| OLD | NEW |
|---|
| 1 /* | 1 /* |
| 2 * Copyright (C) 2007 Apple Inc. All rights reserved. | 2 * Copyright (C) 2007 Apple Inc. All rights reserved. |
| 3 * | 3 * |
| 4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
| 5 * modification, are permitted provided that the following conditions | 5 * modification, are permitted provided that the following conditions |
| 6 * are met: | 6 * are met: |
| 7 * | 7 * |
| 8 * 1. Redistributions of source code must retain the above copyright | 8 * 1. Redistributions of source code must retain the above copyright |
| 9 * notice, this list of conditions and the following disclaimer. | 9 * notice, this list of conditions and the following disclaimer. |
| 10 * 2. Redistributions in binary form must reproduce the above copyright | 10 * 2. Redistributions in binary form must reproduce the above copyright |
| (...skipping 16 matching lines...) Expand all Loading... |
| 27 */ | 27 */ |
| 28 | 28 |
| 29 #include "platform/weborigin/SecurityOrigin.h" | 29 #include "platform/weborigin/SecurityOrigin.h" |
| 30 | 30 |
| 31 #include "platform/RuntimeEnabledFeatures.h" | 31 #include "platform/RuntimeEnabledFeatures.h" |
| 32 #include "platform/weborigin/KURL.h" | 32 #include "platform/weborigin/KURL.h" |
| 33 #include "platform/weborigin/KnownPorts.h" | 33 #include "platform/weborigin/KnownPorts.h" |
| 34 #include "platform/weborigin/SchemeRegistry.h" | 34 #include "platform/weborigin/SchemeRegistry.h" |
| 35 #include "platform/weborigin/SecurityPolicy.h" | 35 #include "platform/weborigin/SecurityPolicy.h" |
| 36 #include "platform/weborigin/URLSecurityOriginMap.h" | 36 #include "platform/weborigin/URLSecurityOriginMap.h" |
| 37 #include "url/url_canon.h" |
| 37 #include "url/url_canon_ip.h" | 38 #include "url/url_canon_ip.h" |
| 38 #include "wtf/HexNumber.h" | 39 #include "wtf/HexNumber.h" |
| 39 #include "wtf/NotFound.h" | 40 #include "wtf/NotFound.h" |
| 40 #include "wtf/PtrUtil.h" | 41 #include "wtf/PtrUtil.h" |
| 41 #include "wtf/StdLibExtras.h" | 42 #include "wtf/StdLibExtras.h" |
| 42 #include "wtf/text/StringBuilder.h" | 43 #include "wtf/text/StringBuilder.h" |
| 43 #include "wtf/text/StringUTF8Adaptor.h" | 44 #include "wtf/text/StringUTF8Adaptor.h" |
| 44 #include <memory> | 45 #include <memory> |
| 45 | 46 |
| 46 namespace blink { | 47 namespace blink { |
| (...skipping 49 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 96 relevantURL = url; | 97 relevantURL = url; |
| 97 } | 98 } |
| 98 | 99 |
| 99 // URLs with schemes that require an authority, but which don't have one, | 100 // URLs with schemes that require an authority, but which don't have one, |
| 100 // will have failed the isValid() test; e.g. valid HTTP URLs must have a | 101 // will have failed the isValid() test; e.g. valid HTTP URLs must have a |
| 101 // host. | 102 // host. |
| 102 ASSERT(!( | 103 ASSERT(!( |
| 103 (relevantURL.protocolIsInHTTPFamily() || relevantURL.protocolIs("ftp")) && | 104 (relevantURL.protocolIsInHTTPFamily() || relevantURL.protocolIs("ftp")) && |
| 104 relevantURL.host().isEmpty())); | 105 relevantURL.host().isEmpty())); |
| 105 | 106 |
| 106 // SchemeRegistry needs a lower case protocol because it uses HashMaps | 107 if (SchemeRegistry::shouldTreatURLSchemeAsNoAccess(relevantURL.protocol())) |
| 107 // that assume the scheme has already been canonicalized. | |
| 108 String protocol = relevantURL.protocol().lower(); | |
| 109 | |
| 110 if (SchemeRegistry::shouldTreatURLSchemeAsNoAccess(protocol)) | |
| 111 return true; | 108 return true; |
| 112 | 109 |
| 113 // This is the common case. | 110 // This is the common case. |
| 114 return false; | 111 return false; |
| 115 } | 112 } |
| 116 | 113 |
| 117 SecurityOrigin::SecurityOrigin(const KURL& url) | 114 SecurityOrigin::SecurityOrigin(const KURL& url) |
| 118 : m_protocol(url.protocol().isNull() ? emptyString() | 115 : m_protocol(url.protocol()), |
| 119 : url.protocol().lower()), | 116 m_host(url.host()), |
| 120 m_host(url.host().isNull() ? emptyString() : url.host().lower()), | |
| 121 m_port(url.port()), | 117 m_port(url.port()), |
| 122 m_effectivePort(url.port() ? url.port() | 118 m_effectivePort(url.port() ? url.port() |
| 123 : defaultPortForProtocol(m_protocol)), | 119 : defaultPortForProtocol(m_protocol)), |
| 124 m_isUnique(false), | 120 m_isUnique(false), |
| 125 m_universalAccess(false), | 121 m_universalAccess(false), |
| 126 m_domainWasSetInDOM(false), | 122 m_domainWasSetInDOM(false), |
| 127 m_blockLocalAccessFromLocalOrigin(false), | 123 m_blockLocalAccessFromLocalOrigin(false), |
| 128 m_isUniqueOriginPotentiallyTrustworthy(false) { | 124 m_isUniqueOriginPotentiallyTrustworthy(false) { |
| 125 if (m_protocol.isNull()) |
| 126 m_protocol = emptyString(); |
| 127 if (m_host.isNull()) |
| 128 m_host = emptyString(); |
| 129 |
| 129 // Suborigins are serialized into the host, so extract it if necessary. | 130 // Suborigins are serialized into the host, so extract it if necessary. |
| 130 String suboriginName; | 131 String suboriginName; |
| 131 if (deserializeSuboriginAndProtocolAndHost(m_protocol, m_host, suboriginName, | 132 if (deserializeSuboriginAndProtocolAndHost(m_protocol, m_host, suboriginName, |
| 132 m_protocol, m_host)) | 133 m_protocol, m_host)) |
| 133 m_suborigin.setName(suboriginName); | 134 m_suborigin.setName(suboriginName); |
| 134 | 135 |
| 135 // document.domain starts as m_host, but can be set by the DOM. | 136 // document.domain starts as m_host, but can be set by the DOM. |
| 136 m_domain = m_host; | 137 m_domain = m_host; |
| 137 | 138 |
| 138 if (isDefaultPortForProtocol(m_port, m_protocol)) | 139 if (isDefaultPortForProtocol(m_port, m_protocol)) |
| (...skipping 174 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 313 if (url.protocolIsData()) | 314 if (url.protocolIsData()) |
| 314 return false; | 315 return false; |
| 315 | 316 |
| 316 return true; | 317 return true; |
| 317 } | 318 } |
| 318 | 319 |
| 319 bool SecurityOrigin::canDisplay(const KURL& url) const { | 320 bool SecurityOrigin::canDisplay(const KURL& url) const { |
| 320 if (m_universalAccess) | 321 if (m_universalAccess) |
| 321 return true; | 322 return true; |
| 322 | 323 |
| 323 String protocol = url.protocol().lower(); | 324 String protocol = url.protocol(); |
| 324 | |
| 325 if (SchemeRegistry::canDisplayOnlyIfCanRequest(protocol)) | 325 if (SchemeRegistry::canDisplayOnlyIfCanRequest(protocol)) |
| 326 return canRequest(url); | 326 return canRequest(url); |
| 327 | 327 |
| 328 if (SchemeRegistry::shouldTreatURLSchemeAsDisplayIsolated(protocol)) | 328 if (SchemeRegistry::shouldTreatURLSchemeAsDisplayIsolated(protocol)) |
| 329 return m_protocol == protocol || | 329 return m_protocol == protocol || |
| 330 SecurityPolicy::isAccessToURLWhiteListed(this, url); | 330 SecurityPolicy::isAccessToURLWhiteListed(this, url); |
| 331 | 331 |
| 332 if (SchemeRegistry::shouldTreatURLSchemeAsLocal(protocol)) | 332 if (SchemeRegistry::shouldTreatURLSchemeAsLocal(protocol)) |
| 333 return canLoadLocalResources() || | 333 return canLoadLocalResources() || |
| 334 SecurityPolicy::isAccessToURLWhiteListed(this, url); | 334 SecurityPolicy::isAccessToURLWhiteListed(this, url); |
| (...skipping 249 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 584 m_blockLocalAccessFromLocalOrigin = | 584 m_blockLocalAccessFromLocalOrigin = |
| 585 privilegeData->m_blockLocalAccessFromLocalOrigin; | 585 privilegeData->m_blockLocalAccessFromLocalOrigin; |
| 586 } | 586 } |
| 587 | 587 |
| 588 void SecurityOrigin::setUniqueOriginIsPotentiallyTrustworthy( | 588 void SecurityOrigin::setUniqueOriginIsPotentiallyTrustworthy( |
| 589 bool isUniqueOriginPotentiallyTrustworthy) { | 589 bool isUniqueOriginPotentiallyTrustworthy) { |
| 590 ASSERT(!isUniqueOriginPotentiallyTrustworthy || isUnique()); | 590 ASSERT(!isUniqueOriginPotentiallyTrustworthy || isUnique()); |
| 591 m_isUniqueOriginPotentiallyTrustworthy = isUniqueOriginPotentiallyTrustworthy; | 591 m_isUniqueOriginPotentiallyTrustworthy = isUniqueOriginPotentiallyTrustworthy; |
| 592 } | 592 } |
| 593 | 593 |
| 594 String SecurityOrigin::canonicalizeHost(const String& host, bool* success) { |
| 595 url::Component outHost; |
| 596 url::RawCanonOutputT<char> canonOutput; |
| 597 if (host.is8Bit()) { |
| 598 StringUTF8Adaptor utf8(host); |
| 599 *success = url::CanonicalizeHost( |
| 600 utf8.data(), url::Component(0, utf8.length()), &canonOutput, &outHost); |
| 601 } else { |
| 602 *success = url::CanonicalizeHost(host.characters16(), |
| 603 url::Component(0, host.length()), |
| 604 &canonOutput, &outHost); |
| 605 } |
| 606 return String::fromUTF8(canonOutput.data(), canonOutput.length()); |
| 607 } |
| 608 |
| 594 } // namespace blink | 609 } // namespace blink |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2447293002:
Don't call lower() on KURL protocol/host (Closed)
