OLD | NEW |
---|---|
1 /* | 1 /* |
2 * Copyright (C) 1999 Lars Knoll (knoll@kde.org) | 2 * Copyright (C) 1999 Lars Knoll (knoll@kde.org) |
3 * (C) 1999 Antti Koivisto (koivisto@kde.org) | 3 * (C) 1999 Antti Koivisto (koivisto@kde.org) |
4 * (C) 2001 Dirk Mueller (mueller@kde.org) | 4 * (C) 2001 Dirk Mueller (mueller@kde.org) |
5 * (C) 2006 Alexey Proskuryakov (ap@webkit.org) | 5 * (C) 2006 Alexey Proskuryakov (ap@webkit.org) |
6 * Copyright (C) 2004, 2005, 2006, 2007, 2008, 2009, 2011, 2012 Apple Inc. All r ights reserved. | 6 * Copyright (C) 2004, 2005, 2006, 2007, 2008, 2009, 2011, 2012 Apple Inc. All r ights reserved. |
7 * Copyright (C) 2008, 2009 Torch Mobile Inc. All rights reserved. (http://www.t orchmobile.com/) | 7 * Copyright (C) 2008, 2009 Torch Mobile Inc. All rights reserved. (http://www.t orchmobile.com/) |
8 * Copyright (C) 2008, 2009, 2011, 2012 Google Inc. All rights reserved. | 8 * Copyright (C) 2008, 2009, 2011, 2012 Google Inc. All rights reserved. |
9 * Copyright (C) 2010 Nokia Corporation and/or its subsidiary(-ies) | 9 * Copyright (C) 2010 Nokia Corporation and/or its subsidiary(-ies) |
10 * Copyright (C) Research In Motion Limited 2010-2011. All rights reserved. | 10 * Copyright (C) Research In Motion Limited 2010-2011. All rights reserved. |
(...skipping 5638 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
5649 { | 5649 { |
5650 wrapper = V8DOMWrapper::associateObjectWithWrapper(isolate, this, wrapperTyp e, wrapper); | 5650 wrapper = V8DOMWrapper::associateObjectWithWrapper(isolate, this, wrapperTyp e, wrapper); |
5651 DOMWrapperWorld& world = DOMWrapperWorld::current(isolate); | 5651 DOMWrapperWorld& world = DOMWrapperWorld::current(isolate); |
5652 if (world.isMainWorld() && frame()) | 5652 if (world.isMainWorld() && frame()) |
5653 frame()->script().windowProxy(world)->updateDocumentWrapper(wrapper); | 5653 frame()->script().windowProxy(world)->updateDocumentWrapper(wrapper); |
5654 return wrapper; | 5654 return wrapper; |
5655 } | 5655 } |
5656 | 5656 |
5657 bool Document::isSecureContext(String& errorMessage, const SecureContextCheck pr ivilegeContextCheck) const | 5657 bool Document::isSecureContext(String& errorMessage, const SecureContextCheck pr ivilegeContextCheck) const |
5658 { | 5658 { |
5659 // There may be exceptions for the secure context check defined for | |
5660 // certain origins. The exceptions are applied only to the origin | |
5661 // themselves and to immediate sanbox frame descendants, but *not* to | |
robwu
2015/10/03 19:28:51
sanbox -> sandbox
jww
2015/10/06 21:53:55
Done.
| |
5662 // any other children. For example: | |
5663 // <iframe src="scheme://this-origin-has-exception"> | |
5664 // <iframe sandbox srcdoc="..."></iframe> | |
robwu
2015/10/03 19:28:51
This does not pass the check because the URL of th
jww
2015/10/06 21:53:56
Hm, no, I don't want that to pass; I'm not sure wh
| |
5665 // </iframe> | |
5666 // would pass this check, both for the outer frame and the inner frame, | |
5667 // assuming that the origin "scheme://this-origin-has-exception" is granted | |
5668 // an exception. However, | |
5669 // <iframe src="scheme://this-origin-has-exception"> | |
5670 // <iframe src="http://a.b/"></iframe> | |
5671 // </iframe> | |
5672 // the inner frame "http://a.b/" would *not* pass the check, even though | |
5673 // the parent frame has an exception. | |
5674 // In all cases, a frame must be potentially trustworthy in addition to | |
5675 // having an exception listed in order for the exception to be granted. | |
5659 if (SecurityContext::isSandboxed(SandboxOrigin)) { | 5676 if (SecurityContext::isSandboxed(SandboxOrigin)) { |
5660 if (!SecurityOrigin::create(url())->isPotentiallyTrustworthy(errorMessag e)) | 5677 RefPtr<SecurityOrigin> origin = SecurityOrigin::create(url()); |
5678 if (!origin->isPotentiallyTrustworthy(errorMessage)) | |
5661 return false; | 5679 return false; |
5680 if (SecurityPolicy::shouldOriginBypassSecureContextCheck(*origin)) | |
5681 return true; | |
5662 } else { | 5682 } else { |
5663 if (!securityOrigin()->isPotentiallyTrustworthy(errorMessage)) | 5683 if (!securityOrigin()->isPotentiallyTrustworthy(errorMessage)) |
5664 return false; | 5684 return false; |
5685 if (SecurityPolicy::shouldOriginBypassSecureContextCheck(*securityOrigin ())) | |
5686 return true; | |
5665 } | 5687 } |
5666 | 5688 |
5667 if (privilegeContextCheck == StandardSecureContextCheck) { | 5689 if (privilegeContextCheck == StandardSecureContextCheck) { |
5668 Document* context = parentDocument(); | 5690 Document* context = parentDocument(); |
5669 while (context) { | 5691 while (context) { |
5670 // Skip to the next ancestor if it's a srcdoc. | 5692 // Skip to the next ancestor if it's a srcdoc. |
5671 if (!context->isSrcdocDocument()) { | 5693 if (!context->isSrcdocDocument()) { |
5672 if (context->securityContext().isSandboxed(SandboxOrigin)) { | 5694 if (context->securityContext().isSandboxed(SandboxOrigin)) { |
5673 // For a sandboxed origin, use the document's URL. | 5695 // For a sandboxed origin, use the document's URL. |
5674 RefPtr<SecurityOrigin> origin = SecurityOrigin::create(conte xt->url()); | 5696 RefPtr<SecurityOrigin> origin = SecurityOrigin::create(conte xt->url()); |
(...skipping 82 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
5757 #ifndef NDEBUG | 5779 #ifndef NDEBUG |
5758 using namespace blink; | 5780 using namespace blink; |
5759 void showLiveDocumentInstances() | 5781 void showLiveDocumentInstances() |
5760 { | 5782 { |
5761 Document::WeakDocumentSet& set = Document::liveDocumentSet(); | 5783 Document::WeakDocumentSet& set = Document::liveDocumentSet(); |
5762 fprintf(stderr, "There are %u documents currently alive:\n", set.size()); | 5784 fprintf(stderr, "There are %u documents currently alive:\n", set.size()); |
5763 for (Document* document : set) | 5785 for (Document* document : set) |
5764 fprintf(stderr, "- Document %p URL: %s\n", document, document->url().str ing().utf8().data()); | 5786 fprintf(stderr, "- Document %p URL: %s\n", document, document->url().str ing().utf8().data()); |
5765 } | 5787 } |
5766 #endif | 5788 #endif |
OLD | NEW |