Changeset 75557 in webkit


Ignore:
Timestamp:
Jan 11, 2011 2:53:39 PM (13 years ago)
Author:
abarth@webkit.org
Message:

2011-01-11 Adam Barth <abarth@webkit.org>

Reviewed by Eric Seidel.

Introduce the notion of a "display-isolated" URL scheme for use by
Chrome-internal URLs
https://bugs.webkit.org/show_bug.cgi?id=50182

This patch actually makes the display-isolated schemes display
isolated. The behavior should be the same as the previous iteration of
this patch, but re-organized a bit because reading the access white
list is expensive.

  • page/SecurityOrigin.cpp: (WebCore::SecurityOrigin::isAccessToURLWhiteListed): (WebCore::SecurityOrigin::canDisplay):
  • page/SecurityOrigin.h:
  • platform/SchemeRegistry.cpp:
  • platform/SchemeRegistry.h:
Location:
trunk/Source/WebCore
Files:
5 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/WebCore/ChangeLog

    r75555 r75557  
     12011-01-11  Adam Barth  <abarth@webkit.org>
     2
     3        Reviewed by Eric Seidel.
     4
     5        Introduce the notion of a "display-isolated" URL scheme for use by
     6        Chrome-internal URLs
     7        https://bugs.webkit.org/show_bug.cgi?id=50182
     8
     9        This patch actually makes the display-isolated schemes display
     10        isolated.  The behavior should be the same as the previous iteration of
     11        this patch, but re-organized a bit because reading the access white
     12        list is expensive.
     13
     14        * page/SecurityOrigin.cpp:
     15        (WebCore::SecurityOrigin::isAccessToURLWhiteListed):
     16        (WebCore::SecurityOrigin::canDisplay):
     17        * page/SecurityOrigin.h:
     18        * platform/SchemeRegistry.cpp:
     19        * platform/SchemeRegistry.h:
     20
    1212011-01-11  Mihai Parparita  <mihaip@chromium.org>
    222

  • trunk/Source/WebCore/page/SecurityOrigin.cpp

    r75455 r75557  
    300300    return false;
    301301}
    302  
     302
     303bool SecurityOrigin::isAccessToURLWhiteListed(const KURL& url) const
     304{
     305    RefPtr<SecurityOrigin> targetOrigin = SecurityOrigin::create(url);
     306    return isAccessWhiteListed(targetOrigin.get());
     307}
     308
    303309bool SecurityOrigin::canDisplay(const KURL& url) const
    304310{
     311    String protocol = url.protocol().lower();
     312
    305313#if ENABLE(BLOB)
    306314    // FIXME: We should generalize this check.
    307     if (url.protocolIs(BlobURL::blobProtocol()))
     315    if (protocol == BlobURL::blobProtocol())
    308316        return canRequest(url);
    309317#endif
    310318
    311     if (!restrictAccessToLocal())
    312         return true;
    313 
    314     // FIXME: I suspect this check is incorrect because url has not necessarily
    315     //        been canonicalized.
    316     if (!SchemeRegistry::deprecatedShouldTreatURLAsLocal(url.string()))
    317         return true;
    318 
    319     RefPtr<SecurityOrigin> targetOrigin = SecurityOrigin::create(url);
    320     if (isAccessWhiteListed(targetOrigin.get()))
    321         return true;
    322 
    323     return canLoadLocalResources();
     319    if (SchemeRegistry::shouldTreatURLSchemeAsDisplayIsolated(protocol))
     320        return m_protocol == protocol || isAccessToURLWhiteListed(url);
     321
     322    if (restrictAccessToLocal() && SchemeRegistry::shouldTreatURLSchemeAsLocal(protocol))
     323        return canLoadLocalResources() || isAccessToURLWhiteListed(url);
     324
     325    return true;
    324326}
    325327

  • trunk/Source/WebCore/page/SecurityOrigin.h

    r74597 r75557  
    194194    explicit SecurityOrigin(const SecurityOrigin*);
    195195
    196     bool passesFileCheck(const SecurityOrigin* other) const;
    197 
    198     bool isAccessWhiteListed(const SecurityOrigin* targetOrigin) const;
     196    // FIXME: Rename this function to something more semantic.
     197    bool passesFileCheck(const SecurityOrigin*) const;
     198
     199    bool isAccessWhiteListed(const SecurityOrigin*) const;
     200    bool isAccessToURLWhiteListed(const KURL&) const;
    199201
    200202    SandboxFlags m_sandboxFlags;

  • trunk/Source/WebCore/platform/SchemeRegistry.cpp

    r75455 r75557  
    108108}
    109109
    110 bool SchemeRegistry::deprecatedShouldTreatURLAsLocal(const String& url)
    111 {
    112     // This avoids an allocation of another String and the HashSet contains()
    113     // call for the file: and http: schemes.
    114     if (url.length() >= 5) {
    115         const UChar* s = url.characters();
    116         if (s[0] == 'h' && s[1] == 't' && s[2] == 't' && s[3] == 'p' && s[4] == ':')
    117             return false;
    118         if (s[0] == 'f' && s[1] == 'i' && s[2] == 'l' && s[3] == 'e' && s[4] == ':')
    119             return true;
    120     }
    121 
    122     size_t loc = url.find(':');
    123     if (loc == notFound)
    124         return false;
    125 
    126     String scheme = url.left(loc);
    127     return localURLSchemes().contains(scheme);
    128 }
    129 
    130110bool SchemeRegistry::shouldTreatURLSchemeAsLocal(const String& scheme)
    131111{

  • trunk/Source/WebCore/platform/SchemeRegistry.h

    r75455 r75557  
    4242
    4343    static bool shouldTreatURLSchemeAsLocal(const String&);
    44     static bool deprecatedShouldTreatURLAsLocal(const String&);
    4544
    4645    // Secure schemes do not trigger mixed content warnings. For example,
Note: See TracChangeset for help on using the changeset viewer.