third_party/WebKit/Source/core/dom/Document.cpp - Issue 1383483007: Add scheme exceptions for isSecureContext

Side by Side Diff: third_party/WebKit/Source/core/dom/Document.cpp

Issue 1383483007: Add scheme exceptions for isSecureContext (Closed) Base URL: https://chromium.googlesource.com/chromium/src@master

Patch Set: Fix Rob and Devlin comments Created 5 years, 2 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

« no previous file with comments | « chrome/test/data/extensions/api_test/webrtc_from_web_accessible_resource/test.js ('k') | third_party/WebKit/Source/platform/weborigin/SchemeRegistry.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

OLD	NEW
1 /*	1 /*

2 * Copyright (C) 1999 Lars Knoll (knoll@kde.org)	2 * Copyright (C) 1999 Lars Knoll (knoll@kde.org)

3 * (C) 1999 Antti Koivisto (koivisto@kde.org)	3 * (C) 1999 Antti Koivisto (koivisto@kde.org)

4 * (C) 2001 Dirk Mueller (mueller@kde.org)	4 * (C) 2001 Dirk Mueller (mueller@kde.org)

5 * (C) 2006 Alexey Proskuryakov (ap@webkit.org)	5 * (C) 2006 Alexey Proskuryakov (ap@webkit.org)

6 * Copyright (C) 2004, 2005, 2006, 2007, 2008, 2009, 2011, 2012 Apple Inc. All r ights reserved.	6 * Copyright (C) 2004, 2005, 2006, 2007, 2008, 2009, 2011, 2012 Apple Inc. All r ights reserved.

7 * Copyright (C) 2008, 2009 Torch Mobile Inc. All rights reserved. (http://www.t orchmobile.com/)	7 * Copyright (C) 2008, 2009 Torch Mobile Inc. All rights reserved. (http://www.t orchmobile.com/)

8 * Copyright (C) 2008, 2009, 2011, 2012 Google Inc. All rights reserved.	8 * Copyright (C) 2008, 2009, 2011, 2012 Google Inc. All rights reserved.

9 * Copyright (C) 2010 Nokia Corporation and/or its subsidiary(-ies)	9 * Copyright (C) 2010 Nokia Corporation and/or its subsidiary(-ies)

10 * Copyright (C) Research In Motion Limited 2010-2011. All rights reserved.	10 * Copyright (C) Research In Motion Limited 2010-2011. All rights reserved.

(...skipping 5638 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
5649 {	5649 {

5650 wrapper = V8DOMWrapper::associateObjectWithWrapper(isolate, this, wrapperTyp e, wrapper);	5650 wrapper = V8DOMWrapper::associateObjectWithWrapper(isolate, this, wrapperTyp e, wrapper);

5651 DOMWrapperWorld& world = DOMWrapperWorld::current(isolate);	5651 DOMWrapperWorld& world = DOMWrapperWorld::current(isolate);

5652 if (world.isMainWorld() && frame())	5652 if (world.isMainWorld() && frame())

5653 frame()->script().windowProxy(world)->updateDocumentWrapper(wrapper);	5653 frame()->script().windowProxy(world)->updateDocumentWrapper(wrapper);

5654 return wrapper;	5654 return wrapper;

5655 }	5655 }

5656	5656

5657 bool Document::isSecureContext(String& errorMessage, const SecureContextCheck pr ivilegeContextCheck) const	5657 bool Document::isSecureContext(String& errorMessage, const SecureContextCheck pr ivilegeContextCheck) const

5658 {	5658 {

	5659 // There may be exceptions for the secure context check defined for certain

	5660 // schemes. The exceptions are applied only to the origin special scheme
	robwu 2015/10/15 20:56:11 I think that you forgot to remove "origin" here. I think that you forgot to remove "origin" here. jww 2015/10/15 22:38:06 Done. Show quoted text On 2015/10/15 20:56:11, robwu wrote: > I think that you forgot to remove "origin" here. Done.
	5661 // and to sandboxed URLs from those origins, but not to any children.

	5662 //

	5663 // For example:

	5664 // <iframe src="http://host">

	5665 // <iframe src="scheme-has-exception://host"></iframe>

	5666 // <iframe sandbox src="scheme-has-exception://host"></iframe>

	5667 // </iframe>

	5668 // both inner iframes pass this check, assuming that the scheme

	5669 // "scheme-has-exception:" is granted an exception.

	5670 //

	5671 // However,

	5672 // <iframe src="http://host">

	5673 // <iframe sandbox src="http://host"></iframe>

	5674 // </iframe>

	5675 // would fail the check (that is, sandbox does not grant an exception itself ).

	5676 //

	5677 // Additionally, with

	5678 // <iframe src="scheme-has-exception://host">

	5679 // <iframe src="http://host"></iframe>

	5680 // <iframe sandbox src="http://host"></iframe>

	5681 // </iframe>

	5682 // both inner iframes would fail the check, even though the outermost iframe

	5683 // passes.

	5684 //

	5685 // In all cases, a frame must be potentially trustworthy in addition to

	5686 // having an exception listed in order for the exception to be granted.

5659 if (SecurityContext::isSandboxed(SandboxOrigin)) {	5687 if (SecurityContext::isSandboxed(SandboxOrigin)) {

5660 if (!SecurityOrigin::create(url())->isPotentiallyTrustworthy(errorMessag e))	5688 RefPtr<SecurityOrigin> origin = SecurityOrigin::create(url());

	5689 if (!origin->isPotentiallyTrustworthy(errorMessage))

5661 return false;	5690 return false;

	5691 if (SchemeRegistry::schemeShouldBypassSecureContextCheck(origin->protoco l()))

	5692 return true;

5662 } else {	5693 } else {

5663 if (!securityOrigin()->isPotentiallyTrustworthy(errorMessage))	5694 if (!securityOrigin()->isPotentiallyTrustworthy(errorMessage))

5664 return false;	5695 return false;

	5696 if (SchemeRegistry::schemeShouldBypassSecureContextCheck(securityOrigin( )->protocol()))

	5697 return true;

5665 }	5698 }

5666	5699

5667 if (privilegeContextCheck == StandardSecureContextCheck) {	5700 if (privilegeContextCheck == StandardSecureContextCheck) {

5668 Document* context = parentDocument();	5701 Document* context = parentDocument();

5669 while (context) {	5702 while (context) {

5670 // Skip to the next ancestor if it's a srcdoc.	5703 // Skip to the next ancestor if it's a srcdoc.

5671 if (!context->isSrcdocDocument()) {	5704 if (!context->isSrcdocDocument()) {

5672 if (context->securityContext().isSandboxed(SandboxOrigin)) {	5705 if (context->securityContext().isSandboxed(SandboxOrigin)) {

5673 // For a sandboxed origin, use the document's URL.	5706 // For a sandboxed origin, use the document's URL.

5674 RefPtr<SecurityOrigin> origin = SecurityOrigin::create(conte xt->url());	5707 RefPtr<SecurityOrigin> origin = SecurityOrigin::create(conte xt->url());

(...skipping 82 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
5757 #ifndef NDEBUG	5790 #ifndef NDEBUG

5758 using namespace blink;	5791 using namespace blink;

5759 void showLiveDocumentInstances()	5792 void showLiveDocumentInstances()

5760 {	5793 {

5761 Document::WeakDocumentSet& set = Document::liveDocumentSet();	5794 Document::WeakDocumentSet& set = Document::liveDocumentSet();

5762 fprintf(stderr, "There are %u documents currently alive:\n", set.size());	5795 fprintf(stderr, "There are %u documents currently alive:\n", set.size());

5763 for (Document* document : set)	5796 for (Document* document : set)

5764 fprintf(stderr, "- Document %p URL: %s\n", document, document->url().str ing().utf8().data());	5797 fprintf(stderr, "- Document %p URL: %s\n", document, document->url().str ing().utf8().data());

5765 }	5798 }

5766 #endif	5799 #endif

OLD	NEW