third_party/WebKit/Source/core/dom/Document.cpp - Issue 1383483007: Add scheme exceptions for isSecureContext

Side by Side Diff: third_party/WebKit/Source/core/dom/Document.cpp

Issue 1383483007: Add scheme exceptions for isSecureContext (Closed) Base URL: https://chromium.googlesource.com/chromium/src@master

Patch Set: Update check for sandbox Created 5 years, 2 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

« no previous file with comments | « chrome/renderer/chrome_content_renderer_client.cc ('k') | third_party/WebKit/Source/platform/weborigin/SecurityPolicy.h » ('j') | third_party/WebKit/Source/platform/weborigin/SecurityPolicy.cpp » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

OLD	NEW
1 /*	1 /*

2 * Copyright (C) 1999 Lars Knoll (knoll@kde.org)	2 * Copyright (C) 1999 Lars Knoll (knoll@kde.org)

3 * (C) 1999 Antti Koivisto (koivisto@kde.org)	3 * (C) 1999 Antti Koivisto (koivisto@kde.org)

4 * (C) 2001 Dirk Mueller (mueller@kde.org)	4 * (C) 2001 Dirk Mueller (mueller@kde.org)

5 * (C) 2006 Alexey Proskuryakov (ap@webkit.org)	5 * (C) 2006 Alexey Proskuryakov (ap@webkit.org)

6 * Copyright (C) 2004, 2005, 2006, 2007, 2008, 2009, 2011, 2012 Apple Inc. All r ights reserved.	6 * Copyright (C) 2004, 2005, 2006, 2007, 2008, 2009, 2011, 2012 Apple Inc. All r ights reserved.

7 * Copyright (C) 2008, 2009 Torch Mobile Inc. All rights reserved. (http://www.t orchmobile.com/)	7 * Copyright (C) 2008, 2009 Torch Mobile Inc. All rights reserved. (http://www.t orchmobile.com/)

8 * Copyright (C) 2008, 2009, 2011, 2012 Google Inc. All rights reserved.	8 * Copyright (C) 2008, 2009, 2011, 2012 Google Inc. All rights reserved.

9 * Copyright (C) 2010 Nokia Corporation and/or its subsidiary(-ies)	9 * Copyright (C) 2010 Nokia Corporation and/or its subsidiary(-ies)

10 * Copyright (C) Research In Motion Limited 2010-2011. All rights reserved.	10 * Copyright (C) Research In Motion Limited 2010-2011. All rights reserved.

(...skipping 5638 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
5649 {	5649 {

5650 wrapper = V8DOMWrapper::associateObjectWithWrapper(isolate, this, wrapperTyp e, wrapper);	5650 wrapper = V8DOMWrapper::associateObjectWithWrapper(isolate, this, wrapperTyp e, wrapper);

5651 DOMWrapperWorld& world = DOMWrapperWorld::current(isolate);	5651 DOMWrapperWorld& world = DOMWrapperWorld::current(isolate);

5652 if (world.isMainWorld() && frame())	5652 if (world.isMainWorld() && frame())

5653 frame()->script().windowProxy(world)->updateDocumentWrapper(wrapper);	5653 frame()->script().windowProxy(world)->updateDocumentWrapper(wrapper);

5654 return wrapper;	5654 return wrapper;

5655 }	5655 }

5656	5656

5657 bool Document::isSecureContext(String& errorMessage, const SecureContextCheck pr ivilegeContextCheck) const	5657 bool Document::isSecureContext(String& errorMessage, const SecureContextCheck pr ivilegeContextCheck) const

5658 {	5658 {

	5659 // There may be exceptions for the secure context check defined for

	5660 // certain origins. The exceptions are applied only to the origin

	5661 // themselves and to immediate sanbox frame descendants, but not to
	robwu 2015/10/03 19:28:51 sanbox -> sandbox sanbox -> sandbox jww 2015/10/06 21:53:55 Done. Show quoted text On 2015/10/03 19:28:51, robwu wrote: > sanbox -> sandbox Done.
	5662 // any other children. For example:

	5663 // <iframe src="scheme://this-origin-has-exception">

	5664 // <iframe sandbox srcdoc="..."></iframe>
	robwu 2015/10/03 19:28:51 This does not pass the check because the URL of th This does not pass the check because the URL of the frame is about:srcdoc, not scheme://this-origin-has-exception. If you want to allow about:srcdoc and about:blank frames to pass the check, then you have to traverse the frame tree in the loop below. jww 2015/10/06 21:53:56 Hm, no, I don't want that to pass; I'm not sure wh Show quoted text On 2015/10/03 19:28:51, robwu wrote: > This does not pass the check because the URL of the frame is about:srcdoc, not > scheme://this-origin-has-exception. If you want to allow about:srcdoc and > about:blank frames to pass the check, then you have to traverse the frame tree > in the loop below. Hm, no, I don't want that to pass; I'm not sure what I was getting at with this note. I'll simplify it.
	5665 // </iframe>

	5666 // would pass this check, both for the outer frame and the inner frame,

	5667 // assuming that the origin "scheme://this-origin-has-exception" is granted

	5668 // an exception. However,

	5669 // <iframe src="scheme://this-origin-has-exception">

	5670 // <iframe src="http://a.b/"></iframe>

	5671 // </iframe>

	5672 // the inner frame "http://a.b/" would not pass the check, even though

	5673 // the parent frame has an exception.

	5674 // In all cases, a frame must be potentially trustworthy in addition to

	5675 // having an exception listed in order for the exception to be granted.

5659 if (SecurityContext::isSandboxed(SandboxOrigin)) {	5676 if (SecurityContext::isSandboxed(SandboxOrigin)) {

5660 if (!SecurityOrigin::create(url())->isPotentiallyTrustworthy(errorMessag e))	5677 RefPtr<SecurityOrigin> origin = SecurityOrigin::create(url());

	5678 if (!origin->isPotentiallyTrustworthy(errorMessage))

5661 return false;	5679 return false;

	5680 if (SecurityPolicy::shouldOriginBypassSecureContextCheck(*origin))

	5681 return true;

5662 } else {	5682 } else {

5663 if (!securityOrigin()->isPotentiallyTrustworthy(errorMessage))	5683 if (!securityOrigin()->isPotentiallyTrustworthy(errorMessage))

5664 return false;	5684 return false;

	5685 if (SecurityPolicy::shouldOriginBypassSecureContextCheck(*securityOrigin ()))

	5686 return true;

5665 }	5687 }

5666	5688

5667 if (privilegeContextCheck == StandardSecureContextCheck) {	5689 if (privilegeContextCheck == StandardSecureContextCheck) {

5668 Document* context = parentDocument();	5690 Document* context = parentDocument();

5669 while (context) {	5691 while (context) {

5670 // Skip to the next ancestor if it's a srcdoc.	5692 // Skip to the next ancestor if it's a srcdoc.

5671 if (!context->isSrcdocDocument()) {	5693 if (!context->isSrcdocDocument()) {

5672 if (context->securityContext().isSandboxed(SandboxOrigin)) {	5694 if (context->securityContext().isSandboxed(SandboxOrigin)) {

5673 // For a sandboxed origin, use the document's URL.	5695 // For a sandboxed origin, use the document's URL.

5674 RefPtr<SecurityOrigin> origin = SecurityOrigin::create(conte xt->url());	5696 RefPtr<SecurityOrigin> origin = SecurityOrigin::create(conte xt->url());

(...skipping 82 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
5757 #ifndef NDEBUG	5779 #ifndef NDEBUG

5758 using namespace blink;	5780 using namespace blink;

5759 void showLiveDocumentInstances()	5781 void showLiveDocumentInstances()

5760 {	5782 {

5761 Document::WeakDocumentSet& set = Document::liveDocumentSet();	5783 Document::WeakDocumentSet& set = Document::liveDocumentSet();

5762 fprintf(stderr, "There are %u documents currently alive:\n", set.size());	5784 fprintf(stderr, "There are %u documents currently alive:\n", set.size());

5763 for (Document* document : set)	5785 for (Document* document : set)

5764 fprintf(stderr, "- Document %p URL: %s\n", document, document->url().str ing().utf8().data());	5786 fprintf(stderr, "- Document %p URL: %s\n", document, document->url().str ing().utf8().data());

5765 }	5787 }

5766 #endif	5788 #endif

OLD	NEW