Changeset 87459 in webkit
- Timestamp:
- May 26, 2011 6:16:57 PM (13 years ago)
- Location:
- trunk
- Files:
-
- 4 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/LayoutTests/ChangeLog
r87457 r87459 1 2011-05-26 James Kozianski <koz@chromium.org> 2 3 Reviewed by Eric Seidel. 4 5 Implement a whitelist for registerProtocolHandler. 6 7 Described in the thread here 8 http://lists.whatwg.org/htdig.cgi/whatwg-whatwg.org/2011-April/031220.html 9 10 https://bugs.webkit.org/show_bug.cgi?id=60322 11 12 * fast/dom/register-protocol-handler.html: 13 1 14 2011-05-26 Adam Klein <adamk@chromium.org> 2 15 -
trunk/LayoutTests/fast/dom/register-protocol-handler.html
r77607 r87459 37 37 var succeeded = false; 38 38 try { 39 window.navigator.registerProtocolHandler(' myprotocol', url, 'title');39 window.navigator.registerProtocolHandler('web+myprotocol', url, 'title'); 40 40 } catch (e) { 41 41 succeeded = 'SYNTAX_ERR' == e.name; … … 51 51 var succeeded = true; 52 52 try { 53 window.navigator.registerProtocolHandler(' myprotocol', "%s", "title");53 window.navigator.registerProtocolHandler('web+myprotocol', "%s", "title"); 54 54 } catch (e) { 55 55 succeeded = false; -
trunk/Source/WebCore/ChangeLog
r87453 r87459 1 2011-05-26 James Kozianski <koz@chromium.org> 2 3 Reviewed by Eric Seidel. 4 5 Implement a whitelist for registerProtocolHandler 6 https://bugs.webkit.org/show_bug.cgi?id=60322 7 8 * page/Navigator.cpp: 9 (WebCore::initProtocolHandlerWhitelist): 10 (WebCore::isProtocolWhitelisted): 11 (WebCore::verifyProtocolHandlerScheme): 12 1 13 2011-05-26 Annie Sullivan <sullivan@chromium.org> 2 14 -
trunk/Source/WebCore/page/Navigator.cpp
r86583 r87459 45 45 #include "Settings.h" 46 46 #include "StorageNamespace.h" 47 #include <wtf/HashSet.h> 47 48 #include <wtf/StdLibExtras.h> 48 49 … … 184 185 185 186 #if ENABLE(REGISTER_PROTOCOL_HANDLER) 187 static HashSet<String>* protocolWhitelist; 188 189 static void initProtocolHandlerWhitelist() 190 { 191 protocolWhitelist = new HashSet<String>; 192 static const char* protocols[] = { 193 "mailto", 194 "mms", 195 "nntp", 196 "rtsp", 197 "webcal", 198 }; 199 for (size_t i = 0; i < WTF_ARRAY_LENGTH(protocols); ++i) 200 protocolWhitelist->add(protocols[i]); 201 } 202 186 203 static bool verifyCustomHandlerURL(const String& baseURL, const String& url, ExceptionCode& ec) 187 204 { … … 211 228 } 212 229 230 static bool isProtocolWhitelisted(const String& scheme) 231 { 232 if (!protocolWhitelist) 233 initProtocolHandlerWhitelist(); 234 return protocolWhitelist->contains(scheme); 235 } 236 213 237 static bool verifyProtocolHandlerScheme(const String& scheme, ExceptionCode& ec) 214 238 { 215 // It is a SECURITY_ERR for these schemes to be handled by a custom handler. 216 if (equalIgnoringCase(scheme, "http") || equalIgnoringCase(scheme, "https") || equalIgnoringCase(scheme, "file")) { 239 if (scheme.startsWith("web+")) { 240 if (isValidProtocol(scheme)) 241 return true; 217 242 ec = SECURITY_ERR; 218 243 return false; 219 244 } 220 return true; 245 246 if (isProtocolWhitelisted(scheme)) 247 return true; 248 ec = SECURITY_ERR; 249 return false; 221 250 } 222 251
Note: See TracChangeset
for help on using the changeset viewer.