Changeset 96550 in webkit
- Timestamp:
- Oct 3, 2011 3:35:34 PM (12 years ago)
- Location:
- trunk/Source/WebCore
- Files:
-
- 8 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/Source/WebCore/ChangeLog
r96549 r96550 1 2011-10-03 Sam Weinig <sam@webkit.org> 2 3 Move ContentSecurityPolicy to the ScriptExecutionContext to prepare it for working with XHR and workers 4 https://bugs.webkit.org/show_bug.cgi?id=69294 5 6 Reviewed by Darin Adler. 7 8 * dom/Document.cpp: 9 (WebCore::Document::initSecurityContext): 10 Initialize the ContentSecurityPolicy by calling down to the ScriptExecutionContext. 11 12 * dom/Document.h: 13 Move the ContentSecurityPolicy member and getter from here to ScriptExecutionContext.h. 14 15 * dom/ScriptExecutionContext.cpp: 16 (WebCore::ScriptExecutionContext::setContentSecurityPolicy): 17 * dom/ScriptExecutionContext.h: 18 (WebCore::ScriptExecutionContext::contentSecurityPolicy): 19 Add ContentSecurityPolicy member and getter/setter. 20 21 * page/ContentSecurityPolicy.cpp: 22 (WebCore::ContentSecurityPolicy::ContentSecurityPolicy): 23 (WebCore::ContentSecurityPolicy::didReceiveHeader): 24 (WebCore::ContentSecurityPolicy::reportViolation): 25 (WebCore::ContentSecurityPolicy::parseReportURI): 26 (WebCore::ContentSecurityPolicy::createCSPDirective): 27 * page/ContentSecurityPolicy.h: 28 (WebCore::ContentSecurityPolicy::create): 29 Replace Document with ScriptExecutionContext. Add temporary checked casts to document 30 where necessary. 31 32 * workers/WorkerContext.cpp: 33 (WebCore::WorkerContext::WorkerContext): 34 Add initialization of the ContentSecurityPolicy. 35 1 36 2011-10-03 Anders Carlsson <andersca@apple.com> 2 37 -
trunk/Source/WebCore/dom/Document.cpp
r96127 r96550 4503 4503 m_cookieURL = KURL(ParsedURLString, ""); 4504 4504 ScriptExecutionContext::setSecurityOrigin(SecurityOrigin::createEmpty()); 4505 m_contentSecurityPolicy = ContentSecurityPolicy::create(this);4505 ScriptExecutionContext::setContentSecurityPolicy(ContentSecurityPolicy::create(this)); 4506 4506 return; 4507 4507 } … … 4511 4511 m_cookieURL = m_url; 4512 4512 ScriptExecutionContext::setSecurityOrigin(SecurityOrigin::create(m_url, m_frame->loader()->sandboxFlags())); 4513 m_contentSecurityPolicy = ContentSecurityPolicy::create(this);4513 ScriptExecutionContext::setContentSecurityPolicy(ContentSecurityPolicy::create(this)); 4514 4514 4515 4515 if (SecurityOrigin::allowSubstituteDataAccessToLocal()) { … … 4558 4558 ScriptExecutionContext::setSecurityOrigin(ownerFrame->document()->securityOrigin()); 4559 4559 // FIXME: Consider moving m_contentSecurityPolicy into SecurityOrigin. 4560 m_contentSecurityPolicy = ownerFrame->document()->contentSecurityPolicy();4560 ScriptExecutionContext::setContentSecurityPolicy(ownerFrame->document()->contentSecurityPolicy()); 4561 4561 } 4562 4562 } -
trunk/Source/WebCore/dom/Document.h
r96260 r96550 66 66 class CharacterData; 67 67 class Comment; 68 class ContentSecurityPolicy;69 68 class DOMImplementation; 70 69 class DOMSelection; … … 1093 1092 void initDNSPrefetch(); 1094 1093 1095 ContentSecurityPolicy* contentSecurityPolicy() { return m_contentSecurityPolicy.get(); }1096 1097 1094 unsigned wheelEventHandlerCount() const { return m_wheelEventHandlerCount; } 1098 1095 void didAddWheelEventHandler(); … … 1407 1404 OwnPtr<ScriptedAnimationController> m_scriptedAnimationController; 1408 1405 #endif 1409 1410 RefPtr<ContentSecurityPolicy> m_contentSecurityPolicy;1411 1406 }; 1412 1407 -
trunk/Source/WebCore/dom/ScriptExecutionContext.cpp
r95271 r96550 31 31 #include "Blob.h" 32 32 #include "BlobURL.h" 33 #include "ContentSecurityPolicy.h" 33 34 #include "DOMTimer.h" 34 35 #include "DOMURL.h" … … 316 317 } 317 318 319 void ScriptExecutionContext::setContentSecurityPolicy(PassRefPtr<ContentSecurityPolicy> contentSecurityPolicy) 320 { 321 m_contentSecurityPolicy = contentSecurityPolicy; 322 } 323 318 324 bool ScriptExecutionContext::sanitizeScriptError(String& errorMessage, int& lineNumber, String& sourceURL) 319 325 { -
trunk/Source/WebCore/dom/ScriptExecutionContext.h
r95271 r96550 49 49 50 50 class Blob; 51 class ContentSecurityPolicy; 51 52 class DOMTimer; 52 53 class DOMURL; … … 97 98 98 99 SecurityOrigin* securityOrigin() const { return m_securityOrigin.get(); } 100 ContentSecurityPolicy* contentSecurityPolicy() { return m_contentSecurityPolicy.get(); } 99 101 100 102 bool sanitizeScriptError(String& errorMessage, int& lineNumber, String& sourceURL); … … 175 177 void setSecurityOrigin(PassRefPtr<SecurityOrigin>); 176 178 179 void setContentSecurityPolicy(PassRefPtr<ContentSecurityPolicy>); 180 177 181 private: 178 182 virtual const KURL& virtualURL() const = 0; … … 186 190 187 191 RefPtr<SecurityOrigin> m_securityOrigin; 192 RefPtr<ContentSecurityPolicy> m_contentSecurityPolicy; 188 193 189 194 HashSet<MessagePort*> m_messagePorts; -
trunk/Source/WebCore/page/ContentSecurityPolicy.cpp
r96239 r96550 464 464 }; 465 465 466 ContentSecurityPolicy::ContentSecurityPolicy( Document* document)466 ContentSecurityPolicy::ContentSecurityPolicy(ScriptExecutionContext* scriptExecutionContext) 467 467 : m_havePolicy(false) 468 , m_ document(document)468 , m_scriptExecutionContext(scriptExecutionContext) 469 469 , m_reportOnly(false) 470 470 { … … 493 493 494 494 if (!checkEval(operativeDirective(m_scriptSrc.get()))) { 495 if (Frame* frame = m_document->frame()) 496 frame->script()->disableEval(); 495 // FIXME: Support disabling eval for Workers. 496 if (m_scriptExecutionContext->isDocument()) { 497 if (Frame* frame = static_cast<Document*>(m_scriptExecutionContext)->frame()) 498 frame->script()->disableEval(); 499 } 497 500 } 498 501 } … … 500 503 void ContentSecurityPolicy::reportViolation(const String& directiveText, const String& consoleMessage) const 501 504 { 502 Frame* frame = m_document->frame(); 505 // FIXME: Support reporting violations for Workers. 506 if (!m_scriptExecutionContext->isDocument()) 507 return; 508 509 Document* document = static_cast<Document*>(m_scriptExecutionContext); 510 Frame* frame = document->frame(); 503 511 if (!frame) 504 512 return; … … 521 529 522 530 FormDataList reportList(UTF8Encoding()); 523 reportList.appendData("document-url", m_document->url());531 reportList.appendData("document-url", document->url()); 524 532 if (!directiveText.isEmpty()) 525 533 reportList.appendData("violated-directive", directiveText); … … 721 729 if (urlBegin < position) { 722 730 String url = String(urlBegin, position - urlBegin); 723 m_reportURLs.append(m_ document->completeURL(url));731 m_reportURLs.append(m_scriptExecutionContext->completeURL(url)); 724 732 } 725 733 } … … 728 736 PassOwnPtr<CSPDirective> ContentSecurityPolicy::createCSPDirective(const String& name, const String& value) 729 737 { 730 return adoptPtr(new CSPDirective(name, value, m_ document->securityOrigin()));738 return adoptPtr(new CSPDirective(name, value, m_scriptExecutionContext->securityOrigin())); 731 739 } 732 740 -
trunk/Source/WebCore/page/ContentSecurityPolicy.h
r95901 r96550 33 33 34 34 class CSPDirective; 35 class Document;35 class ScriptExecutionContext; 36 36 class KURL; 37 37 38 38 class ContentSecurityPolicy : public RefCounted<ContentSecurityPolicy> { 39 39 public: 40 static PassRefPtr<ContentSecurityPolicy> create( Document* document)40 static PassRefPtr<ContentSecurityPolicy> create(ScriptExecutionContext* scriptExecutionContext) 41 41 { 42 return adoptRef(new ContentSecurityPolicy( document));42 return adoptRef(new ContentSecurityPolicy(scriptExecutionContext)); 43 43 } 44 44 ~ContentSecurityPolicy(); … … 66 66 67 67 private: 68 explicit ContentSecurityPolicy( Document*);68 explicit ContentSecurityPolicy(ScriptExecutionContext*); 69 69 70 70 void parse(const String&); … … 86 86 87 87 bool m_havePolicy; 88 Document* m_document;88 ScriptExecutionContext* m_scriptExecutionContext; 89 89 90 90 bool m_reportOnly; -
trunk/Source/WebCore/workers/WorkerContext.cpp
r95271 r96550 34 34 #include "AbstractDatabase.h" 35 35 #include "ActiveDOMObject.h" 36 #include "ContentSecurityPolicy.h" 36 37 #include "Database.h" 37 38 #include "DatabaseCallback.h" … … 115 116 { 116 117 setSecurityOrigin(SecurityOrigin::create(url)); 118 119 // FIXME: This should probably adopt the ContentSecurityPolicy of the document 120 // that created this worker or use the header that came with the worker script. 121 setContentSecurityPolicy(ContentSecurityPolicy::create(this)); 117 122 } 118 123
Note: See TracChangeset
for help on using the changeset viewer.