSSStyleSelector.h"
+#include "CString.h"
 #include "Chrome.h"
 #include "Console.h"
@@ -36 +37 @@
 #include "Document.h"
 #include "Element.h"
+#include "ExceptionCode.h"
 #include "FloatRect.h"
 #include "Frame.h"
@@ -321 +323 @@
 
 #if ENABLE(CROSS_DOCUMENT_MESSAGING)
-void DOMWindow::postMessage(const String& message, const String& domain, const String& uri, DOMWindow* source) const
-{
-   ExceptionCode ec;
-   document()->dispatchEvent(new MessageEvent(message, domain, uri, source), ec, true);
+void DOMWindow::postMessage(const String& message, const String& targetOrigin, DOMWindow* source, ExceptionCode& ecForSender) const
+{
+    if (!m_frame)
+        return;
+
+    if (!targetOrigin.isNull()) {
+        KURL desiredTargetURL(targetOrigin);
+        if (!desiredTargetURL.isValid()) {
+            ecForSender = SYNTAX_ERR;
+            return;
+        }
+
+        RefPtr<SecurityOrigin> desiredTargetOrigin = SecurityOrigin::create(desiredTargetURL);
+        SecurityOrigin* actualTargetOrigin = document()->securityOrigin();
+        if (desiredTargetOrigin->isEmpty() || !desiredTargetOrigin->isSameSchemeHostPort(actualTargetOrigin)) {
+            // The sender is not allowed to find out the origin of
+            // the recipient, so we fail silently and log a message
+            // to the console.
+            String message = String::format("Unable to post message to %s. Recipient has origin %s.\n", 
+                targetOrigin.utf8().data(), actualTargetOrigin->toString().utf8().data());
+            console()->addMessage(JSMessageSource, ErrorMessageLevel, message, 0, String());
+            return;
+        }
+    }
+
+    Document* sourceDocument = source->document();
+    if (!sourceDocument)
+        return;
+    String sourceOrigin = sourceDocument->securityOrigin()->toString();
+
+    // Sender is not allowed to see exceptions other than syntax errors
+    ExceptionCode ec; 
+    document()->dispatchEvent(new MessageEvent(message, sourceOrigin, source), ec, true);
 }
 #endif

trunk/WebCore/page/DOMWindow.h

@@ -166 +166 @@
 #endif
 #if ENABLE(CROSS_DOCUMENT_MESSAGING)
-        void postMessage(const String& message, const String& domain, const String& uri, DOMWindow* source) const;
+        void postMessage(const String& message, const String& targetOrigin, DOMWindow* source, ExceptionCode& ecForSender) const;
 #endif
 

trunk/WebCore/page/DOMWindow.idl

@@ -149 +149 @@
 #if defined(ENABLE_CROSS_DOCUMENT_MESSAGING)
         // cross-document messaging
-        [DoNotCheckDomainSecurity, Custom] void postMessage(in DOMString message);
+        [DoNotCheckDomainSecurity, Custom] void postMessage(in DOMString message, in [Optional] DOMString targetOrigin)
+            raises(DOMException);
 #endif
 

trunk/WebCore/platform/SecurityOrigin.cpp

@@ -30 +30 @@
 #include "SecurityOrigin.h"
 
+#include "CString.h"
 #include "Document.h"
 #include "Frame.h"
@@ -54 +55 @@
 }
 
-SecurityOrigin::SecurityOrigin(const String& protocol, const String& host, unsigned short port)
-    : m_protocol(protocol.isNull() ? "" : protocol.lower())
-    , m_host(host.isNull() ? "" : host.lower())
-    , m_port(port)
-    , m_portSet(port)
+SecurityOrigin::SecurityOrigin(const KURL& url)
+    : m_protocol(url.protocol().isNull() ? "" : url.protocol().lower())
+    , m_host(url.host().isNull() ? "" : url.host().lower())
+    , m_port(url.port())
     , m_noAccess(false)
     , m_domainWasSetInDOM(false)
@@ -70 +70 @@
         m_noAccess = true;
 
-
-    if (isDefaultPortForProtocol(m_port, m_protocol)) {
+    // document.domain starts as m_host, but can be set by the DOM.
+    m_domain = m_host;
+
+    if (isDefaultPortForProtocol(m_port, m_protocol))
         m_port = 0;
-        m_portSet = false;
-    }   
+}
+
+SecurityOrigin::SecurityOrigin(const SecurityOrigin* other)
+    : m_protocol(other->m_protocol.copy())
+    , m_host(other->m_host.copy())
+    , m_domain(other->m_domain.copy())
+    , m_port(other->m_port)
+    , m_noAccess(other->m_noAccess)
+    , m_domainWasSetInDOM(other->m_domainWasSetInDOM)
+{
 }
 
@@ -82 +92 @@
 }
 
-PassRefPtr<SecurityOrigin> SecurityOrigin::create(const String& protocol, const String& host, unsigned short port, SecurityOrigin* ownerFrameOrigin)
-{
-    RefPtr<SecurityOrigin> origin = adoptRef(new SecurityOrigin(protocol, host, port));
+PassRefPtr<SecurityOrigin> SecurityOrigin::create(const KURL& url)
+{
+    return adoptRef(new SecurityOrigin(url));
+}
+
+PassRefPtr<SecurityOrigin> SecurityOrigin::createForFrame(Frame* frame)
+{
+    if (!frame)
+        return create(KURL());
+
+    FrameLoader* loader = frame->loader();
+    const KURL& url = loader->url();
+
+    Frame* ownerFrame = frame->tree()->parent();
+    if (!ownerFrame)
+        ownerFrame = loader->opener();
+
+    SecurityOrigin* ownerFrameOrigin = 0;
+    if (ownerFrame && ownerFrame->document())
+        ownerFrameOrigin = ownerFrame->document()->securityOrigin();
+
+    RefPtr<SecurityOrigin> origin = create(url);
 
     // If we do not obtain a meaningful origin from the URL, then we try to find one
@@ -96 +125 @@
 }
 
-PassRefPtr<SecurityOrigin> SecurityOrigin::createForFrame(Frame* frame)
-{
-    if (!frame)
-        return create("", "", 0, 0);
-
-    FrameLoader* loader = frame->loader();
-    const KURL& url = loader->url();
-
-    Frame* ownerFrame = frame->tree()->parent();
-    if (!ownerFrame)
-        ownerFrame = loader->opener();
-
-    SecurityOrigin* ownerFrameOrigin = 0;
-    if (ownerFrame && ownerFrame->document())
-        ownerFrameOrigin = ownerFrame->document()->securityOrigin();
-
-    return create(url.protocol(), url.host(), url.port(), ownerFrameOrigin);
-}
-
 PassRefPtr<SecurityOrigin> SecurityOrigin::copy()
 {
-    return create(m_protocol.copy(), m_host.copy(), m_port, 0);
-}
-
+    return adoptRef(new SecurityOrigin(this));
+}
 
 void SecurityOrigin::setDomainFromDOM(const String& newDomain)
 {
     m_domainWasSetInDOM = true;
-    m_host = newDomain.lower();
+    m_domain = newDomain.lower();
 }
 
@@ -167 +176 @@
                 return true;
         } else if (m_domainWasSetInDOM && other->m_domainWasSetInDOM) {
-            if (m_host == other->m_host)
+            if (m_domain == other->m_domain)
                 return true;
         } else {
@@ -187 +196 @@
         return true;
 
-    if (FrameLoader::shouldTreatSchemeAsLocal(m_protocol))
-        return true;
-
-    return equalIgnoringCase(m_host, String(url.host())) && equalIgnoringCase(m_protocol, String(url.protocol())) && m_port == url.port();
+    RefPtr<SecurityOrigin> other = SecurityOrigin::create(url);
+    Reason reason;
+    return canAccess(other.get(), reason);
 }
 
 String SecurityOrigin::toString() const
 {
-    return m_protocol + ":" + m_host + ":" + String::number(m_port);
+    if (isEmpty())
+        return String();
+
+    if (m_protocol == "file")
+        return String("file://");
+
+    Vector<UChar> result;
+    result.reserveCapacity(m_protocol.length() + m_host.length() + 10);
+    append(result, m_protocol);
+    append(result, "://");
+    append(result, m_host);
+
+    if (m_port) {
+        append(result, ":");
+        append(result, String::number(m_port));
+    }
+
+    return String::adopt(result);
+}
+
+PassRefPtr<SecurityOrigin> SecurityOrigin::createFromString(const String& originString)
+{
+    return SecurityOrigin::create(KURL(originString));
 }
 
 static const char SeparatorCharacter = '_';
 
-PassRefPtr<SecurityOrigin> SecurityOrigin::createFromIdentifier(const String& stringIdentifier)
+PassRefPtr<SecurityOrigin> SecurityOrigin::createFromDatabaseIdentifier(const String& databaseIdentifier)
 { 
     // Make sure there's a first separator
-    int separator1 = stringIdentifier.find(SeparatorCharacter);
+    int separator1 = databaseIdentifier.find(SeparatorCharacter);
     if (separator1 == -1)
-        return create("", "", 0, 0);
+        return create(KURL());
         
     // Make sure there's a second separator
-    int separator2 = stringIdentifier.find(SeparatorCharacter, separator1 + 1);
+    int separator2 = databaseIdentifier.find(SeparatorCharacter, separator1 + 1);
     if (separator2 == -1)
-        return create("", "", 0, 0);
+        return create(KURL());
         
     // Make sure there's not a third separator
-    if (stringIdentifier.reverseFind(SeparatorCharacter) != separator2)
-        return create("", "", 0, 0);
+    if (databaseIdentifier.reverseFind(SeparatorCharacter) != separator2)
+        return create(KURL());
         
     // Make sure the port section is a valid port number or doesn't exist
     bool portOkay;
-    int port = stringIdentifier.right(stringIdentifier.length() - separator2 - 1).toInt(&portOkay);
-    if (!portOkay && separator2 + 1 == static_cast<int>(stringIdentifier.length()))
-        return create("", "", 0, 0);
+    int port = databaseIdentifier.right(databaseIdentifier.length() - separator2 - 1).toInt(&portOkay);
+    if (!portOkay && separator2 + 1 == static_cast<int>(databaseIdentifier.length()))
+        return create(KURL());
     
     if (port < 0 || port > 65535)
-        return create("", "", 0, 0);
+        return create(KURL());
         
     // Split out the 3 sections of data
-    String protocol = stringIdentifier.substring(0, separator1);
-    String host = stringIdentifier.substring(separator1 + 1, separator2 - separator1 - 1);
-    return create(protocol, host, port, 0);
-}
-    
-    
-String SecurityOrigin::stringIdentifier() const 
+    String protocol = databaseIdentifier.substring(0, separator1);
+    String host = databaseIdentifier.substring(separator1 + 1, separator2 - separator1 - 1);
+    return create(KURL(protocol + "://" + host + ":" + String::number(port)));
+}
+
+String SecurityOrigin::databaseIdentifier() const 
 {
     static String separatorString = String(&SeparatorCharacter, 1);
@@ -238 +267 @@
 }
 
+bool SecurityOrigin::equal(const SecurityOrigin* other) const 
+{
+    if (!isSameSchemeHostPort(other))
+        return false;
+
+    if (m_domainWasSetInDOM != other->m_domainWasSetInDOM)
+        return false;
+
+    if (m_domainWasSetInDOM && m_domain != other->m_domain)
+        return false;
+
+    return true;
+}
+
+bool SecurityOrigin::isSameSchemeHostPort(const SecurityOrigin* other) const 
+{
+    if (m_host != other->m_host)
+        return false;
+
+    if (m_protocol != other->m_protocol)
+        return false;
+
+    if (m_port != other->m_port)
+        return false;
+
+    return true;
+}
+
 } // namespace WebCore

trunk/WebCore/platform/SecurityOrigin.h

@@ -44 +44 @@
     public:
         static PassRefPtr<SecurityOrigin> createForFrame(Frame*);
-        static PassRefPtr<SecurityOrigin> createFromIdentifier(const String&);
-        static PassRefPtr<SecurityOrigin> create(const String& protocol, const String& host, unsigned short port, SecurityOrigin* ownerFrameOrigin);
+        static PassRefPtr<SecurityOrigin> createFromDatabaseIdentifier(const String&);
+        static PassRefPtr<SecurityOrigin> createFromString(const String&);
+        static PassRefPtr<SecurityOrigin> create(const KURL&);
 
         PassRefPtr<SecurityOrigin> copy();
 
         void setDomainFromDOM(const String& newDomain);
+        String protocol() const { return m_protocol; }
         String host() const { return m_host; }
-        String protocol() const { return m_protocol; }
+        String domain() const { return m_domain; }
         unsigned short port() const { return m_port; }
         
@@ -63 +65 @@
         bool isEmpty() const;
         String toString() const;
-        
-        String stringIdentifier() const;
 
-        // do not use this for access checks, it's there only for using this as a hashtable key
-        bool equal(SecurityOrigin* other) const { return m_protocol == other->m_protocol && m_host == other->m_host && m_port == other->m_port; }
-        
+        // Serialize the security origin for storage in the database. This format is
+        // deprecated and should be used only for compatibility with old databases;
+        // use toString() and createFromString() instead.
+        String databaseIdentifier() const;
+
+        // This method checks for equality between SecurityOrigins, not whether
+        // one origin can access another.  It is used for hash table keys.
+        // For access checks, use canAccess().
+        // FIXME: If this method is really only useful for hash table keys, it
+        // should be refactored into SecurityOriginHash.
+        bool equal(const SecurityOrigin*) const;
+
+        // This method checks for equality, ignoring the value of document.domain
+        // (and whether it was set) but considering the host. It is used for postMessage.
+        bool isSameSchemeHostPort(const SecurityOrigin*) const;
+
     private:
-        SecurityOrigin(const String& protocol, const String& host, unsigned short port);
+        explicit SecurityOrigin(const KURL&);
+        explicit SecurityOrigin(const SecurityOrigin*);
 
         String m_protocol;
         String m_host;
+        String m_domain;
         unsigned short m_port;
-        bool m_portSet;
         bool m_noAccess;
         bool m_domainWasSetInDOM;

trunk/WebCore/platform/SecurityOriginHash.h

@@ -30 +30 @@
 #define SecurityOriginHash_h
 
+#include "KURL.h"
 #include "SecurityOrigin.h"
 #include <wtf/RefPtr.h>
@@ -60 +61 @@
     static const bool emptyValueIsZero = true;
     static const RefPtr<SecurityOrigin>& deletedValue() 
-    { 
-        // Okay deleted value because file: protocols should always have port 0
-        static const RefPtr<SecurityOrigin> securityOriginDeletedValue = SecurityOrigin::create("file", "", 1, 0);    
+    {
+        // Ok deleted value assuming "invalid-protocol" is not a valid protocol
+        static const RefPtr<SecurityOrigin> securityOriginDeletedValue = SecurityOrigin::create(KURL("invalid-protocol:"));
         return securityOriginDeletedValue; 
     }

trunk/WebCore/storage/DatabaseTracker.cpp

@@ -179 +179 @@
         return false;
 
-    statement.bindText(1, origin->stringIdentifier());
+    statement.bindText(1, origin->databaseIdentifier());
     statement.bindText(2, databaseIdentifier);
 
@@ -190 +190 @@
     if (m_databaseDirectoryPath.isEmpty())
         return String();
-    return pathByAppendingComponent(m_databaseDirectoryPath, origin->stringIdentifier());
+    return pathByAppendingComponent(m_databaseDirectoryPath, origin->databaseIdentifier());
 }
 
@@ -200 +200 @@
         return String();
 
-    String originIdentifier = origin->stringIdentifier();
+    String originIdentifier = origin->databaseIdentifier();
     String originPath = this->originPath(origin);
     
@@ -227 +227 @@
         
     if (result != SQLResultDone) {
-        LOG_ERROR("Failed to retrieve filename from Database Tracker for origin %s, name %s", origin->stringIdentifier().ascii().data(), name.ascii().data());
+        LOG_ERROR("Failed to retrieve filename from Database Tracker for origin %s, name %s", origin->databaseIdentifier().ascii().data(), name.ascii().data());
         return String();
     }
@@ -289 +289 @@
     int result;
     while ((result = statement.step()) == SQLResultRow) {
-        RefPtr<SecurityOrigin> origin = SecurityOrigin::createFromIdentifier(statement.getColumnText(0));
+        RefPtr<SecurityOrigin> origin = SecurityOrigin::createFromDatabaseIdentifier(statement.getColumnText(0));
         m_quotaMap->set(origin.get(), statement.getColumnInt64(1));
     }
@@ -317 +317 @@
         return false;
 
-    statement.bindText(1, origin->stringIdentifier());
+    statement.bindText(1, origin->databaseIdentifier());
 
     int result;
@@ -324 +324 @@
 
     if (result != SQLResultDone) {
-        LOG_ERROR("Failed to retrieve all database names for origin %s", origin->stringIdentifier().ascii().data());
+        LOG_ERROR("Failed to retrieve all database names for origin %s", origin->databaseIdentifier().ascii().data());
         return false;
     }
@@ -338 +338 @@
         return m_proposedDatabase->second;
 
-    String originIdentifier = origin->stringIdentifier();
+    String originIdentifier = origin->databaseIdentifier();
 
     openTrackerDatabase(false);
@@ -366 +366 @@
     ASSERT(currentThread() == m_thread);
 
-    String originIdentifier = origin->stringIdentifier();
+    String originIdentifier = origin->databaseIdentifier();
     int64_t guid = 0;
     
@@ -546 +546 @@
             SQLiteStatement statement(m_database, "INSERT INTO Origins VALUES (?, ?)");
             if (statement.prepare() != SQLResultOk) {
-                LOG_ERROR("Unable to establish origin %s in the tracker", origin->stringIdentifier().ascii().data());
+                LOG_ERROR("Unable to establish origin %s in the tracker", origin->databaseIdentifier().ascii().data());
             } else {
-                statement.bindText(1, origin->stringIdentifier());
+                statement.bindText(1, origin->databaseIdentifier());
                 statement.bindInt64(2, quota);
 
                 if (statement.step() != SQLResultDone)
-                    LOG_ERROR("Unable to establish origin %s in the tracker", origin->stringIdentifier().ascii().data());
+                    LOG_ERROR("Unable to establish origin %s in the tracker", origin->databaseIdentifier().ascii().data());
             }
         } else {
@@ -559 +559 @@
             if (!error) {
                 statement.bindInt64(1, quota);
-                statement.bindText(2, origin->stringIdentifier());
+                statement.bindText(2, origin->databaseIdentifier());
 
                 error = !statement.executeCommand();
@@ -565 +565 @@
 
             if (error)
-                LOG_ERROR("Failed to set quota %llu in tracker database for origin %s", quota, origin->stringIdentifier().ascii().data());
+                LOG_ERROR("Failed to set quota %llu in tracker database for origin %s", quota, origin->databaseIdentifier().ascii().data());
         }
 
@@ -591 +591 @@
         return false;
 
-    statement.bindText(1, origin->stringIdentifier());
+    statement.bindText(1, origin->databaseIdentifier());
     statement.bindText(2, name);
     statement.bindText(3, path);
 
     if (!statement.executeCommand()) {
-        LOG_ERROR("Failed to add database %s to origin %s: %s\n", name.ascii().data(), origin->stringIdentifier().ascii().data(), m_database.lastErrorMsg());
+        LOG_ERROR("Failed to add database %s to origin %s: %s\n", name.ascii().data(), origin->databaseIdentifier().ascii().data(), m_database.lastErrorMsg());
         return false;
     }
@@ -626 +626 @@
     Vector<String> databaseNames;
     if (!databaseNamesForOrigin(origin, databaseNames)) {
-        LOG_ERROR("Unable to retrieve list of database names for origin %s", origin->stringIdentifier().ascii().data());
+        LOG_ERROR("Unable to retrieve list of database names for origin %s", origin->databaseIdentifier().ascii().data());
         return;
     }
@@ -632 +632 @@
     for (unsigned i = 0; i < databaseNames.size(); ++i) {
         if (!deleteDatabaseFile(origin, databaseNames[i])) {
-            LOG_ERROR("Unable to delete file for database %s in origin %s", databaseNames[i].ascii().data(), origin->stringIdentifier().ascii().data());
+            LOG_ERROR("Unable to delete file for database %s in origin %s", databaseNames[i].ascii().data(), origin->databaseIdentifier().ascii().data());
             return;
         }
@@ -639 +639 @@
     SQLiteStatement statement(m_database, "DELETE FROM Databases WHERE origin=?");
     if (statement.prepare() != SQLResultOk) {
-        LOG_ERROR("Unable to prepare deletion of databases from origin %s from tracker", origin->stringIdentifier().ascii().data());
+        LOG_ERROR("Unable to prepare deletion of databases from origin %s from tracker", origin->databaseIdentifier().ascii().data());
         return;
     }
         
-    statement.bindText(1, origin->stringIdentifier());
+    statement.bindText(1, origin->databaseIdentifier());
     
     if (!statement.executeCommand()) {
-        LOG_ERROR("Unable to execute deletion of databases from origin %s from tracker", origin->stringIdentifier().ascii().data());
+        LOG_ERROR("Unable to execute deletion of databases from origin %s from tracker", origin->databaseIdentifier().ascii().data());
         return;
     }
@@ -652 +652 @@
     SQLiteStatement originStatement(m_database, "DELETE FROM Origins WHERE origin=?");
     if (originStatement.prepare() != SQLResultOk) {
-        LOG_ERROR("Unable to prepare deletion of origin %s from tracker", origin->stringIdentifier().ascii().data());
-        return;
-    }
-
-    originStatement.bindText(1, origin->stringIdentifier());
+        LOG_ERROR("Unable to prepare deletion of origin %s from tracker", origin->databaseIdentifier().ascii().data());
+        return;
+    }
+
+    originStatement.bindText(1, origin->databaseIdentifier());
     
     if (!originStatement.executeCommand()) {
-        LOG_ERROR("Unable to execute deletion of databases from origin %s from tracker", origin->stringIdentifier().ascii().data());
+        LOG_ERROR("Unable to execute deletion of databases from origin %s from tracker", origin->databaseIdentifier().ascii().data());
         return;
     }
@@ -697 +697 @@
 
     if (!deleteDatabaseFile(origin, name)) {
-        LOG_ERROR("Unable to delete file for database %s in origin %s", name.ascii().data(), origin->stringIdentifier().ascii().data());
+        LOG_ERROR("Unable to delete file for database %s in origin %s", name.ascii().data(), origin->databaseIdentifier().ascii().data());
         return;
     }
@@ -703 +703 @@
     SQLiteStatement statement(m_database, "DELETE FROM Databases WHERE origin=? AND name=?");
     if (statement.prepare() != SQLResultOk) {
-        LOG_ERROR("Unable to prepare deletion of database %s from origin %s from tracker", name.ascii().data(), origin->stringIdentifier().ascii().data());
+        LOG_ERROR("Unable to prepare deletion of database %s from origin %s from tracker", name.ascii().data(), origin->databaseIdentifier().ascii().data());
         return;
     }
         
-    statement.bindText(1, origin->stringIdentifier());
+    statement.bindText(1, origin->databaseIdentifier());
     statement.bindText(2, name);
     
     if (!statement.executeCommand()) {
-        LOG_ERROR("Unable to execute deletion of database %s from origin %s from tracker", name.ascii().data(), origin->stringIdentifier().ascii().data());
+        LOG_ERROR("Unable to execute deletion of database %s from origin %s from tracker", name.ascii().data(), origin->databaseIdentifier().ascii().data());
         return;
     }

trunk/WebKit/mac/ChangeLog

@@ +1 @@
+2008-04-20 Adam Barth <hk9565@gmail.com>
+
+        Reviewed by Adam Roben and Sam Weinig.
+
+        Updated WebSecurityOrigin to match new SecurityOrigin API.
+
+        Collin Jackson <collinj-webkit@collinjackson.com> also contributed to this patch.
+
+        * Storage/WebSecurityOrigin.mm:
+        (-[WebSecurityOrigin host]):
+        (-[WebSecurityOrigin domain]):
+        * Storage/WebSecurityOriginPrivate.h:
+
 2008-04-25  Mark Rowe  <mrowe@apple.com>
 

trunk/WebKit/mac/Storage/WebSecurityOrigin.mm

@@ -30 +30 @@
 
 #import <WebCore/DatabaseTracker.h>
+#import <WebCore/KURL.h>
 #import <WebCore/SecurityOrigin.h>
 
@@ -35 +36 @@
 
 @implementation WebSecurityOrigin
-
-- (id)initWithProtocol:(NSString *)protocol domain:(NSString *)domain
-{
-    return [self initWithProtocol:protocol domain:domain port:0];
-}
-
-- (id)initWithProtocol:(NSString *)protocol domain:(NSString *)domain port:(unsigned short)port
+- (id)initWithURL:(NSURL *)url
 {
     self = [super init];
     if (!self)
         return nil;
-    
-    RefPtr<SecurityOrigin> origin = SecurityOrigin::create(protocol, domain, port, 0);
+
+    RefPtr<SecurityOrigin> origin = SecurityOrigin::create(KURL([url absoluteURL]));
     origin->ref();
     _private = reinterpret_cast<WebSecurityOriginPrivate*>(origin.get());
@@ -59 +54 @@
 }
 
+- (NSString*)host
+{
+    return reinterpret_cast<SecurityOrigin*>(_private)->host();
+}
+
+// Deprecated. Use host instead. This needs to stay here until we ship a new Safari.
 - (NSString*)domain
 {
-    return reinterpret_cast<SecurityOrigin*>(_private)->host();
+    return [self host];
 }
 

trunk/WebKit/mac/Storage/WebSecurityOriginPrivate.h

@@ -33 +33 @@
 }
 
-- (id)initWithProtocol:(NSString *)protocol domain:(NSString *)domain;
-- (id)initWithProtocol:(NSString *)protocol domain:(NSString *)domain port:(unsigned short)port;
+- (id)initWithURL:(NSURL *)url;
 
 - (NSString*)protocol;
-- (NSString*)domain;
+- (NSString*)host;
 
 // Returns zero if the port is the default port for the protocol, non-zero otherwise

trunk/WebKit/win/ChangeLog

@@ +1 @@
+2008-04-26  Adam Barth <hk9565@gmail.com>
+
+        Reviewed by Adam Roben and Sam Weinig.
+
+        Renamed "domain" method to "host" to match SecurityOrigin.
+
+        * Interfaces/IWebSecurityOrigin.idl:
+        * WebSecurityOrigin.cpp:
+        (WebSecurityOrigin::host):
+        * WebSecurityOrigin.h:
+
 2008-04-25  Anders Carlsson  <andersca@apple.com>
 

trunk/WebKit/win/Interfaces/IWebSecurityOrigin.idl

@@ -41 +41 @@
 {
     HRESULT protocol([out, retval] BSTR* result);
-    HRESULT domain([out, retval] BSTR* result);
+    HRESULT host([out, retval] BSTR* result);
     HRESULT port([out, retval] unsigned short* result);
 

trunk/WebKit/win/WebSecurityOrigin.cpp

@@ -100 +100 @@
 }
         
-HRESULT STDMETHODCALLTYPE WebSecurityOrigin::domain( 
+HRESULT STDMETHODCALLTYPE WebSecurityOrigin::host( 
     /* [retval][out] */ BSTR* result)
 {

trunk/WebKit/win/WebSecurityOrigin.h

@@ -53 +53 @@
         /* [retval][out] */ BSTR* result);
         
-    virtual HRESULT STDMETHODCALLTYPE domain( 
+    virtual HRESULT STDMETHODCALLTYPE host( 
         /* [retval][out] */ BSTR* result);
         

trunk/WebKitTools/ChangeLog

@@ +1 @@
+2008-04-26  Adam Barth <hk9565@gmail.com>
+
+        Reviewed by Adam Roben and Sam Weinig.
+
+        Updates LayoutTestController to use host instead of domain.
+
+        Collin Jackson <collinj-webkit@collinjackson.com> also contributed to this patch.
+
+        * DumpRenderTree/mac/LayoutTestControllerMac.mm:
+        (LayoutTestController::setDatabaseQuota):
+        * DumpRenderTree/mac/UIDelegate.mm:
+        (-[UIDelegate webView:frame:exceededDatabaseQuotaForSecurityOrigin:database:]):
+
 2008-04-26  Kevin Ollivier  <kevino@theolliviers.com>
 

trunk/WebKitTools/DumpRenderTree/mac/LayoutTestControllerMac.mm

@@ -180 +180 @@
 void LayoutTestController::setDatabaseQuota(unsigned long long quota)
 {    
-    WebSecurityOrigin *origin = [[WebSecurityOrigin alloc] initWithProtocol:@"file" domain:nil];
+    WebSecurityOrigin *origin = [[WebSecurityOrigin alloc] initWithURL:[NSURL URLWithString:@"file:///"]];
     [origin setQuota:quota];
     [origin release];

trunk/WebKitTools/DumpRenderTree/mac/UIDelegate.mm

@@ -132 +132 @@
 {
     if (!done && layoutTestController->dumpDatabaseCallbacks())
-        printf("UI DELEGATE DATABASE CALLBACK: exceededDatabaseQuotaForSecurityOrigin:{%s, %s, %i} database:%s\n", [[origin protocol] UTF8String], [[origin domain] UTF8String], 
+        printf("UI DELEGATE DATABASE CALLBACK: exceededDatabaseQuotaForSecurityOrigin:{%s, %s, %i} database:%s\n", [[origin protocol] UTF8String], [[origin host] UTF8String], 
             [origin port], [databaseIdentifier UTF8String]);