Changeset 84099 in webkit
- Timestamp:
- Apr 16, 2011 7:25:40 PM (13 years ago)
- Location:
- trunk/Source/WebCore
- Files:
-
- 1 added
- 3 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/Source/WebCore/ChangeLog
r84096 r84099 1 2011-04-16 Adam Barth <abarth@webkit.org> 2 3 Reviewed by Sam Weinig. 4 5 about:blank documents in new tabs can XHR anywhere 6 https://bugs.webkit.org/show_bug.cgi?id=58712 7 8 Empty security origins have supposed to be low-privilege, we should 9 mark them as having a unique origin. 10 11 * manual-tests/about-blank-xhr.html: Added. 12 * page/SecurityOrigin.cpp: 13 (WebCore::SecurityOrigin::SecurityOrigin): 14 * page/SecurityOrigin.h: 15 1 16 2011-04-16 Dan Bernstein <mitz@apple.com> 2 17 -
trunk/Source/WebCore/page/SecurityOrigin.cpp
r82311 r84099 103 103 // For edge case URLs that were probably misparsed, make sure that the origin is unique. 104 104 if (schemeRequiresAuthority(m_protocol) && m_host.isEmpty()) 105 m_isUnique = true; 106 if (m_protocol.isEmpty()) 105 107 m_isUnique = true; 106 108 -
trunk/Source/WebCore/page/SecurityOrigin.h
r81567 r84099 134 134 bool isLocal() const; 135 135 136 // The empty SecurityOrigin is the least privileged SecurityOrigin.137 bool isEmpty() const;138 139 136 // The origin is a globally unique identifier assigned when the Document is 140 137 // created. http://www.whatwg.org/specs/web-apps/current-work/#sandboxOrigin … … 144 141 // addition, the SandboxOrigin flag is inherited by iframes. 145 142 bool isUnique() const { return m_isUnique; } 143 144 // The empty SecurityOrigin is a unique security orign (in the sense of 145 // isUnique above) that was created for a "blank" document, such about 146 // about:blank. Empty origins differ from unique origins in that they can 147 // sometimes be replaced by non-empty origins, for example when an 148 // about:blank iframe inherits its security origin from its parent frame. 149 bool isEmpty() const; 146 150 147 151 // Marks a file:// origin as being in a domain defined by its path.
Note: See TracChangeset
for help on using the changeset viewer.