Chromium Code Reviews Chromium Code Reviews
Issue 1180923003:
Add window access checks for Suborigins (Closed)
Base URL: https://chromium.googlesource.com/chromium/blink.git@master| OLD | NEW |
|---|---|
| 1 /* | 1 /* |
| 2 * Copyright (C) 2007, 2008 Apple Inc. All rights reserved. | 2 * Copyright (C) 2007, 2008 Apple Inc. All rights reserved. |
| 3 * | 3 * |
| 4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
| 5 * modification, are permitted provided that the following conditions | 5 * modification, are permitted provided that the following conditions |
| 6 * are met: | 6 * are met: |
| 7 * | 7 * |
| 8 * 1. Redistributions of source code must retain the above copyright | 8 * 1. Redistributions of source code must retain the above copyright |
| 9 * notice, this list of conditions and the following disclaimer. | 9 * notice, this list of conditions and the following disclaimer. |
| 10 * 2. Redistributions in binary form must reproduce the above copyright | 10 * 2. Redistributions in binary form must reproduce the above copyright |
| (...skipping 74 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 85 // Returns true if a given URL is secure, based either directly on its | 85 // Returns true if a given URL is secure, based either directly on its |
| 86 // own protocol, or, when relevant, on the protocol of its "inner URL" | 86 // own protocol, or, when relevant, on the protocol of its "inner URL" |
| 87 // Protocols like blob: and filesystem: fall into this latter category. | 87 // Protocols like blob: and filesystem: fall into this latter category. |
| 88 static bool isSecure(const KURL&); | 88 static bool isSecure(const KURL&); |
| 89 | 89 |
| 90 // Returns true if this SecurityOrigin can script objects in the given | 90 // Returns true if this SecurityOrigin can script objects in the given |
| 91 // SecurityOrigin. For example, call this function before allowing | 91 // SecurityOrigin. For example, call this function before allowing |
| 92 // script from one security origin to read or write objects from | 92 // script from one security origin to read or write objects from |
| 93 // another SecurityOrigin. | 93 // another SecurityOrigin. |
| 94 bool canAccess(const SecurityOrigin*) const; | 94 bool canAccess(const SecurityOrigin*) const; |
| 95 // Same as canAccess, except that it adds an additional check to make sure | |
|
jochen (gone - plz use gerrit)
2015/06/12 12:50:24
maybe add some words for developers to figure out
jww
2015/06/12 15:40:44
I've added some clarifications to the comments. Fo
| |
| 96 // that the SecurityOrigins have the same suborigin name. | |
| 97 bool canAccessCheckSuborigins(const SecurityOrigin*) const; | |
| 95 | 98 |
| 96 // Returns true if this SecurityOrigin can read content retrieved from | 99 // Returns true if this SecurityOrigin can read content retrieved from |
| 97 // the given URL. For example, call this function before issuing | 100 // the given URL. For example, call this function before issuing |
| 98 // XMLHttpRequests. | 101 // XMLHttpRequests. |
| 99 bool canRequest(const KURL&) const; | 102 bool canRequest(const KURL&) const; |
| 103 // Same as canRequest, except that it adds an additional check to make sure | |
| 104 // that the SecurityOrigin does not have a suborigin name. | |
| 105 bool canRequestNoSuborigin(const KURL&) const; | |
| 100 | 106 |
| 101 // Returns true if drawing an image from this URL taints a canvas from | 107 // Returns true if drawing an image from this URL taints a canvas from |
| 102 // this security origin. For example, call this function before | 108 // this security origin. For example, call this function before |
| 103 // drawing an image onto an HTML canvas element with the drawImage API. | 109 // drawing an image onto an HTML canvas element with the drawImage API. |
| 104 bool taintsCanvas(const KURL&) const; | 110 bool taintsCanvas(const KURL&) const; |
| 105 | 111 |
| 106 // Returns true if this SecurityOrigin can receive drag content from the | 112 // Returns true if this SecurityOrigin can receive drag content from the |
| 107 // initiator. For example, call this function before allowing content to be | 113 // initiator. For example, call this function before allowing content to be |
| 108 // dropped onto a target. | 114 // dropped onto a target. |
| 109 bool canReceiveDragData(const SecurityOrigin* dragInitiator) const; | 115 bool canReceiveDragData(const SecurityOrigin* dragInitiator) const; |
| (...skipping 89 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 199 AtomicString toAtomicString() const; | 205 AtomicString toAtomicString() const; |
| 200 | 206 |
| 201 // Similar to toString(), but does not take into account any factors that | 207 // Similar to toString(), but does not take into account any factors that |
| 202 // could make the string return "null". | 208 // could make the string return "null". |
| 203 String toRawString() const; | 209 String toRawString() const; |
| 204 AtomicString toRawAtomicString() const; | 210 AtomicString toRawAtomicString() const; |
| 205 | 211 |
| 206 // This method checks for equality, ignoring the value of document.domain | 212 // This method checks for equality, ignoring the value of document.domain |
| 207 // (and whether it was set) but considering the host. It is used for postMes sage. | 213 // (and whether it was set) but considering the host. It is used for postMes sage. |
| 208 bool isSameSchemeHostPort(const SecurityOrigin*) const; | 214 bool isSameSchemeHostPort(const SecurityOrigin*) const; |
| 215 bool isSameSchemeHostPortAndSuborigin(const SecurityOrigin*) const; | |
| 209 | 216 |
| 210 bool needsDatabaseIdentifierQuirkForFiles() const { return m_needsDatabaseId entifierQuirkForFiles; } | 217 bool needsDatabaseIdentifierQuirkForFiles() const { return m_needsDatabaseId entifierQuirkForFiles; } |
| 211 | 218 |
| 212 static const KURL& urlWithUniqueSecurityOrigin(); | 219 static const KURL& urlWithUniqueSecurityOrigin(); |
| 213 | 220 |
| 214 // Transfer origin privileges from another security origin. | 221 // Transfer origin privileges from another security origin. |
| 215 // The following privileges are currently copied over: | 222 // The following privileges are currently copied over: |
| 216 // | 223 // |
| 217 // - Grant universal access. | 224 // - Grant universal access. |
| 218 // - Grant loading of local resources. | 225 // - Grant loading of local resources. |
| 219 // - Use path-based file:// origins. | 226 // - Use path-based file:// origins. |
| 220 // | 227 // |
| 221 // Note: It is dangerous to change the privileges of an origin | 228 // Note: It is dangerous to change the privileges of an origin |
| 222 // at any other time than during initialization. | 229 // at any other time than during initialization. |
| 223 void transferPrivilegesFrom(const SecurityOrigin&); | 230 void transferPrivilegesFrom(const SecurityOrigin&); |
| 224 | 231 |
| 225 private: | 232 private: |
| 226 // FIXME: After the merge with the Chromium repo, this should be refactored | 233 // FIXME: After the merge with the Chromium repo, this should be refactored |
| 227 // to use FRIEND_TEST in base/gtest_prod_util.h. | 234 // to use FRIEND_TEST in base/gtest_prod_util.h. |
| 228 friend class SecurityOriginTest; | 235 friend class SecurityOriginTest; |
| 229 friend class SecurityOriginTest_Suborigins_Test; | 236 friend class SecurityOriginTest_Suborigins_Test; |
| 230 friend class SecurityOriginTest_SuboriginsParsing_Test; | 237 friend class SecurityOriginTest_SuboriginsParsing_Test; |
| 238 friend class SecurityOriginTest_SuboriginsIsSameSchemeHostPortAndSuborigin_T est; | |
| 231 | 239 |
| 232 SecurityOrigin(); | 240 SecurityOrigin(); |
| 233 explicit SecurityOrigin(const KURL&); | 241 explicit SecurityOrigin(const KURL&); |
| 234 explicit SecurityOrigin(const SecurityOrigin*); | 242 explicit SecurityOrigin(const SecurityOrigin*); |
| 235 | 243 |
| 236 // FIXME: Rename this function to something more semantic. | 244 // FIXME: Rename this function to something more semantic. |
| 237 bool passesFileCheck(const SecurityOrigin*) const; | 245 bool passesFileCheck(const SecurityOrigin*) const; |
| 238 void buildRawString(StringBuilder&) const; | 246 void buildRawString(StringBuilder&) const; |
| 239 | 247 |
| 240 static bool deserializeSuboriginAndHost(const String&, String&, String&); | 248 static bool deserializeSuboriginAndHost(const String&, String&, String&); |
| 241 | 249 |
| 242 String m_protocol; | 250 String m_protocol; |
| 243 String m_host; | 251 String m_host; |
| 244 String m_domain; | 252 String m_domain; |
| 245 String m_suboriginName; | 253 String m_suboriginName; |
| 246 unsigned short m_port; | 254 unsigned short m_port; |
| 247 bool m_isUnique; | 255 bool m_isUnique; |
| 248 bool m_universalAccess; | 256 bool m_universalAccess; |
| 249 bool m_domainWasSetInDOM; | 257 bool m_domainWasSetInDOM; |
| 250 bool m_canLoadLocalResources; | 258 bool m_canLoadLocalResources; |
| 251 bool m_enforceFilePathSeparation; | 259 bool m_enforceFilePathSeparation; |
| 252 bool m_needsDatabaseIdentifierQuirkForFiles; | 260 bool m_needsDatabaseIdentifierQuirkForFiles; |
| 253 }; | 261 }; |
| 254 | 262 |
| 255 } // namespace blink | 263 } // namespace blink |
| 256 | 264 |
| 257 #endif // SecurityOrigin_h | 265 #endif // SecurityOrigin_h |
| OLD | NEW |
