Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(155)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: Source/core/dom/Document.cpp

Issue 183883004: Let ContentSecurityPolicy shared between imports and the master. (Closed) Base URL: svn://svn.chromium.org/blink/trunk
Patch Set: Adding guardRef()/guardDeref() Created 6 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « LayoutTests/http/tests/htmlimports/resources/having-unsafe-inline-policy.html ('k') | Source/core/dom/SecurityContext.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * Copyright (C) 1999 Lars Knoll (knoll@kde.org) 2 * Copyright (C) 1999 Lars Knoll (knoll@kde.org)
3 * (C) 1999 Antti Koivisto (koivisto@kde.org) 3 * (C) 1999 Antti Koivisto (koivisto@kde.org)
4 * (C) 2001 Dirk Mueller (mueller@kde.org) 4 * (C) 2001 Dirk Mueller (mueller@kde.org)
5 * (C) 2006 Alexey Proskuryakov (ap@webkit.org) 5 * (C) 2006 Alexey Proskuryakov (ap@webkit.org)
6 * Copyright (C) 2004, 2005, 2006, 2007, 2008, 2009, 2011, 2012 Apple Inc. All r ights reserved. 6 * Copyright (C) 2004, 2005, 2006, 2007, 2008, 2009, 2011, 2012 Apple Inc. All r ights reserved.
7 * Copyright (C) 2008, 2009 Torch Mobile Inc. All rights reserved. (http://www.t orchmobile.com/) 7 * Copyright (C) 2008, 2009 Torch Mobile Inc. All rights reserved. (http://www.t orchmobile.com/)
8 * Copyright (C) 2008, 2009, 2011, 2012 Google Inc. All rights reserved. 8 * Copyright (C) 2008, 2009, 2011, 2012 Google Inc. All rights reserved.
9 * Copyright (C) 2010 Nokia Corporation and/or its subsidiary(-ies) 9 * Copyright (C) 2010 Nokia Corporation and/or its subsidiary(-ies)
10 * Copyright (C) Research In Motion Limited 2010-2011. All rights reserved. 10 * Copyright (C) Research In Motion Limited 2010-2011. All rights reserved.
(...skipping 2918 matching lines...) Expand 10 before | Expand all | Expand 10 after
2929 } else if (equalIgnoringCase(equiv, "content-security-policy") || equalIgnor ingCase(equiv, "content-security-policy-report-only")) { 2929 } else if (equalIgnoringCase(equiv, "content-security-policy") || equalIgnor ingCase(equiv, "content-security-policy-report-only")) {
2930 if (inDocumentHeadElement) 2930 if (inDocumentHeadElement)
2931 processHttpEquivContentSecurityPolicy(equiv, content); 2931 processHttpEquivContentSecurityPolicy(equiv, content);
2932 else 2932 else
2933 contentSecurityPolicy()->reportMetaOutsideHead(content); 2933 contentSecurityPolicy()->reportMetaOutsideHead(content);
2934 } 2934 }
2935 } 2935 }
2936 2936
2937 void Document::processHttpEquivContentSecurityPolicy(const AtomicString& equiv, const AtomicString& content) 2937 void Document::processHttpEquivContentSecurityPolicy(const AtomicString& equiv, const AtomicString& content)
2938 { 2938 {
2939 if (import() && import()->isChild())
2940 return;
2939 if (equalIgnoringCase(equiv, "content-security-policy")) 2941 if (equalIgnoringCase(equiv, "content-security-policy"))
2940 contentSecurityPolicy()->didReceiveHeader(content, ContentSecurityPolicy ::Enforce, ContentSecurityPolicy::HeaderSourceMeta); 2942 contentSecurityPolicy()->didReceiveHeader(content, ContentSecurityPolicy ::Enforce, ContentSecurityPolicy::HeaderSourceMeta);
2941 else if (equalIgnoringCase(equiv, "content-security-policy-report-only")) 2943 else if (equalIgnoringCase(equiv, "content-security-policy-report-only"))
2942 contentSecurityPolicy()->didReceiveHeader(content, ContentSecurityPolicy ::Report, ContentSecurityPolicy::HeaderSourceMeta); 2944 contentSecurityPolicy()->didReceiveHeader(content, ContentSecurityPolicy ::Report, ContentSecurityPolicy::HeaderSourceMeta);
2943 else 2945 else
2944 ASSERT_NOT_REACHED(); 2946 ASSERT_NOT_REACHED();
2945 } 2947 }
2946 2948
2947 void Document::processHttpEquivDefaultStyle(const AtomicString& content) 2949 void Document::processHttpEquivDefaultStyle(const AtomicString& content)
2948 { 2950 {
(...skipping 1586 matching lines...) Expand 10 before | Expand all | Expand 10 after
4535 bool Document::useSecureKeyboardEntryWhenActive() const 4537 bool Document::useSecureKeyboardEntryWhenActive() const
4536 { 4538 {
4537 return m_useSecureKeyboardEntryWhenActive; 4539 return m_useSecureKeyboardEntryWhenActive;
4538 } 4540 }
4539 4541
4540 void Document::initSecurityContext() 4542 void Document::initSecurityContext()
4541 { 4543 {
4542 initSecurityContext(DocumentInit(m_url, m_frame, contextDocument(), m_import )); 4544 initSecurityContext(DocumentInit(m_url, m_frame, contextDocument(), m_import ));
4543 } 4545 }
4544 4546
4547 static PassRefPtr<ContentSecurityPolicy> contentSecurityPolicyFor(Document* docu ment)
4548 {
4549 if (document->import() && document->import()->isChild())
4550 return document->import()->master()->contentSecurityPolicy();
4551 return ContentSecurityPolicy::create(document);
4552 }
4553
4545 void Document::initSecurityContext(const DocumentInit& initializer) 4554 void Document::initSecurityContext(const DocumentInit& initializer)
4546 { 4555 {
4547 if (haveInitializedSecurityOrigin()) { 4556 if (haveInitializedSecurityOrigin()) {
4548 ASSERT(securityOrigin()); 4557 ASSERT(securityOrigin());
4549 return; 4558 return;
4550 } 4559 }
4551 4560
4552 if (!initializer.hasSecurityContext()) { 4561 if (!initializer.hasSecurityContext()) {
4553 // No source for a security context. 4562 // No source for a security context.
4554 // This can occur via document.implementation.createDocument(). 4563 // This can occur via document.implementation.createDocument().
4555 m_cookieURL = KURL(ParsedURLString, emptyString()); 4564 m_cookieURL = KURL(ParsedURLString, emptyString());
4556 setSecurityOrigin(SecurityOrigin::createUnique()); 4565 setSecurityOrigin(SecurityOrigin::createUnique());
4557 setContentSecurityPolicy(ContentSecurityPolicy::create(this)); 4566 setContentSecurityPolicy(ContentSecurityPolicy::create(this));
4558 return; 4567 return;
4559 } 4568 }
4560 4569
4561 // In the common case, create the security context from the currently 4570 // In the common case, create the security context from the currently
4562 // loading URL with a fresh content security policy. 4571 // loading URL with a fresh content security policy.
4563 m_cookieURL = m_url; 4572 m_cookieURL = m_url;
4564 enforceSandboxFlags(initializer.sandboxFlags()); 4573 enforceSandboxFlags(initializer.sandboxFlags());
4565 setSecurityOrigin(isSandboxed(SandboxOrigin) ? SecurityOrigin::createUnique( ) : SecurityOrigin::create(m_url)); 4574 setSecurityOrigin(isSandboxed(SandboxOrigin) ? SecurityOrigin::createUnique( ) : SecurityOrigin::create(m_url));
4566 setContentSecurityPolicy(ContentSecurityPolicy::create(this)); 4575 setContentSecurityPolicy(contentSecurityPolicyFor(this));
4567 4576
4568 if (Settings* settings = initializer.settings()) { 4577 if (Settings* settings = initializer.settings()) {
4569 if (!settings->webSecurityEnabled()) { 4578 if (!settings->webSecurityEnabled()) {
4570 // Web security is turned off. We should let this document access ev ery other document. This is used primary by testing 4579 // Web security is turned off. We should let this document access ev ery other document. This is used primary by testing
4571 // harnesses for web sites. 4580 // harnesses for web sites.
4572 securityOrigin()->grantUniversalAccess(); 4581 securityOrigin()->grantUniversalAccess();
4573 } else if (securityOrigin()->isLocal()) { 4582 } else if (securityOrigin()->isLocal()) {
4574 if (settings->allowUniversalAccessFromFileURLs()) { 4583 if (settings->allowUniversalAccessFromFileURLs()) {
4575 // Some clients want local URLs to have universal access, but th at setting is dangerous for other clients. 4584 // Some clients want local URLs to have universal access, but th at setting is dangerous for other clients.
4576 securityOrigin()->grantUniversalAccess(); 4585 securityOrigin()->grantUniversalAccess();
(...skipping 862 matching lines...) Expand 10 before | Expand all | Expand 10 after
5439 void Document::defaultEventHandler(Event* event) 5448 void Document::defaultEventHandler(Event* event)
5440 { 5449 {
5441 if (frame() && frame()->remotePlatformLayer()) { 5450 if (frame() && frame()->remotePlatformLayer()) {
5442 frame()->chromeClient().forwardInputEvent(this, event); 5451 frame()->chromeClient().forwardInputEvent(this, event);
5443 return; 5452 return;
5444 } 5453 }
5445 Node::defaultEventHandler(event); 5454 Node::defaultEventHandler(event);
5446 } 5455 }
5447 5456
5448 } // namespace WebCore 5457 } // namespace WebCore
OLDNEW
« no previous file with comments | « LayoutTests/http/tests/htmlimports/resources/having-unsafe-inline-policy.html ('k') | Source/core/dom/SecurityContext.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698