Changeset 75557 in webkit
- Timestamp:
- Jan 11, 2011 2:53:39 PM (13 years ago)
- Location:
- trunk/Source/WebCore
- Files:
-
- 5 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/Source/WebCore/ChangeLog
r75555 r75557 1 2011-01-11 Adam Barth <abarth@webkit.org> 2 3 Reviewed by Eric Seidel. 4 5 Introduce the notion of a "display-isolated" URL scheme for use by 6 Chrome-internal URLs 7 https://bugs.webkit.org/show_bug.cgi?id=50182 8 9 This patch actually makes the display-isolated schemes display 10 isolated. The behavior should be the same as the previous iteration of 11 this patch, but re-organized a bit because reading the access white 12 list is expensive. 13 14 * page/SecurityOrigin.cpp: 15 (WebCore::SecurityOrigin::isAccessToURLWhiteListed): 16 (WebCore::SecurityOrigin::canDisplay): 17 * page/SecurityOrigin.h: 18 * platform/SchemeRegistry.cpp: 19 * platform/SchemeRegistry.h: 20 1 21 2011-01-11 Mihai Parparita <mihaip@chromium.org> 2 22 -
trunk/Source/WebCore/page/SecurityOrigin.cpp
r75455 r75557 300 300 return false; 301 301 } 302 302 303 bool SecurityOrigin::isAccessToURLWhiteListed(const KURL& url) const 304 { 305 RefPtr<SecurityOrigin> targetOrigin = SecurityOrigin::create(url); 306 return isAccessWhiteListed(targetOrigin.get()); 307 } 308 303 309 bool SecurityOrigin::canDisplay(const KURL& url) const 304 310 { 311 String protocol = url.protocol().lower(); 312 305 313 #if ENABLE(BLOB) 306 314 // FIXME: We should generalize this check. 307 if ( url.protocolIs(BlobURL::blobProtocol()))315 if (protocol == BlobURL::blobProtocol()) 308 316 return canRequest(url); 309 317 #endif 310 318 311 if (!restrictAccessToLocal()) 312 return true; 313 314 // FIXME: I suspect this check is incorrect because url has not necessarily 315 // been canonicalized. 316 if (!SchemeRegistry::deprecatedShouldTreatURLAsLocal(url.string())) 317 return true; 318 319 RefPtr<SecurityOrigin> targetOrigin = SecurityOrigin::create(url); 320 if (isAccessWhiteListed(targetOrigin.get())) 321 return true; 322 323 return canLoadLocalResources(); 319 if (SchemeRegistry::shouldTreatURLSchemeAsDisplayIsolated(protocol)) 320 return m_protocol == protocol || isAccessToURLWhiteListed(url); 321 322 if (restrictAccessToLocal() && SchemeRegistry::shouldTreatURLSchemeAsLocal(protocol)) 323 return canLoadLocalResources() || isAccessToURLWhiteListed(url); 324 325 return true; 324 326 } 325 327 -
trunk/Source/WebCore/page/SecurityOrigin.h
r74597 r75557 194 194 explicit SecurityOrigin(const SecurityOrigin*); 195 195 196 bool passesFileCheck(const SecurityOrigin* other) const; 197 198 bool isAccessWhiteListed(const SecurityOrigin* targetOrigin) const; 196 // FIXME: Rename this function to something more semantic. 197 bool passesFileCheck(const SecurityOrigin*) const; 198 199 bool isAccessWhiteListed(const SecurityOrigin*) const; 200 bool isAccessToURLWhiteListed(const KURL&) const; 199 201 200 202 SandboxFlags m_sandboxFlags; -
trunk/Source/WebCore/platform/SchemeRegistry.cpp
r75455 r75557 108 108 } 109 109 110 bool SchemeRegistry::deprecatedShouldTreatURLAsLocal(const String& url)111 {112 // This avoids an allocation of another String and the HashSet contains()113 // call for the file: and http: schemes.114 if (url.length() >= 5) {115 const UChar* s = url.characters();116 if (s[0] == 'h' && s[1] == 't' && s[2] == 't' && s[3] == 'p' && s[4] == ':')117 return false;118 if (s[0] == 'f' && s[1] == 'i' && s[2] == 'l' && s[3] == 'e' && s[4] == ':')119 return true;120 }121 122 size_t loc = url.find(':');123 if (loc == notFound)124 return false;125 126 String scheme = url.left(loc);127 return localURLSchemes().contains(scheme);128 }129 130 110 bool SchemeRegistry::shouldTreatURLSchemeAsLocal(const String& scheme) 131 111 { -
trunk/Source/WebCore/platform/SchemeRegistry.h
r75455 r75557 42 42 43 43 static bool shouldTreatURLSchemeAsLocal(const String&); 44 static bool deprecatedShouldTreatURLAsLocal(const String&);45 44 46 45 // Secure schemes do not trigger mixed content warnings. For example,
Note: See TracChangeset
for help on using the changeset viewer.