Source/core/dom/Document.cpp - Issue 19940002: [HTML Import] Respect Content Security Policy Model

Side by Side Diff: Source/core/dom/Document.cpp

Issue 19940002: [HTML Import] Respect Content Security Policy Model (Closed) Base URL: svn://svn.chromium.org/blink/trunk

Patch Set: Switched to Per-import CSP model Created 7 years, 5 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

OLD	NEW
1 /*	1 /*

2 * Copyright (C) 1999 Lars Knoll (knoll@kde.org)	2 * Copyright (C) 1999 Lars Knoll (knoll@kde.org)

3 * (C) 1999 Antti Koivisto (koivisto@kde.org)	3 * (C) 1999 Antti Koivisto (koivisto@kde.org)

4 * (C) 2001 Dirk Mueller (mueller@kde.org)	4 * (C) 2001 Dirk Mueller (mueller@kde.org)

5 * (C) 2006 Alexey Proskuryakov (ap@webkit.org)	5 * (C) 2006 Alexey Proskuryakov (ap@webkit.org)

6 * Copyright (C) 2004, 2005, 2006, 2007, 2008, 2009, 2011, 2012 Apple Inc. All r ights reserved.	6 * Copyright (C) 2004, 2005, 2006, 2007, 2008, 2009, 2011, 2012 Apple Inc. All r ights reserved.

7 * Copyright (C) 2008, 2009 Torch Mobile Inc. All rights reserved. (http://www.t orchmobile.com/)	7 * Copyright (C) 2008, 2009 Torch Mobile Inc. All rights reserved. (http://www.t orchmobile.com/)

8 * Copyright (C) 2008, 2009, 2011, 2012 Google Inc. All rights reserved.	8 * Copyright (C) 2008, 2009, 2011, 2012 Google Inc. All rights reserved.

9 * Copyright (C) 2010 Nokia Corporation and/or its subsidiary(-ies)	9 * Copyright (C) 2010 Nokia Corporation and/or its subsidiary(-ies)

10 * Copyright (C) Research In Motion Limited 2010-2011. All rights reserved.	10 * Copyright (C) Research In Motion Limited 2010-2011. All rights reserved.

(...skipping 4195 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
4206 initSecurityContext(DocumentInit(m_url, m_frame, m_import));	4206 initSecurityContext(DocumentInit(m_url, m_frame, m_import));

4207 }	4207 }

4208	4208

4209 void Document::initSecurityContext(const DocumentInit& initializer)	4209 void Document::initSecurityContext(const DocumentInit& initializer)

4210 {	4210 {

4211 if (haveInitializedSecurityOrigin()) {	4211 if (haveInitializedSecurityOrigin()) {

4212 ASSERT(securityOrigin());	4212 ASSERT(securityOrigin());

4213 return;	4213 return;

4214 }	4214 }

4215	4215

4216 if (!initializer.frame()) {	4216 if (!initializer.hasSecurityContext()) {

4217 // No source for a security context.	4217 // No source for a security context.

4218 // This can occur via document.implementation.createDocument().	4218 // This can occur via document.implementation.createDocument().

4219 m_cookieURL = KURL(ParsedURLString, emptyString());	4219 m_cookieURL = KURL(ParsedURLString, emptyString());

4220 setSecurityOrigin(SecurityOrigin::createUnique());	4220 setSecurityOrigin(SecurityOrigin::createUnique());

4221 setContentSecurityPolicy(ContentSecurityPolicy::create(this));	4221 setContentSecurityPolicy(ContentSecurityPolicy::create(this));

4222 return;	4222 return;

4223 }	4223 }

4224	4224

4225 // In the common case, create the security context from the currently	4225 // In the common case, create the security context from the currently

4226 // loading URL with a fresh content security policy.	4226 // loading URL with a fresh content security policy.

(...skipping 51 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
4278 securityOrigin()->grantLoadLocalResources();	4278 securityOrigin()->grantLoadLocalResources();

4279 return;	4279 return;

4280 }	4280 }

4281	4281

4282 m_cookieURL = ownerFrame->document()->cookieURL();	4282 m_cookieURL = ownerFrame->document()->cookieURL();

4283 // We alias the SecurityOrigins to match Firefox, see Bug 15313	4283 // We alias the SecurityOrigins to match Firefox, see Bug 15313

4284 // https://bugs.webkit.org/show_bug.cgi?id=15313	4284 // https://bugs.webkit.org/show_bug.cgi?id=15313

4285 setSecurityOrigin(ownerFrame->document()->securityOrigin());	4285 setSecurityOrigin(ownerFrame->document()->securityOrigin());

4286 }	4286 }

4287	4287

4288 void Document::initContentSecurityPolicy()	4288 void Document::initContentSecurityPolicy(const ContentSecurityPolicyResponseHead ers& headers)

4289 {	4289 {

4290 if (!m_frame->tree()->parent() \|\| (!shouldInheritSecurityOriginFromOwner(m_u rl) && !isPluginDocument()))	4290 if (m_frame && m_frame->tree()->parent() && (shouldInheritSecurityOriginFrom Owner(m_url) \|\| isPluginDocument()))

4291 return;	4291 contentSecurityPolicy()->copyStateFrom(m_frame->tree()->parent()->docume nt()->contentSecurityPolicy());

4292	4292 contentSecurityPolicy()->didReceiveHeaders(headers);

4293 contentSecurityPolicy()->copyStateFrom(m_frame->tree()->parent()->document() ->contentSecurityPolicy());

4294 }	4293 }

4295	4294

4296 void Document::didUpdateSecurityOrigin()	4295 void Document::didUpdateSecurityOrigin()

4297 {	4296 {

4298 if (!m_frame)	4297 if (!m_frame)

4299 return;	4298 return;

4300 m_frame->script()->updateSecurityOrigin();	4299 m_frame->script()->updateSecurityOrigin();

4301 }	4300 }

4302	4301

4303 bool Document::isContextThread() const	4302 bool Document::isContextThread() const

(...skipping 785 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
5089 {	5088 {

5090 return DocumentLifecycleNotifier::create(this);	5089 return DocumentLifecycleNotifier::create(this);

5091 }	5090 }

5092	5091

5093 DocumentLifecycleNotifier* Document::lifecycleNotifier()	5092 DocumentLifecycleNotifier* Document::lifecycleNotifier()

5094 {	5093 {

5095 return static_cast<DocumentLifecycleNotifier*>(ScriptExecutionContext::lifec ycleNotifier());	5094 return static_cast<DocumentLifecycleNotifier*>(ScriptExecutionContext::lifec ycleNotifier());

5096 }	5095 }

5097	5096

5098 } // namespace WebCore	5097 } // namespace WebCore

OLD	NEW

« no previous file with comments | « Source/core/dom/Document.h ('k') | Source/core/dom/DocumentInit.h » ('j') | Source/core/dom/DocumentInit.h » ('J')