third_party/WebKit/Source/core/dom/Document.cpp - Issue 1504403003: Calling isSecureContext() with no arguments

Side by Side Diff: third_party/WebKit/Source/core/dom/Document.cpp

Issue 1504403003: Calling isSecureContext() with no arguments (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Refactored isSecureContext() Created 5 years ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

« no previous file with comments | « third_party/WebKit/Source/core/dom/Document.h ('k') | third_party/WebKit/Source/core/dom/ExecutionContext.h » ('j') | third_party/WebKit/Source/core/dom/Fullscreen.cpp » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

OLD	NEW
1 /*	1 /*

2 * Copyright (C) 1999 Lars Knoll (knoll@kde.org)	2 * Copyright (C) 1999 Lars Knoll (knoll@kde.org)

3 * (C) 1999 Antti Koivisto (koivisto@kde.org)	3 * (C) 1999 Antti Koivisto (koivisto@kde.org)

4 * (C) 2001 Dirk Mueller (mueller@kde.org)	4 * (C) 2001 Dirk Mueller (mueller@kde.org)

5 * (C) 2006 Alexey Proskuryakov (ap@webkit.org)	5 * (C) 2006 Alexey Proskuryakov (ap@webkit.org)

6 * Copyright (C) 2004, 2005, 2006, 2007, 2008, 2009, 2011, 2012 Apple Inc. All r ights reserved.	6 * Copyright (C) 2004, 2005, 2006, 2007, 2008, 2009, 2011, 2012 Apple Inc. All r ights reserved.

7 * Copyright (C) 2008, 2009 Torch Mobile Inc. All rights reserved. (http://www.t orchmobile.com/)	7 * Copyright (C) 2008, 2009 Torch Mobile Inc. All rights reserved. (http://www.t orchmobile.com/)

8 * Copyright (C) 2008, 2009, 2011, 2012 Google Inc. All rights reserved.	8 * Copyright (C) 2008, 2009, 2011, 2012 Google Inc. All rights reserved.

9 * Copyright (C) 2010 Nokia Corporation and/or its subsidiary(-ies)	9 * Copyright (C) 2010 Nokia Corporation and/or its subsidiary(-ies)

10 * Copyright (C) Research In Motion Limited 2010-2011. All rights reserved.	10 * Copyright (C) Research In Motion Limited 2010-2011. All rights reserved.

(...skipping 3285 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
3296	3296

3297 void Document::cloneDataFromDocument(const Document& other)	3297 void Document::cloneDataFromDocument(const Document& other)

3298 {	3298 {

3299 setCompatibilityMode(other.compatibilityMode());	3299 setCompatibilityMode(other.compatibilityMode());

3300 setEncodingData(other.m_encodingData);	3300 setEncodingData(other.m_encodingData);

3301 setContextFeatures(other.contextFeatures());	3301 setContextFeatures(other.contextFeatures());

3302 setSecurityOrigin(other.securityOrigin()->isolatedCopy());	3302 setSecurityOrigin(other.securityOrigin()->isolatedCopy());

3303 setMimeType(other.contentType());	3303 setMimeType(other.contentType());

3304 }	3304 }

3305	3305

	3306 bool Document::isOriginPotentiallyTrustworthy(SecurityOrigin* origin, String* er rorMessage) const
	estark 2015/12/18 00:00:57 Since this doesn't need to access any methods or d Since this doesn't need to access any methods or data members on Document, it could just be a helper function at the top of the file (somewhere around line 343). It doesn't need to be a Document method.
	3307 {

	3308 if (errorMessage)

	3309 return origin->isPotentiallyTrustworthy(*errorMessage);

	3310 return origin->isPotentiallyTrustworthy();

	3311 }

	3312

	3313 bool Document::isSecureContextImpl(String* errorMessage, const SecureContextChec k privilegeContextCheck) const

	3314 {

	3315 // There may be exceptions for the secure context check defined for certain

	3316 // schemes. The exceptions are applied only to the special scheme and to

	3317 // sandboxed URLs from those origins, but not to any children.

	3318 //

	3319 // For example:

	3320 // <iframe src="http://host">

	3321 // <iframe src="scheme-has-exception://host"></iframe>

	3322 // <iframe sandbox src="scheme-has-exception://host"></iframe>

	3323 // </iframe>

	3324 // both inner iframes pass this check, assuming that the scheme

	3325 // "scheme-has-exception:" is granted an exception.

	3326 //

	3327 // However,

	3328 // <iframe src="http://host">

	3329 // <iframe sandbox src="http://host"></iframe>

	3330 // </iframe>

	3331 // would fail the check (that is, sandbox does not grant an exception itself ).

	3332 //

	3333 // Additionally, with

	3334 // <iframe src="scheme-has-exception://host">

	3335 // <iframe src="http://host"></iframe>

	3336 // <iframe sandbox src="http://host"></iframe>

	3337 // </iframe>

	3338 // both inner iframes would fail the check, even though the outermost iframe

	3339 // passes.

	3340 //

	3341 // In all cases, a frame must be potentially trustworthy in addition to

	3342 // having an exception listed in order for the exception to be granted.

	3343 if (SecurityContext::isSandboxed(SandboxOrigin)) {

	3344 RefPtr<SecurityOrigin> origin = SecurityOrigin::create(url());

	3345 if (!isOriginPotentiallyTrustworthy(origin.get(), errorMessage))

	3346 return false;

	3347 if (SchemeRegistry::schemeShouldBypassSecureContextCheck(origin->protoco l()))

	3348 return true;

	3349 } else {

	3350 if (!isOriginPotentiallyTrustworthy(securityOrigin(), errorMessage))

	3351 return false;

	3352 if (SchemeRegistry::schemeShouldBypassSecureContextCheck(securityOrigin( )->protocol()))

	3353 return true;

	3354 }

	3355

	3356 if (privilegeContextCheck == StandardSecureContextCheck) {

	3357 Document* context = parentDocument();

	3358 while (context) {

	3359 // Skip to the next ancestor if it's a srcdoc.

	3360 if (!context->isSrcdocDocument()) {

	3361 if (context->securityContext().isSandboxed(SandboxOrigin)) {

	3362 // For a sandboxed origin, use the document's URL.

	3363 RefPtr<SecurityOrigin> origin = SecurityOrigin::create(conte xt->url());

	3364 if (!isOriginPotentiallyTrustworthy(origin.get(), errorMessa ge))

	3365 return false;

	3366 } else {

	3367 if (!isOriginPotentiallyTrustworthy(context->securityOrigin( ), errorMessage))

	3368 return false;

	3369 }

	3370 }

	3371 context = context->parentDocument();

	3372 }

	3373 }

	3374 return true;

	3375 }

	3376

3306 StyleSheetList* Document::styleSheets()	3377 StyleSheetList* Document::styleSheets()

3307 {	3378 {

3308 if (!m_styleSheetList)	3379 if (!m_styleSheetList)

3309 m_styleSheetList = StyleSheetList::create(this);	3380 m_styleSheetList = StyleSheetList::create(this);

3310 return m_styleSheetList.get();	3381 return m_styleSheetList.get();

3311 }	3382 }

3312	3383

3313 String Document::preferredStylesheetSet() const	3384 String Document::preferredStylesheetSet() const

3314 {	3385 {

3315 return m_styleEngine->preferredStylesheetSetName();	3386 return m_styleEngine->preferredStylesheetSetName();

(...skipping 2350 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
5666 {	5737 {

5667 wrapper = V8DOMWrapper::associateObjectWithWrapper(isolate, this, wrapperTyp e, wrapper);	5738 wrapper = V8DOMWrapper::associateObjectWithWrapper(isolate, this, wrapperTyp e, wrapper);

5668 DOMWrapperWorld& world = DOMWrapperWorld::current(isolate);	5739 DOMWrapperWorld& world = DOMWrapperWorld::current(isolate);

5669 if (world.isMainWorld() && frame())	5740 if (world.isMainWorld() && frame())

5670 frame()->script().windowProxy(world)->updateDocumentWrapper(wrapper);	5741 frame()->script().windowProxy(world)->updateDocumentWrapper(wrapper);

5671 return wrapper;	5742 return wrapper;

5672 }	5743 }

5673	5744

5674 bool Document::isSecureContext(String& errorMessage, const SecureContextCheck pr ivilegeContextCheck) const	5745 bool Document::isSecureContext(String& errorMessage, const SecureContextCheck pr ivilegeContextCheck) const

5675 {	5746 {

5676 // There may be exceptions for the secure context check defined for certain	5747 return isSecureContextImpl(&errorMessage, privilegeContextCheck);

5677 // schemes. The exceptions are applied only to the special scheme and to	5748 }

5678 // sandboxed URLs from those origins, but not to any children.

5679 //

5680 // For example:

5681 // <iframe src="http://host">

5682 // <iframe src="scheme-has-exception://host"></iframe>

5683 // <iframe sandbox src="scheme-has-exception://host"></iframe>

5684 // </iframe>

5685 // both inner iframes pass this check, assuming that the scheme

5686 // "scheme-has-exception:" is granted an exception.

5687 //

5688 // However,

5689 // <iframe src="http://host">

5690 // <iframe sandbox src="http://host"></iframe>

5691 // </iframe>

5692 // would fail the check (that is, sandbox does not grant an exception itself ).

5693 //

5694 // Additionally, with

5695 // <iframe src="scheme-has-exception://host">

5696 // <iframe src="http://host"></iframe>

5697 // <iframe sandbox src="http://host"></iframe>

5698 // </iframe>

5699 // both inner iframes would fail the check, even though the outermost iframe

5700 // passes.

5701 //

5702 // In all cases, a frame must be potentially trustworthy in addition to

5703 // having an exception listed in order for the exception to be granted.

5704 if (SecurityContext::isSandboxed(SandboxOrigin)) {

5705 RefPtr<SecurityOrigin> origin = SecurityOrigin::create(url());

5706 if (!origin->isPotentiallyTrustworthy(errorMessage))

5707 return false;

5708 if (SchemeRegistry::schemeShouldBypassSecureContextCheck(origin->protoco l()))

5709 return true;

5710 } else {

5711 if (!securityOrigin()->isPotentiallyTrustworthy(errorMessage))

5712 return false;

5713 if (SchemeRegistry::schemeShouldBypassSecureContextCheck(securityOrigin( )->protocol()))

5714 return true;

5715 }

5716	5749

5717 if (privilegeContextCheck == StandardSecureContextCheck) {	5750 bool Document::isSecureContext(const SecureContextCheck privilegeContextCheck) c onst

5718 Document* context = parentDocument();	5751 {

5719 while (context) {	5752 return isSecureContextImpl(nullptr, privilegeContextCheck);

5720 // Skip to the next ancestor if it's a srcdoc.

5721 if (!context->isSrcdocDocument()) {

5722 if (context->securityContext().isSandboxed(SandboxOrigin)) {

5723 // For a sandboxed origin, use the document's URL.

5724 RefPtr<SecurityOrigin> origin = SecurityOrigin::create(conte xt->url());

5725 if (!origin->isPotentiallyTrustworthy(errorMessage))

5726 return false;

5727 } else {

5728 if (!context->securityOrigin()->isPotentiallyTrustworthy(err orMessage))

5729 return false;

5730 }

5731 }

5732 context = context->parentDocument();

5733 }

5734 }

5735 return true;

5736 }	5753 }

5737	5754

5738 WebTaskRunner* Document::loadingTaskRunner() const	5755 WebTaskRunner* Document::loadingTaskRunner() const

5739 {	5756 {

5740 if (frame())	5757 if (frame())

5741 return frame()->frameScheduler()->loadingTaskRunner();	5758 return frame()->frameScheduler()->loadingTaskRunner();

5742 if (m_importsController)	5759 if (m_importsController)

5743 return m_importsController->master()->loadingTaskRunner();	5760 return m_importsController->master()->loadingTaskRunner();

5744 if (m_contextDocument)	5761 if (m_contextDocument)

5745 return m_contextDocument->loadingTaskRunner();	5762 return m_contextDocument->loadingTaskRunner();

(...skipping 82 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
5828 #ifndef NDEBUG	5845 #ifndef NDEBUG

5829 using namespace blink;	5846 using namespace blink;

5830 void showLiveDocumentInstances()	5847 void showLiveDocumentInstances()

5831 {	5848 {

5832 Document::WeakDocumentSet& set = Document::liveDocumentSet();	5849 Document::WeakDocumentSet& set = Document::liveDocumentSet();

5833 fprintf(stderr, "There are %u documents currently alive:\n", set.size());	5850 fprintf(stderr, "There are %u documents currently alive:\n", set.size());

5834 for (Document* document : set)	5851 for (Document* document : set)

5835 fprintf(stderr, "- Document %p URL: %s\n", document, document->url().str ing().utf8().data());	5852 fprintf(stderr, "- Document %p URL: %s\n", document, document->url().str ing().utf8().data());

5836 }	5853 }

5837 #endif	5854 #endif

OLD	NEW