Chromium Code Reviews Chromium Code Reviews
Issue 1294933004:
Take care of a FIXME in SecurityOrigin.cpp to check the validity of any innerURL during constructio… (Closed)
Base URL: https://chromium.googlesource.com/chromium/blink.git@master| OLD | NEW |
|---|---|
| 1 /* | 1 /* |
| 2 * Copyright (C) 2007 Apple Inc. All rights reserved. | 2 * Copyright (C) 2007 Apple Inc. All rights reserved. |
| 3 * | 3 * |
| 4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
| 5 * modification, are permitted provided that the following conditions | 5 * modification, are permitted provided that the following conditions |
| 6 * are met: | 6 * are met: |
| 7 * | 7 * |
| 8 * 1. Redistributions of source code must retain the above copyright | 8 * 1. Redistributions of source code must retain the above copyright |
| 9 * notice, this list of conditions and the following disclaimer. | 9 * notice, this list of conditions and the following disclaimer. |
| 10 * 2. Redistributions in binary form must reproduce the above copyright | 10 * 2. Redistributions in binary form must reproduce the above copyright |
| (...skipping 79 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 90 { | 90 { |
| 91 s_originCache = originCache; | 91 s_originCache = originCache; |
| 92 } | 92 } |
| 93 | 93 |
| 94 static bool shouldTreatAsUniqueOrigin(const KURL& url) | 94 static bool shouldTreatAsUniqueOrigin(const KURL& url) |
| 95 { | 95 { |
| 96 if (!url.isValid()) | 96 if (!url.isValid()) |
| 97 return true; | 97 return true; |
| 98 | 98 |
| 99 // FIXME: Do we need to unwrap the URL further? | 99 // FIXME: Do we need to unwrap the URL further? |
| 100 KURL innerURL = SecurityOrigin::shouldUseInnerURL(url) ? SecurityOrigin::ext ractInnerURL(url) : url; | 100 KURL relevantURL; |
| 101 | 101 if (SecurityOrigin::shouldUseInnerURL(url)) { |
| 102 // FIXME: Check whether innerURL is valid. | 102 relevantURL = SecurityOrigin::extractInnerURL(url); |
| 103 if (!relevantURL.isValid()) | |
| 104 return true; | |
| 105 } else { | |
| 106 relevantURL = url; | |
| 107 } | |
| 103 | 108 |
| 104 // For edge case URLs that were probably misparsed, make sure that the origi n is unique. | 109 // For edge case URLs that were probably misparsed, make sure that the origi n is unique. |
| 105 // FIXME: Do we really need to do this? This looks to be a hack around a | 110 // FIXME: Do we really need to do this? This looks to be a hack around a |
| 106 // security bug in CFNetwork that might have been fixed. | 111 // security bug in CFNetwork that might have been fixed. |
| 107 if (schemeRequiresAuthority(innerURL) && innerURL.host().isEmpty()) | 112 if (schemeRequiresAuthority(relevantURL) && relevantURL.host().isEmpty()) |
|
sof
2015/08/25 13:39:52
If relevantURL is now checked for validity, is thi
michaeln
2015/08/25 22:47:42
hmmm... good question... i'm not sure?
| |
| 108 return true; | 113 return true; |
| 109 | 114 |
| 110 // SchemeRegistry needs a lower case protocol because it uses HashMaps | 115 // SchemeRegistry needs a lower case protocol because it uses HashMaps |
| 111 // that assume the scheme has already been canonicalized. | 116 // that assume the scheme has already been canonicalized. |
| 112 String protocol = innerURL.protocol().lower(); | 117 String protocol = relevantURL.protocol().lower(); |
| 113 | 118 |
| 114 if (SchemeRegistry::shouldTreatURLSchemeAsNoAccess(protocol)) | 119 if (SchemeRegistry::shouldTreatURLSchemeAsNoAccess(protocol)) |
| 115 return true; | 120 return true; |
| 116 | 121 |
| 117 // This is the common case. | 122 // This is the common case. |
| 118 return false; | 123 return false; |
| 119 } | 124 } |
| 120 | 125 |
| 121 SecurityOrigin::SecurityOrigin(const KURL& url) | 126 SecurityOrigin::SecurityOrigin(const KURL& url) |
| 122 : m_protocol(url.protocol().isNull() ? "" : url.protocol().lower()) | 127 : m_protocol(url.protocol().isNull() ? "" : url.protocol().lower()) |
| (...skipping 421 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 544 } | 549 } |
| 545 | 550 |
| 546 void SecurityOrigin::transferPrivilegesFrom(const SecurityOrigin& origin) | 551 void SecurityOrigin::transferPrivilegesFrom(const SecurityOrigin& origin) |
| 547 { | 552 { |
| 548 m_universalAccess = origin.m_universalAccess; | 553 m_universalAccess = origin.m_universalAccess; |
| 549 m_canLoadLocalResources = origin.m_canLoadLocalResources; | 554 m_canLoadLocalResources = origin.m_canLoadLocalResources; |
| 550 m_blockLocalAccessFromLocalOrigin = origin.m_blockLocalAccessFromLocalOrigin ; | 555 m_blockLocalAccessFromLocalOrigin = origin.m_blockLocalAccessFromLocalOrigin ; |
| 551 } | 556 } |
| 552 | 557 |
| 553 } // namespace blink | 558 } // namespace blink |
| OLD | NEW |
