Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(223)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: Source/platform/weborigin/SecurityOrigin.cpp

Issue 1309333004: Reland of Take care of a FIXME in SecurityOrigin.cpp to check the validity (Closed) Base URL: https://chromium.googlesource.com/chromium/blink.git@master
Patch Set: Created 5 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | Source/platform/weborigin/SecurityOriginTest.cpp » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * Copyright (C) 2007 Apple Inc. All rights reserved. 2 * Copyright (C) 2007 Apple Inc. All rights reserved.
3 * 3 *
4 * Redistribution and use in source and binary forms, with or without 4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions 5 * modification, are permitted provided that the following conditions
6 * are met: 6 * are met:
7 * 7 *
8 * 1. Redistributions of source code must retain the above copyright 8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer. 9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright 10 * 2. Redistributions in binary form must reproduce the above copyright
(...skipping 79 matching lines...) Expand 10 before | Expand all | Expand 10 after
90 { 90 {
91 s_originCache = originCache; 91 s_originCache = originCache;
92 } 92 }
93 93
94 static bool shouldTreatAsUniqueOrigin(const KURL& url) 94 static bool shouldTreatAsUniqueOrigin(const KURL& url)
95 { 95 {
96 if (!url.isValid()) 96 if (!url.isValid())
97 return true; 97 return true;
98 98
99 // FIXME: Do we need to unwrap the URL further? 99 // FIXME: Do we need to unwrap the URL further?
100 KURL innerURL = SecurityOrigin::shouldUseInnerURL(url) ? SecurityOrigin::ext ractInnerURL(url) : url; 100 KURL relevantURL;
101 101 if (SecurityOrigin::shouldUseInnerURL(url)) {
102 // FIXME: Check whether innerURL is valid. 102 relevantURL = SecurityOrigin::extractInnerURL(url);
103 if (!relevantURL.isValid())
104 return true;
105 } else {
106 relevantURL = url;
107 }
103 108
104 // For edge case URLs that were probably misparsed, make sure that the origi n is unique. 109 // For edge case URLs that were probably misparsed, make sure that the origi n is unique.
105 // FIXME: Do we really need to do this? This looks to be a hack around a 110 // FIXME: Do we really need to do this? This looks to be a hack around a
106 // security bug in CFNetwork that might have been fixed. 111 // security bug in CFNetwork that might have been fixed.
107 if (schemeRequiresAuthority(innerURL) && innerURL.host().isEmpty()) 112 if (schemeRequiresAuthority(relevantURL) && relevantURL.host().isEmpty())
108 return true; 113 return true;
109 114
110 // SchemeRegistry needs a lower case protocol because it uses HashMaps 115 // SchemeRegistry needs a lower case protocol because it uses HashMaps
111 // that assume the scheme has already been canonicalized. 116 // that assume the scheme has already been canonicalized.
112 String protocol = innerURL.protocol().lower(); 117 String protocol = relevantURL.protocol().lower();
113 118
114 if (SchemeRegistry::shouldTreatURLSchemeAsNoAccess(protocol)) 119 if (SchemeRegistry::shouldTreatURLSchemeAsNoAccess(protocol))
115 return true; 120 return true;
116 121
117 // This is the common case. 122 // This is the common case.
118 return false; 123 return false;
119 } 124 }
120 125
121 SecurityOrigin::SecurityOrigin(const KURL& url) 126 SecurityOrigin::SecurityOrigin(const KURL& url)
122 : m_protocol(url.protocol().isNull() ? "" : url.protocol().lower()) 127 : m_protocol(url.protocol().isNull() ? "" : url.protocol().lower())
(...skipping 421 matching lines...) Expand 10 before | Expand all | Expand 10 after
544 } 549 }
545 550
546 void SecurityOrigin::transferPrivilegesFrom(const SecurityOrigin& origin) 551 void SecurityOrigin::transferPrivilegesFrom(const SecurityOrigin& origin)
547 { 552 {
548 m_universalAccess = origin.m_universalAccess; 553 m_universalAccess = origin.m_universalAccess;
549 m_canLoadLocalResources = origin.m_canLoadLocalResources; 554 m_canLoadLocalResources = origin.m_canLoadLocalResources;
550 m_blockLocalAccessFromLocalOrigin = origin.m_blockLocalAccessFromLocalOrigin ; 555 m_blockLocalAccessFromLocalOrigin = origin.m_blockLocalAccessFromLocalOrigin ;
551 } 556 }
552 557
553 } // namespace blink 558 } // namespace blink
OLDNEW
« no previous file with comments | « no previous file | Source/platform/weborigin/SecurityOriginTest.cpp » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698