Changeset 87459 in webkit


Ignore:
Timestamp:
May 26, 2011 6:16:57 PM (13 years ago)
Author:
koz@chromium.org
Message:

2011-05-26 James Kozianski <koz@chromium.org>

Reviewed by Eric Seidel.

Implement a whitelist for registerProtocolHandler.

Described in the thread here
http://lists.whatwg.org/htdig.cgi/whatwg-whatwg.org/2011-April/031220.html

https://bugs.webkit.org/show_bug.cgi?id=60322

  • fast/dom/register-protocol-handler.html:

2011-05-26 James Kozianski <koz@chromium.org>

Reviewed by Eric Seidel.

Implement a whitelist for registerProtocolHandler
https://bugs.webkit.org/show_bug.cgi?id=60322

  • page/Navigator.cpp: (WebCore::initProtocolHandlerWhitelist): (WebCore::isProtocolWhitelisted): (WebCore::verifyProtocolHandlerScheme):
Location:
trunk
Files:
4 edited

Legend:

Unmodified
Added
Removed
  • trunk/LayoutTests/ChangeLog

    r87457 r87459  
     12011-05-26  James Kozianski  <koz@chromium.org>
     2
     3        Reviewed by Eric Seidel.
     4
     5        Implement a whitelist for registerProtocolHandler.
     6
     7        Described in the thread here
     8        http://lists.whatwg.org/htdig.cgi/whatwg-whatwg.org/2011-April/031220.html
     9
     10        https://bugs.webkit.org/show_bug.cgi?id=60322
     11
     12        * fast/dom/register-protocol-handler.html:
     13
    1142011-05-26  Adam Klein  <adamk@chromium.org>
    215
  • trunk/LayoutTests/fast/dom/register-protocol-handler.html

    r77607 r87459  
    3737   var succeeded = false;
    3838   try {
    39         window.navigator.registerProtocolHandler('myprotocol', url, 'title');
     39        window.navigator.registerProtocolHandler('web+myprotocol', url, 'title');
    4040    } catch (e) {
    4141        succeeded = 'SYNTAX_ERR' == e.name;
     
    5151var succeeded = true;
    5252try {
    53     window.navigator.registerProtocolHandler('myprotocol', "%s", "title");
     53    window.navigator.registerProtocolHandler('web+myprotocol', "%s", "title");
    5454} catch (e) {
    5555    succeeded = false;
  • trunk/Source/WebCore/ChangeLog

    r87453 r87459  
     12011-05-26  James Kozianski  <koz@chromium.org>
     2
     3        Reviewed by Eric Seidel.
     4
     5        Implement a whitelist for registerProtocolHandler
     6        https://bugs.webkit.org/show_bug.cgi?id=60322
     7
     8        * page/Navigator.cpp:
     9        (WebCore::initProtocolHandlerWhitelist):
     10        (WebCore::isProtocolWhitelisted):
     11        (WebCore::verifyProtocolHandlerScheme):
     12
    1132011-05-26  Annie Sullivan  <sullivan@chromium.org>
    214
  • trunk/Source/WebCore/page/Navigator.cpp

    r86583 r87459  
    4545#include "Settings.h"
    4646#include "StorageNamespace.h"
     47#include <wtf/HashSet.h>
    4748#include <wtf/StdLibExtras.h>
    4849
     
    184185
    185186#if ENABLE(REGISTER_PROTOCOL_HANDLER)
     187static HashSet<String>* protocolWhitelist;
     188
     189static void initProtocolHandlerWhitelist()
     190{
     191    protocolWhitelist = new HashSet<String>;
     192    static const char* protocols[] = {
     193        "mailto",
     194        "mms",
     195        "nntp",
     196        "rtsp",
     197        "webcal",
     198    };
     199    for (size_t i = 0; i < WTF_ARRAY_LENGTH(protocols); ++i)
     200        protocolWhitelist->add(protocols[i]);
     201}
     202
    186203static bool verifyCustomHandlerURL(const String& baseURL, const String& url, ExceptionCode& ec)
    187204{
     
    211228}
    212229
     230static bool isProtocolWhitelisted(const String& scheme)
     231{
     232    if (!protocolWhitelist)
     233        initProtocolHandlerWhitelist();
     234    return protocolWhitelist->contains(scheme);
     235}
     236
    213237static bool verifyProtocolHandlerScheme(const String& scheme, ExceptionCode& ec)
    214238{
    215     // It is a SECURITY_ERR for these schemes to be handled by a custom handler.
    216     if (equalIgnoringCase(scheme, "http") || equalIgnoringCase(scheme, "https") || equalIgnoringCase(scheme, "file")) {
     239    if (scheme.startsWith("web+")) {
     240        if (isValidProtocol(scheme))
     241            return true;
    217242        ec = SECURITY_ERR;
    218243        return false;
    219244    }
    220     return true;
     245
     246    if (isProtocolWhitelisted(scheme))
     247        return true;
     248    ec = SECURITY_ERR;
     249    return false;
    221250}
    222251
Note: See TracChangeset for help on using the changeset viewer.