Updated suborigin serialization to latest spec proposal

third_party/WebKit/Source/platform/weborigin/SecurityOrigin.cpp

Index: third_party/WebKit/Source/platform/weborigin/SecurityOrigin.cpp
diff --git a/third_party/WebKit/Source/platform/weborigin/SecurityOrigin.cpp b/third_party/WebKit/Source/platform/weborigin/SecurityOrigin.cpp
index 9a03ad96ae1277dbd839a7e4248fa4217a3a73bc..e1bdf7a1032fcb5ebef400648edbfb66f4d770a7 100644
--- a/third_party/WebKit/Source/platform/weborigin/SecurityOrigin.cpp
+++ b/third_party/WebKit/Source/platform/weborigin/SecurityOrigin.cpp
@@ -129,7 +129,7 @@ SecurityOrigin::SecurityOrigin(const KURL& url)
 {
     // Suborigins are serialized into the host, so extract it if necessary.
     String suboriginName;
-    if (deserializeSuboriginAndHost(m_host, suboriginName, m_host))
+    if (deserializeSuboriginAndProtocolAndHost(m_protocol, m_host, suboriginName, m_protocol, m_host))
         m_suborigin.setName(suboriginName);
 
     // document.domain starts as m_host, but can be set by the DOM.
@@ -473,16 +473,27 @@ String SecurityOrigin::toRawStringIgnoreSuborigin() const
 
 // Returns true if and only if a suborigin component was found. If false, no
 // guarantees about the return value |suboriginName| are made.
-bool SecurityOrigin::deserializeSuboriginAndHost(const String& oldHost, String& suboriginName, String& newHost)
+bool SecurityOrigin::deserializeSuboriginAndProtocolAndHost(const String& oldProtocol, const String& oldHost, String& suboriginName, String& newProtocol, String& newHost)
 {
     if (!RuntimeEnabledFeatures::suboriginsEnabled())
         return false;
 
-    size_t suboriginEnd = oldHost.find('_');
-    // Suborigins cannot be empty
-    if (suboriginEnd == 0 || suboriginEnd == WTF::kNotFound)
+    String originalProtocol = oldProtocol;
+    // Suborigin URLs must have the -so option in the scheme.
+    if (!oldProtocol.endsWith("-so"))
         return false;
 
+    size_t protocolEnd = oldProtocol.reverseFind("-so");
+    DCHECK_NE(protocolEnd, WTF::kNotFound);
+    newProtocol = oldProtocol.substring(0, protocolEnd);

[nasko, 2016/09/19 22:20:21]

Should we verify that the newProtocol is a valid registered protocol? What if I
managed to hit this method with "http-so-so"?

[jww, 2016/09/20 00:24:32]

I think we should only deserialize if it's https-so or http-so, and in other
cases we should return false and throw our hands up. Since KURL doesn't
generally check for valid protocols on creation, I think the appropriate thing
is simply to not deserialize as a suborigin, and to instead leave it to the
caller to decide what to do with the protocol.

+
+    size_t suboriginEnd = oldHost.find('.');
+    // Suborigins cannot be empty.
+    if (suboriginEnd == 0 || suboriginEnd == WTF::kNotFound) {
+        newProtocol = originalProtocol;
+        return false;
+    }
+
     suboriginName = oldHost.substring(0, suboriginEnd);
     newHost = oldHost.substring(suboriginEnd + 1);
 
@@ -503,10 +514,12 @@ AtomicString SecurityOrigin::toRawAtomicString() const
 void SecurityOrigin::buildRawString(StringBuilder& builder, bool includeSuborigin) const
 {
     builder.append(m_protocol);
-    builder.append("://");
     if (includeSuborigin && hasSuborigin()) {
+        builder.append("-so://");
         builder.append(m_suborigin.name());
-        builder.append('_');
+        builder.append('.');
+    } else {
+        builder.append("://");
     }
     builder.append(m_host);