Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(104)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: Source/platform/weborigin/SecurityOrigin.cpp

Issue 1315793002: Revert of Take care of a FIXME in SecurityOrigin.cpp to check the validity (Closed) Base URL: https://chromium.googlesource.com/chromium/blink.git@master
Patch Set: Created 5 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | Source/platform/weborigin/SecurityOriginTest.cpp » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * Copyright (C) 2007 Apple Inc. All rights reserved. 2 * Copyright (C) 2007 Apple Inc. All rights reserved.
3 * 3 *
4 * Redistribution and use in source and binary forms, with or without 4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions 5 * modification, are permitted provided that the following conditions
6 * are met: 6 * are met:
7 * 7 *
8 * 1. Redistributions of source code must retain the above copyright 8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer. 9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright 10 * 2. Redistributions in binary form must reproduce the above copyright
(...skipping 79 matching lines...) Expand 10 before | Expand all | Expand 10 after
90 { 90 {
91 s_originCache = originCache; 91 s_originCache = originCache;
92 } 92 }
93 93
94 static bool shouldTreatAsUniqueOrigin(const KURL& url) 94 static bool shouldTreatAsUniqueOrigin(const KURL& url)
95 { 95 {
96 if (!url.isValid()) 96 if (!url.isValid())
97 return true; 97 return true;
98 98
99 // FIXME: Do we need to unwrap the URL further? 99 // FIXME: Do we need to unwrap the URL further?
100 KURL relevantURL; 100 KURL innerURL = SecurityOrigin::shouldUseInnerURL(url) ? SecurityOrigin::ext ractInnerURL(url) : url;
101 if (SecurityOrigin::shouldUseInnerURL(url)) { 101
102 relevantURL = SecurityOrigin::extractInnerURL(url); 102 // FIXME: Check whether innerURL is valid.
103 if (!relevantURL.isValid())
104 return true;
105 } else {
106 relevantURL = url;
107 }
108 103
109 // For edge case URLs that were probably misparsed, make sure that the origi n is unique. 104 // For edge case URLs that were probably misparsed, make sure that the origi n is unique.
110 // FIXME: Do we really need to do this? This looks to be a hack around a 105 // FIXME: Do we really need to do this? This looks to be a hack around a
111 // security bug in CFNetwork that might have been fixed. 106 // security bug in CFNetwork that might have been fixed.
112 if (schemeRequiresAuthority(relevantURL) && relevantURL.host().isEmpty()) 107 if (schemeRequiresAuthority(innerURL) && innerURL.host().isEmpty())
113 return true; 108 return true;
114 109
115 // SchemeRegistry needs a lower case protocol because it uses HashMaps 110 // SchemeRegistry needs a lower case protocol because it uses HashMaps
116 // that assume the scheme has already been canonicalized. 111 // that assume the scheme has already been canonicalized.
117 String protocol = relevantURL.protocol().lower(); 112 String protocol = innerURL.protocol().lower();
118 113
119 if (SchemeRegistry::shouldTreatURLSchemeAsNoAccess(protocol)) 114 if (SchemeRegistry::shouldTreatURLSchemeAsNoAccess(protocol))
120 return true; 115 return true;
121 116
122 // This is the common case. 117 // This is the common case.
123 return false; 118 return false;
124 } 119 }
125 120
126 SecurityOrigin::SecurityOrigin(const KURL& url) 121 SecurityOrigin::SecurityOrigin(const KURL& url)
127 : m_protocol(url.protocol().isNull() ? "" : url.protocol().lower()) 122 : m_protocol(url.protocol().isNull() ? "" : url.protocol().lower())
(...skipping 421 matching lines...) Expand 10 before | Expand all | Expand 10 after
549 } 544 }
550 545
551 void SecurityOrigin::transferPrivilegesFrom(const SecurityOrigin& origin) 546 void SecurityOrigin::transferPrivilegesFrom(const SecurityOrigin& origin)
552 { 547 {
553 m_universalAccess = origin.m_universalAccess; 548 m_universalAccess = origin.m_universalAccess;
554 m_canLoadLocalResources = origin.m_canLoadLocalResources; 549 m_canLoadLocalResources = origin.m_canLoadLocalResources;
555 m_blockLocalAccessFromLocalOrigin = origin.m_blockLocalAccessFromLocalOrigin ; 550 m_blockLocalAccessFromLocalOrigin = origin.m_blockLocalAccessFromLocalOrigin ;
556 } 551 }
557 552
558 } // namespace blink 553 } // namespace blink
OLDNEW
« no previous file with comments | « no previous file | Source/platform/weborigin/SecurityOriginTest.cpp » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698