OLD | NEW |
1 /* | 1 /* |
2 * Copyright (C) 1999 Lars Knoll (knoll@kde.org) | 2 * Copyright (C) 1999 Lars Knoll (knoll@kde.org) |
3 * (C) 1999 Antti Koivisto (koivisto@kde.org) | 3 * (C) 1999 Antti Koivisto (koivisto@kde.org) |
4 * (C) 2001 Dirk Mueller (mueller@kde.org) | 4 * (C) 2001 Dirk Mueller (mueller@kde.org) |
5 * (C) 2006 Alexey Proskuryakov (ap@webkit.org) | 5 * (C) 2006 Alexey Proskuryakov (ap@webkit.org) |
6 * Copyright (C) 2004, 2005, 2006, 2007, 2008, 2009, 2011, 2012 Apple Inc. All r
ights reserved. | 6 * Copyright (C) 2004, 2005, 2006, 2007, 2008, 2009, 2011, 2012 Apple Inc. All r
ights reserved. |
7 * Copyright (C) 2008, 2009 Torch Mobile Inc. All rights reserved. (http://www.t
orchmobile.com/) | 7 * Copyright (C) 2008, 2009 Torch Mobile Inc. All rights reserved. (http://www.t
orchmobile.com/) |
8 * Copyright (C) 2008, 2009, 2011, 2012 Google Inc. All rights reserved. | 8 * Copyright (C) 2008, 2009, 2011, 2012 Google Inc. All rights reserved. |
9 * Copyright (C) 2010 Nokia Corporation and/or its subsidiary(-ies) | 9 * Copyright (C) 2010 Nokia Corporation and/or its subsidiary(-ies) |
10 * Copyright (C) Research In Motion Limited 2010-2011. All rights reserved. | 10 * Copyright (C) Research In Motion Limited 2010-2011. All rights reserved. |
(...skipping 2242 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
2253 | 2253 |
2254 ScriptableDocumentParser* Document::scriptableDocumentParser() const | 2254 ScriptableDocumentParser* Document::scriptableDocumentParser() const |
2255 { | 2255 { |
2256 return parser() ? parser()->asScriptableDocumentParser() : 0; | 2256 return parser() ? parser()->asScriptableDocumentParser() : 0; |
2257 } | 2257 } |
2258 | 2258 |
2259 void Document::open(Document* ownerDocument) | 2259 void Document::open(Document* ownerDocument) |
2260 { | 2260 { |
2261 if (ownerDocument) { | 2261 if (ownerDocument) { |
2262 setURL(ownerDocument->url()); | 2262 setURL(ownerDocument->url()); |
2263 m_cookieURL = ownerDocument->cookieURL(); | 2263 m_inheritedURL = ownerDocument->inheritedURL(); |
2264 setSecurityOrigin(ownerDocument->securityOrigin()); | 2264 setSecurityOrigin(ownerDocument->securityOrigin()); |
2265 } | 2265 } |
2266 | 2266 |
2267 if (m_frame) { | 2267 if (m_frame) { |
2268 if (ScriptableDocumentParser* parser = scriptableDocumentParser()) { | 2268 if (ScriptableDocumentParser* parser = scriptableDocumentParser()) { |
2269 if (parser->isParsing()) { | 2269 if (parser->isParsing()) { |
2270 // FIXME: HTML5 doesn't tell us to check this, it might not be c
orrect. | 2270 // FIXME: HTML5 doesn't tell us to check this, it might not be c
orrect. |
2271 if (parser->isExecutingScript()) | 2271 if (parser->isExecutingScript()) |
2272 return; | 2272 return; |
2273 | 2273 |
(...skipping 1589 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
3863 if (!securityOrigin()->canAccessCookies()) { | 3863 if (!securityOrigin()->canAccessCookies()) { |
3864 if (isSandboxed(SandboxOrigin)) | 3864 if (isSandboxed(SandboxOrigin)) |
3865 exceptionState.throwSecurityError("The document is sandboxed and lac
ks the 'allow-same-origin' flag."); | 3865 exceptionState.throwSecurityError("The document is sandboxed and lac
ks the 'allow-same-origin' flag."); |
3866 else if (url().protocolIs("data")) | 3866 else if (url().protocolIs("data")) |
3867 exceptionState.throwSecurityError("Cookies are disabled inside 'data
:' URLs."); | 3867 exceptionState.throwSecurityError("Cookies are disabled inside 'data
:' URLs."); |
3868 else | 3868 else |
3869 exceptionState.throwSecurityError("Access is denied for this documen
t."); | 3869 exceptionState.throwSecurityError("Access is denied for this documen
t."); |
3870 return String(); | 3870 return String(); |
3871 } | 3871 } |
3872 | 3872 |
3873 KURL cookieURL = this->cookieURL(); | 3873 KURL cookieURL = this->inheritedURL(); |
3874 if (cookieURL.isEmpty()) | 3874 if (cookieURL.isEmpty()) |
3875 return String(); | 3875 return String(); |
3876 | 3876 |
3877 return cookies(this, cookieURL); | 3877 return cookies(this, cookieURL); |
3878 } | 3878 } |
3879 | 3879 |
3880 void Document::setCookie(const String& value, ExceptionState& exceptionState) | 3880 void Document::setCookie(const String& value, ExceptionState& exceptionState) |
3881 { | 3881 { |
3882 if (settings() && !settings()->cookieEnabled()) | 3882 if (settings() && !settings()->cookieEnabled()) |
3883 return; | 3883 return; |
3884 | 3884 |
3885 // FIXME: The HTML5 DOM spec states that this attribute can raise an | 3885 // FIXME: The HTML5 DOM spec states that this attribute can raise an |
3886 // InvalidStateError exception on setting if the Document has no | 3886 // InvalidStateError exception on setting if the Document has no |
3887 // browsing context. | 3887 // browsing context. |
3888 | 3888 |
3889 if (!securityOrigin()->canAccessCookies()) { | 3889 if (!securityOrigin()->canAccessCookies()) { |
3890 if (isSandboxed(SandboxOrigin)) | 3890 if (isSandboxed(SandboxOrigin)) |
3891 exceptionState.throwSecurityError("The document is sandboxed and lac
ks the 'allow-same-origin' flag."); | 3891 exceptionState.throwSecurityError("The document is sandboxed and lac
ks the 'allow-same-origin' flag."); |
3892 else if (url().protocolIs("data")) | 3892 else if (url().protocolIs("data")) |
3893 exceptionState.throwSecurityError("Cookies are disabled inside 'data
:' URLs."); | 3893 exceptionState.throwSecurityError("Cookies are disabled inside 'data
:' URLs."); |
3894 else | 3894 else |
3895 exceptionState.throwSecurityError("Access is denied for this documen
t."); | 3895 exceptionState.throwSecurityError("Access is denied for this documen
t."); |
3896 return; | 3896 return; |
3897 } | 3897 } |
3898 | 3898 |
3899 KURL cookieURL = this->cookieURL(); | 3899 KURL cookieURL = this->inheritedURL(); |
3900 if (cookieURL.isEmpty()) | 3900 if (cookieURL.isEmpty()) |
3901 return; | 3901 return; |
3902 | 3902 |
3903 setCookies(this, cookieURL, value); | 3903 setCookies(this, cookieURL, value); |
3904 } | 3904 } |
3905 | 3905 |
3906 const AtomicString& Document::referrer() const | 3906 const AtomicString& Document::referrer() const |
3907 { | 3907 { |
3908 if (loader()) | 3908 if (loader()) |
3909 return loader()->request().httpReferrer(); | 3909 return loader()->request().httpReferrer(); |
(...skipping 679 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
4589 void Document::initSecurityContext(const DocumentInit& initializer) | 4589 void Document::initSecurityContext(const DocumentInit& initializer) |
4590 { | 4590 { |
4591 if (haveInitializedSecurityOrigin()) { | 4591 if (haveInitializedSecurityOrigin()) { |
4592 ASSERT(securityOrigin()); | 4592 ASSERT(securityOrigin()); |
4593 return; | 4593 return; |
4594 } | 4594 } |
4595 | 4595 |
4596 if (!initializer.hasSecurityContext()) { | 4596 if (!initializer.hasSecurityContext()) { |
4597 // No source for a security context. | 4597 // No source for a security context. |
4598 // This can occur via document.implementation.createDocument(). | 4598 // This can occur via document.implementation.createDocument(). |
4599 m_cookieURL = KURL(ParsedURLString, emptyString()); | 4599 m_inheritedURL = KURL(ParsedURLString, emptyString()); |
4600 setSecurityOrigin(SecurityOrigin::createUnique()); | 4600 setSecurityOrigin(SecurityOrigin::createUnique()); |
4601 setContentSecurityPolicy(ContentSecurityPolicy::create(this)); | 4601 setContentSecurityPolicy(ContentSecurityPolicy::create(this)); |
4602 return; | 4602 return; |
4603 } | 4603 } |
4604 | 4604 |
4605 // In the common case, create the security context from the currently | 4605 // In the common case, create the security context from the currently |
4606 // loading URL with a fresh content security policy. | 4606 // loading URL with a fresh content security policy. |
4607 m_cookieURL = m_url; | 4607 m_inheritedURL = m_url; |
4608 enforceSandboxFlags(initializer.sandboxFlags()); | 4608 enforceSandboxFlags(initializer.sandboxFlags()); |
4609 setSecurityOrigin(isSandboxed(SandboxOrigin) ? SecurityOrigin::createUnique(
) : SecurityOrigin::create(m_url)); | 4609 setSecurityOrigin(isSandboxed(SandboxOrigin) ? SecurityOrigin::createUnique(
) : SecurityOrigin::create(m_url)); |
4610 setContentSecurityPolicy(contentSecurityPolicyFor(this)); | 4610 setContentSecurityPolicy(contentSecurityPolicyFor(this)); |
4611 | 4611 |
4612 if (Settings* settings = initializer.settings()) { | 4612 if (Settings* settings = initializer.settings()) { |
4613 if (!settings->webSecurityEnabled()) { | 4613 if (!settings->webSecurityEnabled()) { |
4614 // Web security is turned off. We should let this document access ev
ery other document. This is used primary by testing | 4614 // Web security is turned off. We should let this document access ev
ery other document. This is used primary by testing |
4615 // harnesses for web sites. | 4615 // harnesses for web sites. |
4616 securityOrigin()->grantUniversalAccess(); | 4616 securityOrigin()->grantUniversalAccess(); |
4617 } else if (securityOrigin()->isLocal()) { | 4617 } else if (securityOrigin()->isLocal()) { |
(...skipping 28 matching lines...) Expand all Loading... |
4646 if (isSandboxed(SandboxOrigin)) { | 4646 if (isSandboxed(SandboxOrigin)) { |
4647 // If we're supposed to inherit our security origin from our owner, | 4647 // If we're supposed to inherit our security origin from our owner, |
4648 // but we're also sandboxed, the only thing we inherit is the ability | 4648 // but we're also sandboxed, the only thing we inherit is the ability |
4649 // to load local resources. This lets about:blank iframes in file:// | 4649 // to load local resources. This lets about:blank iframes in file:// |
4650 // URL documents load images and other resources from the file system. | 4650 // URL documents load images and other resources from the file system. |
4651 if (initializer.owner()->securityOrigin()->canLoadLocalResources()) | 4651 if (initializer.owner()->securityOrigin()->canLoadLocalResources()) |
4652 securityOrigin()->grantLoadLocalResources(); | 4652 securityOrigin()->grantLoadLocalResources(); |
4653 return; | 4653 return; |
4654 } | 4654 } |
4655 | 4655 |
4656 m_cookieURL = initializer.owner()->cookieURL(); | 4656 m_inheritedURL = initializer.owner()->inheritedURL(); |
4657 // We alias the SecurityOrigins to match Firefox, see Bug 15313 | 4657 // We alias the SecurityOrigins to match Firefox, see Bug 15313 |
4658 // https://bugs.webkit.org/show_bug.cgi?id=15313 | 4658 // https://bugs.webkit.org/show_bug.cgi?id=15313 |
4659 setSecurityOrigin(initializer.owner()->securityOrigin()); | 4659 setSecurityOrigin(initializer.owner()->securityOrigin()); |
4660 } | 4660 } |
4661 | 4661 |
4662 void Document::initContentSecurityPolicy(const ContentSecurityPolicyResponseHead
ers& headers) | 4662 void Document::initContentSecurityPolicy(const ContentSecurityPolicyResponseHead
ers& headers) |
4663 { | 4663 { |
4664 if (m_frame && m_frame->tree().parent() && (shouldInheritSecurityOriginFromO
wner(m_url) || isPluginDocument())) | 4664 if (m_frame && m_frame->tree().parent() && (shouldInheritSecurityOriginFromO
wner(m_url) || isPluginDocument())) |
4665 contentSecurityPolicy()->copyStateFrom(m_frame->tree().parent()->documen
t()->contentSecurityPolicy()); | 4665 contentSecurityPolicy()->copyStateFrom(m_frame->tree().parent()->documen
t()->contentSecurityPolicy()); |
4666 contentSecurityPolicy()->didReceiveHeaders(headers); | 4666 contentSecurityPolicy()->didReceiveHeaders(headers); |
(...skipping 854 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
5521 } | 5521 } |
5522 | 5522 |
5523 void Document::invalidateNodeListCaches(const QualifiedName* attrName) | 5523 void Document::invalidateNodeListCaches(const QualifiedName* attrName) |
5524 { | 5524 { |
5525 HashSet<LiveNodeListBase*>::iterator end = m_listsInvalidatedAtDocument.end(
); | 5525 HashSet<LiveNodeListBase*>::iterator end = m_listsInvalidatedAtDocument.end(
); |
5526 for (HashSet<LiveNodeListBase*>::iterator it = m_listsInvalidatedAtDocument.
begin(); it != end; ++it) | 5526 for (HashSet<LiveNodeListBase*>::iterator it = m_listsInvalidatedAtDocument.
begin(); it != end; ++it) |
5527 (*it)->invalidateCache(attrName); | 5527 (*it)->invalidateCache(attrName); |
5528 } | 5528 } |
5529 | 5529 |
5530 } // namespace WebCore | 5530 } // namespace WebCore |
OLD | NEW |