OLD | NEW |
1 /* | 1 /* |
2 * Copyright (C) 2007 Apple Inc. All rights reserved. | 2 * Copyright (C) 2007 Apple Inc. All rights reserved. |
3 * | 3 * |
4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
5 * modification, are permitted provided that the following conditions | 5 * modification, are permitted provided that the following conditions |
6 * are met: | 6 * are met: |
7 * | 7 * |
8 * 1. Redistributions of source code must retain the above copyright | 8 * 1. Redistributions of source code must retain the above copyright |
9 * notice, this list of conditions and the following disclaimer. | 9 * notice, this list of conditions and the following disclaimer. |
10 * 2. Redistributions in binary form must reproduce the above copyright | 10 * 2. Redistributions in binary form must reproduce the above copyright |
(...skipping 38 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
49 | 49 |
50 static URLSecurityOriginMap* s_urlOriginMap = 0; | 50 static URLSecurityOriginMap* s_urlOriginMap = 0; |
51 | 51 |
52 static SecurityOrigin* getOriginFromMap(const KURL& url) { | 52 static SecurityOrigin* getOriginFromMap(const KURL& url) { |
53 if (s_urlOriginMap) | 53 if (s_urlOriginMap) |
54 return s_urlOriginMap->getOrigin(url); | 54 return s_urlOriginMap->getOrigin(url); |
55 return nullptr; | 55 return nullptr; |
56 } | 56 } |
57 | 57 |
58 bool SecurityOrigin::shouldUseInnerURL(const KURL& url) { | 58 bool SecurityOrigin::shouldUseInnerURL(const KURL& url) { |
59 // FIXME: Blob URLs don't have inner URLs. Their form is "blob:<inner-origin>/
<UUID>", so treating the part after "blob:" as a URL is incorrect. | 59 // FIXME: Blob URLs don't have inner URLs. Their form is |
| 60 // "blob:<inner-origin>/<UUID>", so treating the part after "blob:" as a URL |
| 61 // is incorrect. |
60 if (url.protocolIs("blob")) | 62 if (url.protocolIs("blob")) |
61 return true; | 63 return true; |
62 if (url.protocolIs("filesystem")) | 64 if (url.protocolIs("filesystem")) |
63 return true; | 65 return true; |
64 return false; | 66 return false; |
65 } | 67 } |
66 | 68 |
67 // In general, extracting the inner URL varies by scheme. It just so happens | 69 // In general, extracting the inner URL varies by scheme. It just so happens |
68 // that all the URL schemes we currently support that use inner URLs for their | 70 // that all the URL schemes we currently support that use inner URLs for their |
69 // security origin can be parsed using this algorithm. | 71 // security origin can be parsed using this algorithm. |
(...skipping 146 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
216 bool SecurityOrigin::canAccess(const SecurityOrigin* other) const { | 218 bool SecurityOrigin::canAccess(const SecurityOrigin* other) const { |
217 if (m_universalAccess) | 219 if (m_universalAccess) |
218 return true; | 220 return true; |
219 | 221 |
220 if (this == other) | 222 if (this == other) |
221 return true; | 223 return true; |
222 | 224 |
223 if (isUnique() || other->isUnique()) | 225 if (isUnique() || other->isUnique()) |
224 return false; | 226 return false; |
225 | 227 |
226 // document.domain handling, as per https://html.spec.whatwg.org/multipage/bro
wsers.html#dom-document-domain: | 228 // document.domain handling, as per |
| 229 // https://html.spec.whatwg.org/multipage/browsers.html#dom-document-domain: |
227 // | 230 // |
228 // 1) Neither document has set document.domain. In this case, we insist | 231 // 1) Neither document has set document.domain. In this case, we insist |
229 // that the scheme, host, and port of the URLs match. | 232 // that the scheme, host, and port of the URLs match. |
230 // | 233 // |
231 // 2) Both documents have set document.domain. In this case, we insist | 234 // 2) Both documents have set document.domain. In this case, we insist |
232 // that the documents have set document.domain to the same value and | 235 // that the documents have set document.domain to the same value and |
233 // that the scheme of the URLs match. Ports do not need to match. | 236 // that the scheme of the URLs match. Ports do not need to match. |
234 bool canAccess = false; | 237 bool canAccess = false; |
235 if (m_protocol == other->m_protocol) { | 238 if (m_protocol == other->m_protocol) { |
236 if (!m_domainWasSetInDOM && !other->m_domainWasSetInDOM) { | 239 if (!m_domainWasSetInDOM && !other->m_domainWasSetInDOM) { |
(...skipping 342 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
579 privilegeData->m_blockLocalAccessFromLocalOrigin; | 582 privilegeData->m_blockLocalAccessFromLocalOrigin; |
580 } | 583 } |
581 | 584 |
582 void SecurityOrigin::setUniqueOriginIsPotentiallyTrustworthy( | 585 void SecurityOrigin::setUniqueOriginIsPotentiallyTrustworthy( |
583 bool isUniqueOriginPotentiallyTrustworthy) { | 586 bool isUniqueOriginPotentiallyTrustworthy) { |
584 ASSERT(!isUniqueOriginPotentiallyTrustworthy || isUnique()); | 587 ASSERT(!isUniqueOriginPotentiallyTrustworthy || isUnique()); |
585 m_isUniqueOriginPotentiallyTrustworthy = isUniqueOriginPotentiallyTrustworthy; | 588 m_isUniqueOriginPotentiallyTrustworthy = isUniqueOriginPotentiallyTrustworthy; |
586 } | 589 } |
587 | 590 |
588 } // namespace blink | 591 } // namespace blink |
OLD | NEW |