Changeset 75455 in webkit
- Timestamp:
- Jan 10, 2011 5:02:01 PM (13 years ago)
- Location:
- trunk
- Files:
-
- 9 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/Source/WebCore/ChangeLog
r75450 r75455 1 2011-01-10 Adam Barth <abarth@webkit.org> 2 3 Reviewed by Darin Adler. 4 5 Introduce the notion of a "display-isolated" URL scheme for use by 6 Chrome-internal URLs 7 https://bugs.webkit.org/show_bug.cgi?id=50182 8 9 This patch adds the basic plumbing for display-isolated URL schemes. 10 Originally, this patch also had the functional change, but I've split 11 that off into a separate patch because the original patch caused a 12 performance regression. 13 14 * page/SecurityOrigin.cpp: 15 (WebCore::SecurityOrigin::canDisplay): 16 * platform/SchemeRegistry.cpp: 17 (WebCore::displayIsolatedURLSchemes): 18 (WebCore::SchemeRegistry::registerURLSchemeAsLocal): 19 (WebCore::SchemeRegistry::removeURLSchemeRegisteredAsLocal): 20 (WebCore::SchemeRegistry::localSchemes): 21 (WebCore::SchemeRegistry::deprecatedShouldTreatURLAsLocal): 22 (WebCore::SchemeRegistry::shouldTreatURLSchemeAsLocal): 23 (WebCore::SchemeRegistry::registerURLSchemeAsDisplayIsolated): 24 (WebCore::SchemeRegistry::shouldTreatURLSchemeAsDisplayIsolated): 25 * platform/SchemeRegistry.h: 26 1 27 2011-01-10 Jer Noble <jer.noble@apple.com> 2 28 -
trunk/Source/WebCore/page/SecurityOrigin.cpp
r74597 r75455 304 304 { 305 305 #if ENABLE(BLOB) 306 // FIXME: We should generalize this check. 306 307 if (url.protocolIs(BlobURL::blobProtocol())) 307 308 return canRequest(url); … … 311 312 return true; 312 313 313 if (!SchemeRegistry::shouldTreatURLAsLocal(url.string())) 314 // FIXME: I suspect this check is incorrect because url has not necessarily 315 // been canonicalized. 316 if (!SchemeRegistry::deprecatedShouldTreatURLAsLocal(url.string())) 314 317 return true; 315 318 -
trunk/Source/WebCore/platform/SchemeRegistry.cpp
r73002 r75455 46 46 } 47 47 48 static URLSchemesMap& displayIsolatedURLSchemes() 49 { 50 DEFINE_STATIC_LOCAL(URLSchemesMap, displayIsolatedSchemes, ()); 51 return displayIsolatedSchemes; 52 } 53 48 54 static URLSchemesMap& secureSchemes() 49 55 { … … 83 89 void SchemeRegistry::registerURLSchemeAsLocal(const String& scheme) 84 90 { 85 WebCore::localURLSchemes().add(scheme);91 localURLSchemes().add(scheme); 86 92 } 87 93 … … 94 100 return; 95 101 #endif 96 WebCore::localURLSchemes().remove(scheme);102 localURLSchemes().remove(scheme); 97 103 } 98 104 99 const URLSchemesMap& SchemeRegistry::local URLSchemes()105 const URLSchemesMap& SchemeRegistry::localSchemes() 100 106 { 101 return WebCore::localURLSchemes();107 return localURLSchemes(); 102 108 } 103 109 104 bool SchemeRegistry:: shouldTreatURLAsLocal(const String& url)110 bool SchemeRegistry::deprecatedShouldTreatURLAsLocal(const String& url) 105 111 { 106 112 // This avoids an allocation of another String and the HashSet contains() … … 119 125 120 126 String scheme = url.left(loc); 121 return WebCore::localURLSchemes().contains(scheme);127 return localURLSchemes().contains(scheme); 122 128 } 123 129 … … 137 143 return false; 138 144 139 return WebCore::localURLSchemes().contains(scheme);145 return localURLSchemes().contains(scheme); 140 146 } 141 147 … … 148 154 { 149 155 return schemesWithUniqueOrigins().contains(scheme); 156 } 157 158 void SchemeRegistry::registerURLSchemeAsDisplayIsolated(const String& scheme) 159 { 160 displayIsolatedURLSchemes().add(scheme); 161 } 162 163 bool SchemeRegistry::shouldTreatURLSchemeAsDisplayIsolated(const String& scheme) 164 { 165 return displayIsolatedURLSchemes().contains(scheme); 150 166 } 151 167 -
trunk/Source/WebCore/platform/SchemeRegistry.h
r73002 r75455 39 39 static void registerURLSchemeAsLocal(const String&); 40 40 static void removeURLSchemeRegisteredAsLocal(const String&); 41 static const URLSchemesMap& local URLSchemes();41 static const URLSchemesMap& localSchemes(); 42 42 43 static bool shouldTreatURLAsLocal(const String&);44 43 static bool shouldTreatURLSchemeAsLocal(const String&); 44 static bool deprecatedShouldTreatURLAsLocal(const String&); 45 45 46 46 // Secure schemes do not trigger mixed content warnings. For example, … … 52 52 static void registerURLSchemeAsNoAccess(const String&); 53 53 static bool shouldTreatURLSchemeAsNoAccess(const String&); 54 54 55 // Display-isolated schemes can only be displayed (in the sense of 56 // SecurityOrigin::canDisplay) by documents from the same scheme. 57 static void registerURLSchemeAsDisplayIsolated(const String&); 58 static bool shouldTreatURLSchemeAsDisplayIsolated(const String&); 59 55 60 static void registerURLSchemeAsEmptyDocument(const String&); 56 61 static bool shouldLoadURLSchemeAsEmptyDocument(const String&); -
trunk/WebKit/chromium/ChangeLog
r75448 r75455 1 2011-01-10 Adam Barth <abarth@webkit.org> 2 3 Reviewed by Darin Adler. 4 5 Introduce the notion of a "display-isolated" URL scheme for use by 6 Chrome-internal URLs 7 https://bugs.webkit.org/show_bug.cgi?id=50182 8 9 This patch adds a Chromium API for registering schemes as 10 display-isolated. In a subsequent patch, I'll change the "chrome" 11 scheme in Chrome to be display isolated instead of local. That will 12 prevent file URLs from linking to chrome URLs. 13 14 * public/WebSecurityPolicy.h: 15 * src/WebSecurityPolicy.cpp: 16 (WebKit::WebSecurityPolicy::registerURLSchemeAsDisplayIsolated): 17 1 18 2011-01-10 John Abd-El-Malek <jam@chromium.org> 2 19 -
trunk/WebKit/chromium/public/WebSecurityPolicy.h
r73002 r75455 42 42 public: 43 43 // Registers a URL scheme to be treated as a local scheme (i.e., with the 44 // same security rules as those applied to "file" URLs). 44 // same security rules as those applied to "file" URLs). This means that 45 45 // normal pages cannot link to or access URLs of this scheme. 46 46 WEBKIT_API static void registerURLSchemeAsLocal(const WebString&); 47 47 48 // Registers a URL scheme to be treated as a noAccess scheme. 48 // Registers a URL scheme to be treated as a noAccess scheme. This means 49 49 // that pages loaded with this URL scheme cannot access pages loaded with 50 50 // any other URL scheme. 51 51 WEBKIT_API static void registerURLSchemeAsNoAccess(const WebString&); 52 53 // Registers a URL scheme to be treated as display-isolated. This means 54 // that pages cannot display these URLs unless they are from the same 55 // scheme. For example, pages in other origin cannot create iframes or 56 // hyperlinks to URLs with the scheme. 57 WEBKIT_API static void registerURLSchemeAsDisplayIsolated(const WebString&); 52 58 53 59 // Registers a URL scheme to not generate mixed content warnings when … … 63 69 const WebString& destinationHost, bool allowDestinationSubdomains); 64 70 WEBKIT_API static void resetOriginAccessWhitelists(); 65 71 66 72 // Returns whether the url should be allowed to see the referrer 67 73 // based on their respective protocols. -
trunk/WebKit/chromium/src/WebSecurityPolicy.cpp
r73002 r75455 53 53 } 54 54 55 void WebSecurityPolicy::registerURLSchemeAsDisplayIsolated(const WebString& scheme) 56 { 57 SchemeRegistry::registerURLSchemeAsDisplayIsolated(scheme); 58 } 59 55 60 void WebSecurityPolicy::registerURLSchemeAsSecure(const WebString& scheme) 56 61 { -
trunk/WebKit/qt/Api/qwebsecurityorigin.cpp
r73789 r75455 260 260 { 261 261 QStringList list; 262 const URLSchemesMap& map = SchemeRegistry::local URLSchemes();262 const URLSchemesMap& map = SchemeRegistry::localSchemes(); 263 263 URLSchemesMap::const_iterator end = map.end(); 264 264 for (URLSchemesMap::const_iterator i = map.begin(); i != end; ++i) { -
trunk/WebKit/qt/ChangeLog
r75411 r75455 1 2011-01-10 Adam Barth <abarth@webkit.org> 2 3 Reviewed by Darin Adler. 4 5 Introduce the notion of a "display-isolated" URL scheme for use by 6 Chrome-internal URLs 7 https://bugs.webkit.org/show_bug.cgi?id=50182 8 9 Update to new function name. 10 11 * Api/qwebsecurityorigin.cpp: 12 (QWebSecurityOrigin::localSchemes): 13 1 14 2011-01-10 Benjamin Poulain <benjamin.poulain@nokia.com> 2 15
Note: See TracChangeset
for help on using the changeset viewer.