| OLD | NEW |
|---|
| 1 /* | 1 /* |
| 2 * Copyright (C) 2004, 2006, 2008 Apple Inc. All rights reserved. | 2 * Copyright (C) 2004, 2006, 2008 Apple Inc. All rights reserved. |
| 3 * Copyright (C) 2005-2007 Alexey Proskuryakov <ap@webkit.org> | 3 * Copyright (C) 2005-2007 Alexey Proskuryakov <ap@webkit.org> |
| 4 * Copyright (C) 2007, 2008 Julien Chaffraix <jchaffraix@webkit.org> | 4 * Copyright (C) 2007, 2008 Julien Chaffraix <jchaffraix@webkit.org> |
| 5 * Copyright (C) 2008, 2011 Google Inc. All rights reserved. | 5 * Copyright (C) 2008, 2011 Google Inc. All rights reserved. |
| 6 * Copyright (C) 2012 Intel Corporation | 6 * Copyright (C) 2012 Intel Corporation |
| 7 * | 7 * |
| 8 * This library is free software; you can redistribute it and/or | 8 * This library is free software; you can redistribute it and/or |
| 9 * modify it under the terms of the GNU Lesser General Public | 9 * modify it under the terms of the GNU Lesser General Public |
| 10 * License as published by the Free Software Foundation; either | 10 * License as published by the Free Software Foundation; either |
| (...skipping 120 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 131 context->addConsoleMessage(consoleMessage); | 131 context->addConsoleMessage(consoleMessage); |
| 132 } | 132 } |
| 133 | 133 |
| 134 enum HeaderValueCategoryByRFC7230 { | 134 enum HeaderValueCategoryByRFC7230 { |
| 135 HeaderValueInvalid, | 135 HeaderValueInvalid, |
| 136 HeaderValueAffectedByNormalization, | 136 HeaderValueAffectedByNormalization, |
| 137 HeaderValueValid, | 137 HeaderValueValid, |
| 138 HeaderValueCategoryByRFC7230End | 138 HeaderValueCategoryByRFC7230End |
| 139 }; | 139 }; |
| 140 | 140 |
| 141 bool validateOpenArguments(const AtomicString& method, const KURL& url, Exceptio
nState& exceptionState) |
| 142 { |
| 143 if (!isValidHTTPToken(method)) { |
| 144 exceptionState.throwDOMException(SyntaxError, "'" + method + "' is not a
valid HTTP method."); |
| 145 return false; |
| 146 } |
| 147 |
| 148 if (FetchUtils::isForbiddenMethod(method)) { |
| 149 exceptionState.throwSecurityError("'" + method + "' HTTP method is unsup
ported."); |
| 150 return false; |
| 151 } |
| 152 |
| 153 if (!url.isValid()) { |
| 154 exceptionState.throwDOMException(SyntaxError, "Invalid URL"); |
| 155 return false; |
| 156 } |
| 157 |
| 158 return true; |
| 159 } |
| 160 |
| 141 } // namespace | 161 } // namespace |
| 142 | 162 |
| 143 class XMLHttpRequest::BlobLoader final : public GarbageCollectedFinalized<XMLHtt
pRequest::BlobLoader>, public FileReaderLoaderClient { | 163 class XMLHttpRequest::BlobLoader final : public GarbageCollectedFinalized<XMLHtt
pRequest::BlobLoader>, public FileReaderLoaderClient { |
| 144 public: | 164 public: |
| 145 static BlobLoader* create(XMLHttpRequest* xhr, PassRefPtr<BlobDataHandle> ha
ndle) | 165 static BlobLoader* create(XMLHttpRequest* xhr, PassRefPtr<BlobDataHandle> ha
ndle) |
| 146 { | 166 { |
| 147 return new BlobLoader(xhr, handle); | 167 return new BlobLoader(xhr, handle); |
| 148 } | 168 } |
| 149 | 169 |
| 150 // FileReaderLoaderClient functions. | 170 // FileReaderLoaderClient functions. |
| (...skipping 378 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 529 if (m_state > kOpened || m_loader) { | 549 if (m_state > kOpened || m_loader) { |
| 530 exceptionState.throwDOMException(InvalidStateError, "The value may only
be set if the object's state is UNSENT or OPENED."); | 550 exceptionState.throwDOMException(InvalidStateError, "The value may only
be set if the object's state is UNSENT or OPENED."); |
| 531 return; | 551 return; |
| 532 } | 552 } |
| 533 | 553 |
| 534 m_includeCredentials = value; | 554 m_includeCredentials = value; |
| 535 } | 555 } |
| 536 | 556 |
| 537 void XMLHttpRequest::open(const AtomicString& method, const String& urlString, E
xceptionState& exceptionState) | 557 void XMLHttpRequest::open(const AtomicString& method, const String& urlString, E
xceptionState& exceptionState) |
| 538 { | 558 { |
| 539 open(method, getExecutionContext()->completeURL(urlString), true, exceptionS
tate); | 559 KURL url(getExecutionContext()->completeURL(urlString)); |
| 560 if (!validateOpenArguments(method, url, exceptionState)) |
| 561 return; |
| 562 |
| 563 open(method, url, true, exceptionState); |
| 540 } | 564 } |
| 541 | 565 |
| 542 void XMLHttpRequest::open(const AtomicString& method, const String& urlString, b
ool async, const String& username, const String& password, ExceptionState& excep
tionState) | 566 void XMLHttpRequest::open(const AtomicString& method, const String& urlString, b
ool async, const String& username, const String& password, ExceptionState& excep
tionState) |
| 543 { | 567 { |
| 544 KURL url(getExecutionContext()->completeURL(urlString)); | 568 KURL url(getExecutionContext()->completeURL(urlString)); |
| 569 if (!validateOpenArguments(method, url, exceptionState)) |
| 570 return; |
| 571 |
| 545 if (!username.isNull()) | 572 if (!username.isNull()) |
| 546 url.setUser(username); | 573 url.setUser(username); |
| 547 if (!password.isNull()) | 574 if (!password.isNull()) |
| 548 url.setPass(password); | 575 url.setPass(password); |
| 549 | 576 |
| 550 open(method, url, async, exceptionState); | 577 open(method, url, async, exceptionState); |
| 551 } | 578 } |
| 552 | 579 |
| 553 void XMLHttpRequest::open(const AtomicString& method, const KURL& url, bool asyn
c, ExceptionState& exceptionState) | 580 void XMLHttpRequest::open(const AtomicString& method, const KURL& url, bool asyn
c, ExceptionState& exceptionState) |
| 554 { | 581 { |
| 555 NETWORK_DVLOG(1) << this << " open(" << method << ", " << url.elidedString()
<< ", " << async << ")"; | 582 NETWORK_DVLOG(1) << this << " open(" << method << ", " << url.elidedString()
<< ", " << async << ")"; |
| 556 | 583 |
| 584 DCHECK(validateOpenArguments(method, url, exceptionState)); |
| 585 |
| 557 if (!internalAbort()) | 586 if (!internalAbort()) |
| 558 return; | 587 return; |
| 559 | 588 |
| 560 State previousState = m_state; | 589 State previousState = m_state; |
| 561 m_state = kUnsent; | 590 m_state = kUnsent; |
| 562 m_error = false; | 591 m_error = false; |
| 563 m_uploadComplete = false; | 592 m_uploadComplete = false; |
| 564 | 593 |
| 565 if (!isValidHTTPToken(method)) { | |
| 566 exceptionState.throwDOMException(SyntaxError, "'" + method + "' is not a
valid HTTP method."); | |
| 567 return; | |
| 568 } | |
| 569 | |
| 570 if (FetchUtils::isForbiddenMethod(method)) { | |
| 571 exceptionState.throwSecurityError("'" + method + "' HTTP method is unsup
ported."); | |
| 572 return; | |
| 573 } | |
| 574 | |
| 575 if (!ContentSecurityPolicy::shouldBypassMainWorld(getExecutionContext()) &&
!getExecutionContext()->contentSecurityPolicy()->allowConnectToSource(url)) { | 594 if (!ContentSecurityPolicy::shouldBypassMainWorld(getExecutionContext()) &&
!getExecutionContext()->contentSecurityPolicy()->allowConnectToSource(url)) { |
| 576 // We can safely expose the URL to JavaScript, as these checks happen sy
nchronously before redirection. JavaScript receives no new information. | 595 // We can safely expose the URL to JavaScript, as these checks happen sy
nchronously before redirection. JavaScript receives no new information. |
| 577 exceptionState.throwSecurityError("Refused to connect to '" + url.elided
String() + "' because it violates the document's Content Security Policy."); | 596 exceptionState.throwSecurityError("Refused to connect to '" + url.elided
String() + "' because it violates the document's Content Security Policy."); |
| 578 return; | 597 return; |
| 579 } | 598 } |
| 580 | 599 |
| 581 if (!async && getExecutionContext()->isDocument()) { | 600 if (!async && getExecutionContext()->isDocument()) { |
| 582 if (document()->settings() && !document()->settings()->syncXHRInDocument
sEnabled()) { | 601 if (document()->settings() && !document()->settings()->syncXHRInDocument
sEnabled()) { |
| 583 exceptionState.throwDOMException(InvalidAccessError, "Synchronous re
quests are disabled for this page."); | 602 exceptionState.throwDOMException(InvalidAccessError, "Synchronous re
quests are disabled for this page."); |
| 584 return; | 603 return; |
| (...skipping 1140 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1725 visitor->traceWrappers(m_responseDocument); | 1744 visitor->traceWrappers(m_responseDocument); |
| 1726 visitor->traceWrappers(m_responseArrayBuffer); | 1745 visitor->traceWrappers(m_responseArrayBuffer); |
| 1727 } | 1746 } |
| 1728 | 1747 |
| 1729 std::ostream& operator<<(std::ostream& ostream, const XMLHttpRequest* xhr) | 1748 std::ostream& operator<<(std::ostream& ostream, const XMLHttpRequest* xhr) |
| 1730 { | 1749 { |
| 1731 return ostream << "XMLHttpRequest " << static_cast<const void*>(xhr); | 1750 return ostream << "XMLHttpRequest " << static_cast<const void*>(xhr); |
| 1732 } | 1751 } |
| 1733 | 1752 |
| 1734 } // namespace blink | 1753 } // namespace blink |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2297483002:
Make XMLHttpRequest.open() throw for invalid URLs (Closed)
