Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(579)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: Source/core/html/HTMLImportsController.cpp

Issue 19940002: [HTML Import] Respect Content Security Policy Model (Closed) Base URL: svn://svn.chromium.org/blink/trunk
Patch Set: Fix Mac build failure Created 7 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « Source/core/html/HTMLImportsController.h ('k') | Source/core/loader/FrameLoader.cpp » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * Copyright (C) 2013 Google Inc. All rights reserved. 2 * Copyright (C) 2013 Google Inc. All rights reserved.
3 * 3 *
4 * Redistribution and use in source and binary forms, with or without 4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions are 5 * modification, are permitted provided that the following conditions are
6 * met: 6 * met:
7 * 7 *
8 * * Redistributions of source code must retain the above copyright 8 * * Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer. 9 * notice, this list of conditions and the following disclaimer.
10 * * Redistributions in binary form must reproduce the above 10 * * Redistributions in binary form must reproduce the above
(...skipping 20 matching lines...) Expand all
31 #include "config.h" 31 #include "config.h"
32 #include "core/html/HTMLImportsController.h" 32 #include "core/html/HTMLImportsController.h"
33 33
34 #include "core/dom/Document.h" 34 #include "core/dom/Document.h"
35 #include "core/html/HTMLDocument.h" 35 #include "core/html/HTMLDocument.h"
36 #include "core/html/HTMLLinkElement.h" 36 #include "core/html/HTMLLinkElement.h"
37 #include "core/loader/CrossOriginAccessControl.h" 37 #include "core/loader/CrossOriginAccessControl.h"
38 #include "core/loader/DocumentWriter.h" 38 #include "core/loader/DocumentWriter.h"
39 #include "core/loader/cache/CachedScript.h" 39 #include "core/loader/cache/CachedScript.h"
40 #include "core/loader/cache/ResourceFetcher.h" 40 #include "core/loader/cache/ResourceFetcher.h"
41 #include "core/page/ContentSecurityPolicy.h"
41 #include "weborigin/SecurityOrigin.h" 42 #include "weborigin/SecurityOrigin.h"
42 43
43 namespace WebCore { 44 namespace WebCore {
44 45
45 PassRefPtr<LinkImport> LinkImport::create(HTMLLinkElement* owner) 46 PassRefPtr<LinkImport> LinkImport::create(HTMLLinkElement* owner)
46 { 47 {
47 return adoptRef(new LinkImport(owner)); 48 return adoptRef(new LinkImport(owner));
48 } 49 }
49 50
50 LinkImport::LinkImport(HTMLLinkElement* owner) 51 LinkImport::LinkImport(HTMLLinkElement* owner)
(...skipping 24 matching lines...) Expand all
75 76
76 LinkRequestBuilder builder(m_owner); 77 LinkRequestBuilder builder(m_owner);
77 if (!builder.isValid()) 78 if (!builder.isValid())
78 return; 79 return;
79 80
80 if (!m_owner->document()->import()) { 81 if (!m_owner->document()->import()) {
81 ASSERT(m_owner->document()->frame()); // The document should be the mast er. 82 ASSERT(m_owner->document()->frame()); // The document should be the mast er.
82 HTMLImportsController::provideTo(m_owner->document()); 83 HTMLImportsController::provideTo(m_owner->document());
83 } 84 }
84 85
85 HTMLImportsController* controller = m_owner->document()->import()->controlle r(); 86 HTMLImport* parent = m_owner->document()->import();
87 HTMLImportsController* controller = parent->controller();
86 if (RefPtr<HTMLImportLoader> found = controller->findLinkFor(builder.url())) { 88 if (RefPtr<HTMLImportLoader> found = controller->findLinkFor(builder.url())) {
87 m_loader = found; 89 m_loader = found;
88 return; 90 return;
89 } 91 }
90 92
91 FetchRequest request = builder.build(true); 93 FetchRequest request = builder.build(true);
92 request.setPotentiallyCrossOriginEnabled(controller->securityOrigin(), DoNot AllowStoredCredentials); 94 request.setPotentiallyCrossOriginEnabled(controller->securityOrigin(), DoNot AllowStoredCredentials);
93 CachedResourceHandle<CachedRawResource> resource = controller->fetcher()->re questRawResource(request); 95 CachedResourceHandle<CachedRawResource> resource = m_owner->document()->fetc her()->requestImport(request);
94 if (!resource) 96 if (!resource)
95 return; 97 return;
96 98
97 m_loader = HTMLImportLoader::create(controller, builder.url(), resource); 99 m_loader = HTMLImportLoader::create(parent, builder.url(), resource);
98 } 100 }
99 101
100 void LinkImport::ownerRemoved() 102 void LinkImport::ownerRemoved()
101 { 103 {
102 m_owner = 0; 104 m_owner = 0;
103 m_loader.clear(); 105 m_loader.clear();
104 } 106 }
105 107
106 108
107 PassRefPtr<HTMLImportLoader> HTMLImportLoader::create(HTMLImport* parent, const KURL& url, const CachedResourceHandle<CachedScript>& resource) 109 PassRefPtr<HTMLImportLoader> HTMLImportLoader::create(HTMLImport* parent, const KURL& url, const CachedResourceHandle<CachedScript>& resource)
(...skipping 16 matching lines...) Expand all
124 { 126 {
125 // importDestroyed() should be called before the destruction. 127 // importDestroyed() should be called before the destruction.
126 ASSERT(!m_parent); 128 ASSERT(!m_parent);
127 ASSERT(!m_importedDocument); 129 ASSERT(!m_importedDocument);
128 if (m_resource) 130 if (m_resource)
129 m_resource->removeClient(this); 131 m_resource->removeClient(this);
130 } 132 }
131 133
132 void HTMLImportLoader::responseReceived(CachedResource*, const ResourceResponse& response) 134 void HTMLImportLoader::responseReceived(CachedResource*, const ResourceResponse& response)
133 { 135 {
134 setState(startParsing(response)); 136 setState(startWritingAndParsing(response));
135 } 137 }
136 138
137 void HTMLImportLoader::dataReceived(CachedResource*, const char* data, int lengt h) 139 void HTMLImportLoader::dataReceived(CachedResource*, const char* data, int lengt h)
138 { 140 {
139 RefPtr<DocumentWriter> protectingWriter(m_writer); 141 RefPtr<DocumentWriter> protectingWriter(m_writer);
140 m_writer->addData(data, length); 142 m_writer->addData(data, length);
141 } 143 }
142 144
143 void HTMLImportLoader::notifyFinished(CachedResource*) 145 void HTMLImportLoader::notifyFinished(CachedResource*)
144 { 146 {
145 setState(finish()); 147 setState(finishWriting());
146 } 148 }
147 149
148 void HTMLImportLoader::setState(State state) 150 void HTMLImportLoader::setState(State state)
149 { 151 {
150 if (m_state == state) 152 if (m_state == state)
151 return; 153 return;
152 154
153 m_state = state; 155 m_state = state;
154 156
157 if (m_state == StateReady || m_state == StateError || m_state == StateWritte n) {
158 if (RefPtr<DocumentWriter> writer = m_writer.release())
159 writer->end();
160 }
161
155 if (m_state == StateReady || m_state == StateError) 162 if (m_state == StateReady || m_state == StateError)
156 dispose(); 163 dispose();
157 } 164 }
158 165
159 void HTMLImportLoader::dispose() 166 void HTMLImportLoader::dispose()
160 { 167 {
161 if (m_writer) {
162 m_writer->end();
163 m_writer.clear();
164 }
165
166 if (m_resource) { 168 if (m_resource) {
167 m_resource->removeClient(this); 169 m_resource->removeClient(this);
168 m_resource = 0; 170 m_resource = 0;
169 } 171 }
170 172
171
172 if (HTMLImportsController* controller = this->controller()) 173 if (HTMLImportsController* controller = this->controller())
173 controller->didLoad(this); 174 controller->didLoad(this);
174 } 175 }
175 176
176 HTMLImportLoader::State HTMLImportLoader::startParsing(const ResourceResponse& r esponse) 177 HTMLImportLoader::State HTMLImportLoader::startWritingAndParsing(const ResourceR esponse& response)
177 { 178 {
178 // Current canAccess() implementation isn't sufficient for catching cross-do main redirects: http://crbug.com/256976 179 // Current canAccess() implementation isn't sufficient for catching cross-do main redirects: http://crbug.com/256976
179 if (!controller()->fetcher()->canAccess(m_resource.get())) 180 if (!m_parent->document()->fetcher()->canAccess(m_resource.get()))
180 return StateError; 181 return StateError;
181 182
182 m_importedDocument = HTMLDocument::create(DocumentInit(response.url(), 0, th is)); 183 m_importedDocument = HTMLDocument::create(DocumentInit(response.url(), 0, th is));
184 m_importedDocument->initContentSecurityPolicy(ContentSecurityPolicyResponseH eaders(response));
183 m_writer = DocumentWriter::create(m_importedDocument.get(), response.mimeTyp e(), response.textEncodingName()); 185 m_writer = DocumentWriter::create(m_importedDocument.get(), response.mimeTyp e(), response.textEncodingName());
184 186
185 return StateLoading; 187 return StateLoading;
186 } 188 }
187 189
188 HTMLImportLoader::State HTMLImportLoader::finish() 190 HTMLImportLoader::State HTMLImportLoader::finishWriting()
189 { 191 {
190 if (!m_parent) 192 if (!m_parent)
191 return StateError; 193 return StateError;
192 // The writer instance indicates that a part of the document can be already loaded. 194 // The writer instance indicates that a part of the document can be already loaded.
193 // We don't take such a case as an error because the partially-loaded docume nt has been visible from script at this point. 195 // We don't take such a case as an error because the partially-loaded docume nt has been visible from script at this point.
194 if (m_resource->loadFailedOrCanceled() && !m_writer) 196 if (m_resource->loadFailedOrCanceled() && !m_writer)
195 return StateError; 197 return StateError;
198
199 return StateWritten;
200 }
201
202 HTMLImportLoader::State HTMLImportLoader::finishParsing()
203 {
204 if (!m_parent)
205 return StateError;
196 return StateReady; 206 return StateReady;
197 } 207 }
198 208
199 Document* HTMLImportLoader::importedDocument() const 209 Document* HTMLImportLoader::importedDocument() const
200 { 210 {
201 if (m_state != StateReady) 211 if (m_state != StateReady)
202 return 0; 212 return 0;
203 return m_importedDocument.get(); 213 return m_importedDocument.get();
204 } 214 }
205 215
(...skipping 19 matching lines...) Expand all
225 return m_importedDocument.get(); 235 return m_importedDocument.get();
226 } 236 }
227 237
228 void HTMLImportLoader::wasDetachedFromDocument() 238 void HTMLImportLoader::wasDetachedFromDocument()
229 { 239 {
230 // For imported documens this shouldn't be called because Document::m_import is 240 // For imported documens this shouldn't be called because Document::m_import is
231 // cleared before Document is destroyed by HTMLImportLoader::importDestroyed (). 241 // cleared before Document is destroyed by HTMLImportLoader::importDestroyed ().
232 ASSERT_NOT_REACHED(); 242 ASSERT_NOT_REACHED();
233 } 243 }
234 244
245 void HTMLImportLoader::didFinishParsing()
246 {
247 setState(finishParsing());
248 }
249
250
235 void HTMLImportsController::provideTo(Document* master) 251 void HTMLImportsController::provideTo(Document* master)
236 { 252 {
237 DEFINE_STATIC_LOCAL(const char*, name, ("HTMLImportsController")); 253 DEFINE_STATIC_LOCAL(const char*, name, ("HTMLImportsController"));
238 OwnPtr<HTMLImportsController> controller = adoptPtr(new HTMLImportsControlle r(master)); 254 OwnPtr<HTMLImportsController> controller = adoptPtr(new HTMLImportsControlle r(master));
239 master->setImport(controller.get()); 255 master->setImport(controller.get());
240 Supplement<ScriptExecutionContext>::provideTo(master, name, controller.relea se()); 256 Supplement<ScriptExecutionContext>::provideTo(master, name, controller.relea se());
241 } 257 }
242 258
243 HTMLImportsController::HTMLImportsController(Document* master) 259 HTMLImportsController::HTMLImportsController(Document* master)
244 : m_master(master) 260 : m_master(master)
(...skipping 49 matching lines...) Expand 10 before | Expand all | Expand 10 after
294 } 310 }
295 311
296 ResourceFetcher* HTMLImportsController::fetcher() const 312 ResourceFetcher* HTMLImportsController::fetcher() const
297 { 313 {
298 return m_master->fetcher(); 314 return m_master->fetcher();
299 } 315 }
300 316
301 bool HTMLImportsController::haveChildrenLoaded(HTMLImport* parent) const 317 bool HTMLImportsController::haveChildrenLoaded(HTMLImport* parent) const
302 { 318 {
303 for (size_t i = 0; i < m_imports.size(); ++i) { 319 for (size_t i = 0; i < m_imports.size(); ++i) {
304 if (!m_imports[i]->isDone() && m_imports[i]->parent() == parent) 320 if (!m_imports[i]->isDone()) {
305 return false; 321 for (HTMLImport* ancestor = m_imports[i]->parent(); ancestor; ancest or = ancestor->parent()) {
322 if (ancestor == parent)
323 return false;
324 }
325 }
306 } 326 }
307 327
308 return true; 328 return true;
309 } 329 }
310 330
311 HTMLImportsController* HTMLImportsController::controller() 331 HTMLImportsController* HTMLImportsController::controller()
312 { 332 {
313 return this; 333 return this;
314 } 334 }
315 335
316 HTMLImport* HTMLImportsController::parent() 336 HTMLImport* HTMLImportsController::parent()
317 { 337 {
318 return 0; 338 return 0;
319 } 339 }
320 340
321 Document* HTMLImportsController::document() 341 Document* HTMLImportsController::document()
322 { 342 {
323 return m_master; 343 return m_master;
324 } 344 }
325 345
326 void HTMLImportsController::wasDetachedFromDocument() 346 void HTMLImportsController::wasDetachedFromDocument()
327 { 347 {
328 clear(); 348 clear();
329 } 349 }
330 350
351 void HTMLImportsController::didFinishParsing()
352 {
353 }
354
331 } // namespace WebCore 355 } // namespace WebCore
OLDNEW
« no previous file with comments | « Source/core/html/HTMLImportsController.h ('k') | Source/core/loader/FrameLoader.cpp » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698