Changeset 96550 in webkit


Ignore:
Timestamp:
Oct 3, 2011 3:35:34 PM (12 years ago)
Author:
weinig@apple.com
Message:

Move ContentSecurityPolicy to the ScriptExecutionContext to prepare it for working with XHR and workers
https://bugs.webkit.org/show_bug.cgi?id=69294

Reviewed by Darin Adler.

  • dom/Document.cpp:

(WebCore::Document::initSecurityContext):
Initialize the ContentSecurityPolicy by calling down to the ScriptExecutionContext.

  • dom/Document.h:

Move the ContentSecurityPolicy member and getter from here to ScriptExecutionContext.h.

  • dom/ScriptExecutionContext.cpp:

(WebCore::ScriptExecutionContext::setContentSecurityPolicy):

  • dom/ScriptExecutionContext.h:

(WebCore::ScriptExecutionContext::contentSecurityPolicy):
Add ContentSecurityPolicy member and getter/setter.

  • page/ContentSecurityPolicy.cpp:

(WebCore::ContentSecurityPolicy::ContentSecurityPolicy):
(WebCore::ContentSecurityPolicy::didReceiveHeader):
(WebCore::ContentSecurityPolicy::reportViolation):
(WebCore::ContentSecurityPolicy::parseReportURI):
(WebCore::ContentSecurityPolicy::createCSPDirective):

  • page/ContentSecurityPolicy.h:

(WebCore::ContentSecurityPolicy::create):
Replace Document with ScriptExecutionContext. Add temporary checked casts to document
where necessary.

  • workers/WorkerContext.cpp:

(WebCore::WorkerContext::WorkerContext):
Add initialization of the ContentSecurityPolicy.

Location:
trunk/Source/WebCore
Files:
8 edited

Legend:

Unmodified
Added
Removed
  • trunk/Source/WebCore/ChangeLog

    r96549 r96550  
     12011-10-03  Sam Weinig  <sam@webkit.org>
     2
     3        Move ContentSecurityPolicy to the ScriptExecutionContext to prepare it for working with XHR and workers
     4        https://bugs.webkit.org/show_bug.cgi?id=69294
     5
     6        Reviewed by Darin Adler.
     7
     8        * dom/Document.cpp:
     9        (WebCore::Document::initSecurityContext):
     10        Initialize the ContentSecurityPolicy by calling down to the ScriptExecutionContext.
     11
     12        * dom/Document.h:
     13        Move the ContentSecurityPolicy member and getter from here to ScriptExecutionContext.h.
     14
     15        * dom/ScriptExecutionContext.cpp:
     16        (WebCore::ScriptExecutionContext::setContentSecurityPolicy):
     17        * dom/ScriptExecutionContext.h:
     18        (WebCore::ScriptExecutionContext::contentSecurityPolicy):
     19        Add ContentSecurityPolicy member and getter/setter.
     20
     21        * page/ContentSecurityPolicy.cpp:
     22        (WebCore::ContentSecurityPolicy::ContentSecurityPolicy):
     23        (WebCore::ContentSecurityPolicy::didReceiveHeader):
     24        (WebCore::ContentSecurityPolicy::reportViolation):
     25        (WebCore::ContentSecurityPolicy::parseReportURI):
     26        (WebCore::ContentSecurityPolicy::createCSPDirective):
     27        * page/ContentSecurityPolicy.h:
     28        (WebCore::ContentSecurityPolicy::create):
     29        Replace Document with ScriptExecutionContext. Add temporary checked casts to document
     30        where necessary.
     31
     32        * workers/WorkerContext.cpp:
     33        (WebCore::WorkerContext::WorkerContext):
     34        Add initialization of the ContentSecurityPolicy.
     35
    1362011-10-03  Anders Carlsson  <andersca@apple.com>
    237
  • trunk/Source/WebCore/dom/Document.cpp

    r96127 r96550  
    45034503        m_cookieURL = KURL(ParsedURLString, "");
    45044504        ScriptExecutionContext::setSecurityOrigin(SecurityOrigin::createEmpty());
    4505         m_contentSecurityPolicy = ContentSecurityPolicy::create(this);
     4505        ScriptExecutionContext::setContentSecurityPolicy(ContentSecurityPolicy::create(this));
    45064506        return;
    45074507    }
     
    45114511    m_cookieURL = m_url;
    45124512    ScriptExecutionContext::setSecurityOrigin(SecurityOrigin::create(m_url, m_frame->loader()->sandboxFlags()));
    4513     m_contentSecurityPolicy = ContentSecurityPolicy::create(this);
     4513    ScriptExecutionContext::setContentSecurityPolicy(ContentSecurityPolicy::create(this));
    45144514
    45154515    if (SecurityOrigin::allowSubstituteDataAccessToLocal()) {
     
    45584558        ScriptExecutionContext::setSecurityOrigin(ownerFrame->document()->securityOrigin());
    45594559        // FIXME: Consider moving m_contentSecurityPolicy into SecurityOrigin.
    4560         m_contentSecurityPolicy = ownerFrame->document()->contentSecurityPolicy();
     4560        ScriptExecutionContext::setContentSecurityPolicy(ownerFrame->document()->contentSecurityPolicy());
    45614561    }
    45624562}
  • trunk/Source/WebCore/dom/Document.h

    r96260 r96550  
    6666class CharacterData;
    6767class Comment;
    68 class ContentSecurityPolicy;
    6968class DOMImplementation;
    7069class DOMSelection;
     
    10931092    void initDNSPrefetch();
    10941093
    1095     ContentSecurityPolicy* contentSecurityPolicy() { return m_contentSecurityPolicy.get(); }
    1096 
    10971094    unsigned wheelEventHandlerCount() const { return m_wheelEventHandlerCount; }
    10981095    void didAddWheelEventHandler();
     
    14071404    OwnPtr<ScriptedAnimationController> m_scriptedAnimationController;
    14081405#endif
    1409 
    1410     RefPtr<ContentSecurityPolicy> m_contentSecurityPolicy;
    14111406};
    14121407
  • trunk/Source/WebCore/dom/ScriptExecutionContext.cpp

    r95271 r96550  
    3131#include "Blob.h"
    3232#include "BlobURL.h"
     33#include "ContentSecurityPolicy.h"
    3334#include "DOMTimer.h"
    3435#include "DOMURL.h"
     
    316317}
    317318
     319void ScriptExecutionContext::setContentSecurityPolicy(PassRefPtr<ContentSecurityPolicy> contentSecurityPolicy)
     320{
     321    m_contentSecurityPolicy = contentSecurityPolicy;
     322}
     323
    318324bool ScriptExecutionContext::sanitizeScriptError(String& errorMessage, int& lineNumber, String& sourceURL)
    319325{
  • trunk/Source/WebCore/dom/ScriptExecutionContext.h

    r95271 r96550  
    4949
    5050    class Blob;
     51    class ContentSecurityPolicy;
    5152    class DOMTimer;
    5253    class DOMURL;
     
    9798
    9899        SecurityOrigin* securityOrigin() const { return m_securityOrigin.get(); }
     100        ContentSecurityPolicy* contentSecurityPolicy() { return m_contentSecurityPolicy.get(); }
    99101
    100102        bool sanitizeScriptError(String& errorMessage, int& lineNumber, String& sourceURL);
     
    175177        void setSecurityOrigin(PassRefPtr<SecurityOrigin>);
    176178
     179        void setContentSecurityPolicy(PassRefPtr<ContentSecurityPolicy>);
     180
    177181    private:
    178182        virtual const KURL& virtualURL() const = 0;
     
    186190
    187191        RefPtr<SecurityOrigin> m_securityOrigin;
     192        RefPtr<ContentSecurityPolicy> m_contentSecurityPolicy;
    188193
    189194        HashSet<MessagePort*> m_messagePorts;
  • trunk/Source/WebCore/page/ContentSecurityPolicy.cpp

    r96239 r96550  
    464464};
    465465
    466 ContentSecurityPolicy::ContentSecurityPolicy(Document* document)
     466ContentSecurityPolicy::ContentSecurityPolicy(ScriptExecutionContext* scriptExecutionContext)
    467467    : m_havePolicy(false)
    468     , m_document(document)
     468    , m_scriptExecutionContext(scriptExecutionContext)
    469469    , m_reportOnly(false)
    470470{
     
    493493
    494494    if (!checkEval(operativeDirective(m_scriptSrc.get()))) {
    495         if (Frame* frame = m_document->frame())
    496             frame->script()->disableEval();
     495        // FIXME: Support disabling eval for Workers.
     496        if (m_scriptExecutionContext->isDocument()) {
     497            if (Frame* frame = static_cast<Document*>(m_scriptExecutionContext)->frame())
     498                frame->script()->disableEval();
     499        }
    497500    }
    498501}
     
    500503void ContentSecurityPolicy::reportViolation(const String& directiveText, const String& consoleMessage) const
    501504{
    502     Frame* frame = m_document->frame();
     505    // FIXME: Support reporting violations for Workers.
     506    if (!m_scriptExecutionContext->isDocument())
     507        return;
     508
     509    Document* document = static_cast<Document*>(m_scriptExecutionContext);
     510    Frame* frame = document->frame();
    503511    if (!frame)
    504512        return;
     
    521529
    522530    FormDataList reportList(UTF8Encoding());
    523     reportList.appendData("document-url", m_document->url());
     531    reportList.appendData("document-url", document->url());
    524532    if (!directiveText.isEmpty())
    525533        reportList.appendData("violated-directive", directiveText);
     
    721729        if (urlBegin < position) {
    722730            String url = String(urlBegin, position - urlBegin);
    723             m_reportURLs.append(m_document->completeURL(url));
     731            m_reportURLs.append(m_scriptExecutionContext->completeURL(url));
    724732        }
    725733    }
     
    728736PassOwnPtr<CSPDirective> ContentSecurityPolicy::createCSPDirective(const String& name, const String& value)
    729737{
    730     return adoptPtr(new CSPDirective(name, value, m_document->securityOrigin()));
     738    return adoptPtr(new CSPDirective(name, value, m_scriptExecutionContext->securityOrigin()));
    731739}
    732740
  • trunk/Source/WebCore/page/ContentSecurityPolicy.h

    r95901 r96550  
    3333
    3434class CSPDirective;
    35 class Document;
     35class ScriptExecutionContext;
    3636class KURL;
    3737
    3838class ContentSecurityPolicy : public RefCounted<ContentSecurityPolicy> {
    3939public:
    40     static PassRefPtr<ContentSecurityPolicy> create(Document* document)
     40    static PassRefPtr<ContentSecurityPolicy> create(ScriptExecutionContext* scriptExecutionContext)
    4141    {
    42         return adoptRef(new ContentSecurityPolicy(document));
     42        return adoptRef(new ContentSecurityPolicy(scriptExecutionContext));
    4343    }
    4444    ~ContentSecurityPolicy();
     
    6666
    6767private:
    68     explicit ContentSecurityPolicy(Document*);
     68    explicit ContentSecurityPolicy(ScriptExecutionContext*);
    6969
    7070    void parse(const String&);
     
    8686
    8787    bool m_havePolicy;
    88     Document* m_document;
     88    ScriptExecutionContext* m_scriptExecutionContext;
    8989
    9090    bool m_reportOnly;
  • trunk/Source/WebCore/workers/WorkerContext.cpp

    r95271 r96550  
    3434#include "AbstractDatabase.h"
    3535#include "ActiveDOMObject.h"
     36#include "ContentSecurityPolicy.h"
    3637#include "Database.h"
    3738#include "DatabaseCallback.h"
     
    115116{
    116117    setSecurityOrigin(SecurityOrigin::create(url));
     118   
     119    // FIXME: This should probably adopt the ContentSecurityPolicy of the document
     120    // that created this worker or use the header that came with the worker script.
     121    setContentSecurityPolicy(ContentSecurityPolicy::create(this));
    117122}
    118123
Note: See TracChangeset for help on using the changeset viewer.