OLD | NEW |
---|---|
1 /* | 1 /* |
2 * Copyright (C) 1999 Lars Knoll (knoll@kde.org) | 2 * Copyright (C) 1999 Lars Knoll (knoll@kde.org) |
3 * (C) 1999 Antti Koivisto (koivisto@kde.org) | 3 * (C) 1999 Antti Koivisto (koivisto@kde.org) |
4 * (C) 2001 Dirk Mueller (mueller@kde.org) | 4 * (C) 2001 Dirk Mueller (mueller@kde.org) |
5 * (C) 2006 Alexey Proskuryakov (ap@webkit.org) | 5 * (C) 2006 Alexey Proskuryakov (ap@webkit.org) |
6 * Copyright (C) 2004, 2005, 2006, 2007, 2008, 2009, 2011, 2012 Apple Inc. All r ights reserved. | 6 * Copyright (C) 2004, 2005, 2006, 2007, 2008, 2009, 2011, 2012 Apple Inc. All r ights reserved. |
7 * Copyright (C) 2008, 2009 Torch Mobile Inc. All rights reserved. (http://www.t orchmobile.com/) | 7 * Copyright (C) 2008, 2009 Torch Mobile Inc. All rights reserved. (http://www.t orchmobile.com/) |
8 * Copyright (C) 2008, 2009, 2011, 2012 Google Inc. All rights reserved. | 8 * Copyright (C) 2008, 2009, 2011, 2012 Google Inc. All rights reserved. |
9 * Copyright (C) 2010 Nokia Corporation and/or its subsidiary(-ies) | 9 * Copyright (C) 2010 Nokia Corporation and/or its subsidiary(-ies) |
10 * Copyright (C) Research In Motion Limited 2010-2011. All rights reserved. | 10 * Copyright (C) Research In Motion Limited 2010-2011. All rights reserved. |
(...skipping 5646 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
5657 bool Document::isSecureContext(String& errorMessage, const SecureContextCheck pr ivilegeContextCheck) const | 5657 bool Document::isSecureContext(String& errorMessage, const SecureContextCheck pr ivilegeContextCheck) const |
5658 { | 5658 { |
5659 if (SecurityContext::isSandboxed(SandboxOrigin)) { | 5659 if (SecurityContext::isSandboxed(SandboxOrigin)) { |
5660 if (!SecurityOrigin::create(url())->isPotentiallyTrustworthy(errorMessag e)) | 5660 if (!SecurityOrigin::create(url())->isPotentiallyTrustworthy(errorMessag e)) |
5661 return false; | 5661 return false; |
5662 } else { | 5662 } else { |
5663 if (!securityOrigin()->isPotentiallyTrustworthy(errorMessage)) | 5663 if (!securityOrigin()->isPotentiallyTrustworthy(errorMessage)) |
5664 return false; | 5664 return false; |
5665 } | 5665 } |
5666 | 5666 |
5667 if (SecurityPolicy::shouldOriginBypassSecureContextCheck(*securityOrigin())) | |
5668 return true; | |
5669 | |
robwu
2015/10/03 10:25:08
Putting this check here implies that the origin al
jww
2015/10/03 17:15:06
Yes, this is intentional because an origin should
robwu
2015/10/03 17:27:09
Yes, with the sandboxed frame being at the chrome-
jww
2015/10/03 17:56:59
I *think* that makes sense, although I'm still goi
robwu
2015/10/03 19:28:50
When I wrote my comment, I mistakenly assumed that
| |
5667 if (privilegeContextCheck == StandardSecureContextCheck) { | 5670 if (privilegeContextCheck == StandardSecureContextCheck) { |
5668 Document* context = parentDocument(); | 5671 Document* context = parentDocument(); |
5669 while (context) { | 5672 while (context) { |
5670 // Skip to the next ancestor if it's a srcdoc. | 5673 // Skip to the next ancestor if it's a srcdoc. |
5671 if (!context->isSrcdocDocument()) { | 5674 if (!context->isSrcdocDocument()) { |
5672 if (context->securityContext().isSandboxed(SandboxOrigin)) { | 5675 if (context->securityContext().isSandboxed(SandboxOrigin)) { |
5673 // For a sandboxed origin, use the document's URL. | 5676 // For a sandboxed origin, use the document's URL. |
5674 RefPtr<SecurityOrigin> origin = SecurityOrigin::create(conte xt->url()); | 5677 RefPtr<SecurityOrigin> origin = SecurityOrigin::create(conte xt->url()); |
5675 if (!origin->isPotentiallyTrustworthy(errorMessage)) | 5678 if (!origin->isPotentiallyTrustworthy(errorMessage)) |
5676 return false; | 5679 return false; |
(...skipping 80 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
5757 #ifndef NDEBUG | 5760 #ifndef NDEBUG |
5758 using namespace blink; | 5761 using namespace blink; |
5759 void showLiveDocumentInstances() | 5762 void showLiveDocumentInstances() |
5760 { | 5763 { |
5761 Document::WeakDocumentSet& set = Document::liveDocumentSet(); | 5764 Document::WeakDocumentSet& set = Document::liveDocumentSet(); |
5762 fprintf(stderr, "There are %u documents currently alive:\n", set.size()); | 5765 fprintf(stderr, "There are %u documents currently alive:\n", set.size()); |
5763 for (Document* document : set) | 5766 for (Document* document : set) |
5764 fprintf(stderr, "- Document %p URL: %s\n", document, document->url().str ing().utf8().data()); | 5767 fprintf(stderr, "- Document %p URL: %s\n", document, document->url().str ing().utf8().data()); |
5765 } | 5768 } |
5766 #endif | 5769 #endif |
OLD | NEW |