Add window access checks for Suborigins

Source/platform/weborigin/SecurityOrigin.h

 /*
  * Copyright (C) 2007, 2008 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
  *
  * 1.  Redistributions of source code must retain the above copyright
  *     notice, this list of conditions and the following disclaimer.
  * 2.  Redistributions in binary form must reproduce the above copyright
@@ skipping 75 matching lines @@
     // own protocol, or, when relevant, on the protocol of its "inner URL"
     // Protocols like blob: and filesystem: fall into this latter category.
     static bool isSecure(const KURL&);
 
     // Returns true if this SecurityOrigin can script objects in the given
     // SecurityOrigin. For example, call this function before allowing
     // script from one security origin to read or write objects from
     // another SecurityOrigin.
     bool canAccess(const SecurityOrigin*) const;
 
+    // Same as canAccess, except that it adds an additional check to make sure
+    // that the SecurityOrigins have the same suborigin name. If you're not
+    // familiar with Suborigins, you probably want canAccess() for now.
+    // Suborigins is a spec in progress, and where it should be enforced is
+    // still in flux. See https://crbug.com/336894 for more details.
+    bool canAccessCheckSuborigins(const SecurityOrigin*) const;
+
     // Returns true if this SecurityOrigin can read content retrieved from
     // the given URL. For example, call this function before issuing
     // XMLHttpRequests.
     bool canRequest(const KURL&) const;
 
+    // Same as canRequest, except that it adds an additional check to make sure
+    // that the SecurityOrigin does not have a suborigin name. Like with
+    // canAccessCheckSuborigins() above, if you're not familiar with
+    // Suborigins, you probably want canRequest() for now. Suborigins is a spec
+    // in progress, and where it should be enforced is still in flux. See
+    // https://crbug.com/336894 for more details.
+    bool canRequestNoSuborigin(const KURL&) const;
+
     // Returns true if drawing an image from this URL taints a canvas from
     // this security origin. For example, call this function before
     // drawing an image onto an HTML canvas element with the drawImage API.
     bool taintsCanvas(const KURL&) const;
 
     // Returns true if this SecurityOrigin can receive drag content from the
     // initiator. For example, call this function before allowing content to be
     // dropped onto a target.
     bool canReceiveDragData(const SecurityOrigin* dragInitiator) const;
 
@@ skipping 88 matching lines @@
     AtomicString toAtomicString() const;
 
     // Similar to toString(), but does not take into account any factors that
     // could make the string return "null".
     String toRawString() const;
     AtomicString toRawAtomicString() const;
 
     // This method checks for equality, ignoring the value of document.domain
     // (and whether it was set) but considering the host. It is used for postMessage.
     bool isSameSchemeHostPort(const SecurityOrigin*) const;
+    bool isSameSchemeHostPortAndSuborigin(const SecurityOrigin*) const;
 
     bool needsDatabaseIdentifierQuirkForFiles() const { return m_needsDatabaseIdentifierQuirkForFiles; }
 
     static const KURL& urlWithUniqueSecurityOrigin();
 
     // Transfer origin privileges from another security origin.
     // The following privileges are currently copied over:
     //
     //   - Grant universal access.
     //   - Grant loading of local resources.
     //   - Use path-based file:// origins.
     //
     // Note: It is dangerous to change the privileges of an origin
     // at any other time than during initialization.
     void transferPrivilegesFrom(const SecurityOrigin&);
 
 private:
     // FIXME: After the merge with the Chromium repo, this should be refactored
     // to use FRIEND_TEST in base/gtest_prod_util.h.
     friend class SecurityOriginTest;
     friend class SecurityOriginTest_Suborigins_Test;
     friend class SecurityOriginTest_SuboriginsParsing_Test;
+    friend class SecurityOriginTest_SuboriginsIsSameSchemeHostPortAndSuborigin_Test;
 
     SecurityOrigin();
     explicit SecurityOrigin(const KURL&);
     explicit SecurityOrigin(const SecurityOrigin*);
 
     // FIXME: Rename this function to something more semantic.
     bool passesFileCheck(const SecurityOrigin*) const;
     void buildRawString(StringBuilder&) const;
 
     static bool deserializeSuboriginAndHost(const String&, String&, String&);
 
     String m_protocol;
     String m_host;
     String m_domain;
     String m_suboriginName;
     unsigned short m_port;
     bool m_isUnique;
     bool m_universalAccess;
     bool m_domainWasSetInDOM;
     bool m_canLoadLocalResources;
     bool m_enforceFilePathSeparation;
     bool m_needsDatabaseIdentifierQuirkForFiles;
 };
 
 } // namespace blink
 
 #endif // SecurityOrigin_h