Changeset 34753 in webkit
- Timestamp:
- Jun 23, 2008 8:00:21 PM (16 years ago)
- Location:
- trunk/WebCore
- Files:
-
- 7 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/WebCore/ChangeLog
r34752 r34753 1 2008-06-23 Adam Barth <abarth@webkit.org> 2 3 Reviewed by Darin Adler. 4 5 https://bugs.webkit.org/show_bug.cgi?id=16756 6 7 Move isAllowedToLoadLocalResources into SecurityOrigin. 8 9 * dom/Document.cpp: 10 (WebCore::Document::Document): 11 (WebCore::Document::setURL): 12 (WebCore::Document::initSecurityContext): 13 * dom/Document.h: 14 * loader/FrameLoader.cpp: 15 (WebCore::FrameLoader::canLoad): 16 * platform/SecurityOrigin.cpp: 17 (WebCore::SecurityOrigin::SecurityOrigin): 18 (WebCore::SecurityOrigin::isLocal): 19 * platform/SecurityOrigin.h: 20 (WebCore::SecurityOrigin::protocol): 21 (WebCore::SecurityOrigin::host): 22 (WebCore::SecurityOrigin::domain): 23 (WebCore::SecurityOrigin::port): 24 (WebCore::SecurityOrigin::canLoadLocalResources): 25 (WebCore::SecurityOrigin::grantLoadLocalResources): 26 * xml/XMLHttpRequest.cpp: 27 (WebCore::XMLHttpRequest::setRequestHeader): 28 1 29 2008-06-23 Mark Rowe <mrowe@apple.com> 2 30 -
trunk/WebCore/dom/Document.cpp
r34739 r34753 288 288 , m_createRenderers(true) 289 289 , m_inPageCache(false) 290 , m_isAllowedToLoadLocalResources(false)291 290 , m_useSecureKeyboardEntryWhenActive(false) 292 291 , m_isXHTML(isXHTML) … … 1706 1705 m_url = newURL; 1707 1706 m_documentURI = m_url.string(); 1708 m_isAllowedToLoadLocalResources = shouldBeAllowedToLoadLocalResources();1709 1707 updateBaseURL(); 1710 }1711 1712 bool Document::shouldBeAllowedToLoadLocalResources() const1713 {1714 if (FrameLoader::shouldTreatURLAsLocal(m_url.string()))1715 return true;1716 1717 Frame* frame = this->frame();1718 if (!frame)1719 return false;1720 1721 DocumentLoader* documentLoader = frame->loader()->documentLoader();1722 if (!documentLoader)1723 return false;1724 1725 if (m_url == blankURL() && frame->loader()->opener() && frame->loader()->opener()->document()->isAllowedToLoadLocalResources())1726 return true;1727 1728 return documentLoader->substituteData().isValid();1729 1708 } 1730 1709 … … 3946 3925 m_securityOrigin = SecurityOrigin::create(url); 3947 3926 3927 // If this document was loaded with substituteData, then the document can 3928 // load local resources. See https://bugs.webkit.org/show_bug.cgi?id=16756 3929 // for further discussion. 3930 DocumentLoader* documentLoader = m_frame->loader()->documentLoader(); 3931 if (documentLoader && documentLoader->substituteData().isValid()) 3932 m_securityOrigin->grantLoadLocalResources(); 3933 3948 3934 if (!m_securityOrigin->isEmpty()) 3949 3935 return; -
trunk/WebCore/dom/Document.h
r34637 r34753 730 730 void setIconURL(const String& iconURL, const String& type); 731 731 732 bool isAllowedToLoadLocalResources() const { return m_isAllowedToLoadLocalResources; }733 734 732 void setUseSecureKeyboardEntryWhenActive(bool); 735 733 bool useSecureKeyboardEntryWhenActive() const; … … 965 963 966 964 private: 967 bool shouldBeAllowedToLoadLocalResources() const;968 969 965 void updateTitle(); 970 966 void removeAllDisconnectedNodeEventListeners(); … … 1021 1017 HashSet<Element*> m_pageCacheCallbackElements; 1022 1018 1023 bool m_isAllowedToLoadLocalResources;1024 1025 1019 bool m_useSecureKeyboardEntryWhenActive; 1026 1020 -
trunk/WebCore/loader/FrameLoader.cpp
r34733 r34753 2263 2263 return true; 2264 2264 2265 return doc && doc-> isAllowedToLoadLocalResources();2265 return doc && doc->securityOrigin()->canLoadLocalResources(); 2266 2266 } 2267 2267 … … 2271 2271 return true; 2272 2272 2273 return doc && doc-> isAllowedToLoadLocalResources();2273 return doc && doc->securityOrigin()->canLoadLocalResources(); 2274 2274 } 2275 2275 -
trunk/WebCore/platform/SecurityOrigin.cpp
r34532 r34753 70 70 m_domain = m_host; 71 71 72 // By default, only local SecurityOrigins can load local resources. 73 m_canLoadLocalResources = isLocal(); 74 72 75 if (isDefaultPortForProtocol(m_port, m_protocol)) 73 76 m_port = 0; … … 81 84 , m_noAccess(other->m_noAccess) 82 85 , m_domainWasSetInDOM(other->m_domainWasSetInDOM) 86 , m_canLoadLocalResources(other->m_canLoadLocalResources) 83 87 { 84 88 } … … 112 116 bool SecurityOrigin::canAccess(const SecurityOrigin* other) const 113 117 { 114 if ( FrameLoader::shouldTreatSchemeAsLocal(m_protocol))118 if (isLocal()) 115 119 return true; 116 120 … … 153 157 bool SecurityOrigin::canRequest(const KURL& url) const 154 158 { 155 if ( FrameLoader::shouldTreatSchemeAsLocal(m_protocol))159 if (isLocal()) 156 160 return true; 157 161 … … 164 168 // to ignore document.domain effects. 165 169 return isSameSchemeHostPort(targetOrigin.get()); 170 } 171 172 bool SecurityOrigin::isLocal() const 173 { 174 return FrameLoader::shouldTreatSchemeAsLocal(m_protocol); 166 175 } 167 176 -
trunk/WebCore/platform/SecurityOrigin.h
r34532 r34753 47 47 static PassRefPtr<SecurityOrigin> createEmpty(); 48 48 49 // Create a deep copy of this SecurityOrigin. This method is useful 50 // when marshalling a SecurityOrigin to another thread. 49 51 PassRefPtr<SecurityOrigin> copy(); 50 52 53 // Set the domain property of this security origin to newDomain. This 54 // function does not check whether newDomain is a suffix of the current 55 // domain. The caller is responsible for validating newDomain. 51 56 void setDomainFromDOM(const String& newDomain); 57 52 58 String protocol() const { return m_protocol; } 53 59 String host() const { return m_host; } … … 56 62 57 63 // Returns true if this SecurityOrigin can script objects in the given 58 // SecurityOrigin. 64 // SecurityOrigin. For example, call this function before allowing 65 // script from one security origin to read or write objects from 66 // another SecurityOrigin. 59 67 bool canAccess(const SecurityOrigin*) const; 60 68 61 69 // Returns true if this SecurityOrigin can read content retrieved from 62 // the given URL. For example, call this function before issuing70 // the given URL. For example, call this function before issuing 63 71 // XMLHttpRequests. 64 72 bool canRequest(const KURL&) const; 65 73 74 // Returns true if this SecurityOrigin can load local resources, such 75 // as images, iframes, and style sheets, and can link to local URLs. 76 // For example, call this function before creating an iframe to a 77 // file:// URL. 78 // 79 // Note: A SecurityOrigin might be allowed to load local resources 80 // without being able to issue an XMLHttpRequest for a local URL. 81 // To determine whether the SecurityOrigin can issue an 82 // XMLHttpRequest for a URL, call canRequest(url). 83 bool canLoadLocalResources() const { return m_canLoadLocalResources; } 84 85 // Explicitly grant the ability to load local resources to this 86 // SecurityOrigin. 87 void grantLoadLocalResources() { m_canLoadLocalResources = true; } 88 66 89 bool isSecureTransitionTo(const KURL&) const; 67 90 91 // The local SecurityOrigin is the most privileged SecurityOrigin. 92 // The local SecurityOrigin can script any document, navigate to local 93 // resources, and can set arbitrary headers on XMLHttpRequests. 94 bool isLocal() const; 95 96 // The empty SecurityOrigin is the least privileged SecurityOrigin. 68 97 bool isEmpty() const; 98 99 // Convert this SecurityOrigin into a string. The string 100 // representation of a SecurityOrigin is similar to a URL, except it 101 // lacks a path component. The string representation does not encode 102 // the value of the SecurityOrigin's domain property. The empty 103 // SecurityOrigin is represented with the null string. 69 104 String toString() const; 70 105 … … 95 130 bool m_noAccess; 96 131 bool m_domainWasSetInDOM; 132 bool m_canLoadLocalResources; 97 133 }; 98 134 -
trunk/WebCore/xml/XMLHttpRequest.cpp
r34742 r34753 703 703 704 704 // A privileged script (e.g. a Dashboard widget) can set any headers. 705 if (!m_doc-> isAllowedToLoadLocalResources() && !isSafeRequestHeader(name)) {705 if (!m_doc->securityOrigin()->canLoadLocalResources() && !isSafeRequestHeader(name)) { 706 706 if (m_doc && m_doc->frame()) 707 707 m_doc->frame()->domWindow()->console()->addMessage(JSMessageSource, ErrorMessageLevel, "Refused to set unsafe header " + name, 1, String());
Note: See TracChangeset
for help on using the changeset viewer.