OLD | NEW |
1 /* | 1 /* |
2 * Copyright (C) 1999 Lars Knoll (knoll@kde.org) | 2 * Copyright (C) 1999 Lars Knoll (knoll@kde.org) |
3 * (C) 1999 Antti Koivisto (koivisto@kde.org) | 3 * (C) 1999 Antti Koivisto (koivisto@kde.org) |
4 * (C) 2001 Dirk Mueller (mueller@kde.org) | 4 * (C) 2001 Dirk Mueller (mueller@kde.org) |
5 * (C) 2006 Alexey Proskuryakov (ap@webkit.org) | 5 * (C) 2006 Alexey Proskuryakov (ap@webkit.org) |
6 * Copyright (C) 2004, 2005, 2006, 2007, 2008, 2009, 2011, 2012 Apple Inc. All | 6 * Copyright (C) 2004, 2005, 2006, 2007, 2008, 2009, 2011, 2012 Apple Inc. All |
7 * rights reserved. | 7 * rights reserved. |
8 * Copyright (C) 2008, 2009 Torch Mobile Inc. All rights reserved. | 8 * Copyright (C) 2008, 2009 Torch Mobile Inc. All rights reserved. |
9 * (http://www.torchmobile.com/) | 9 * (http://www.torchmobile.com/) |
10 * Copyright (C) 2008, 2009, 2011, 2012 Google Inc. All rights reserved. | 10 * Copyright (C) 2008, 2009, 2011, 2012 Google Inc. All rights reserved. |
(...skipping 349 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
360 return false; | 360 return false; |
361 | 361 |
362 // rule (d) above | 362 // rule (d) above |
363 CharDecompositionType decompType = decompositionType(c); | 363 CharDecompositionType decompType = decompositionType(c); |
364 if (decompType == DecompositionFont || decompType == DecompositionCompat) | 364 if (decompType == DecompositionFont || decompType == DecompositionCompat) |
365 return false; | 365 return false; |
366 | 366 |
367 return true; | 367 return true; |
368 } | 368 } |
369 | 369 |
370 static bool shouldInheritSecurityOriginFromOwner(const KURL& url) { | |
371 // http://www.whatwg.org/specs/web-apps/current-work/#origin-0 | |
372 // | |
373 // If a Document has the address "about:blank" | |
374 // The origin of the Document is the origin it was assigned when its | |
375 // browsing context was created. | |
376 // | |
377 // Note: We generalize this to all "blank" URLs and invalid URLs because we | |
378 // treat all of these URLs as about:blank. | |
379 // | |
380 return url.isEmpty() || url.protocolIsAbout(); | |
381 } | |
382 | |
383 static Widget* widgetForElement(const Element& focusedElement) { | 370 static Widget* widgetForElement(const Element& focusedElement) { |
384 LayoutObject* layoutObject = focusedElement.layoutObject(); | 371 LayoutObject* layoutObject = focusedElement.layoutObject(); |
385 if (!layoutObject || !layoutObject->isLayoutPart()) | 372 if (!layoutObject || !layoutObject->isLayoutPart()) |
386 return 0; | 373 return 0; |
387 return toLayoutPart(layoutObject)->widget(); | 374 return toLayoutPart(layoutObject)->widget(); |
388 } | 375 } |
389 | 376 |
390 static bool acceptsEditingFocus(const Element& element) { | 377 static bool acceptsEditingFocus(const Element& element) { |
391 DCHECK(hasEditableStyle(element)); | 378 DCHECK(hasEditableStyle(element)); |
392 | 379 |
(...skipping 5124 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
5517 enforceSuborigin(*getSecurityOrigin()->suborigin()); | 5504 enforceSuborigin(*getSecurityOrigin()->suborigin()); |
5518 } | 5505 } |
5519 | 5506 |
5520 void Document::initContentSecurityPolicy(ContentSecurityPolicy* csp) { | 5507 void Document::initContentSecurityPolicy(ContentSecurityPolicy* csp) { |
5521 setContentSecurityPolicy(csp ? csp : ContentSecurityPolicy::create()); | 5508 setContentSecurityPolicy(csp ? csp : ContentSecurityPolicy::create()); |
5522 if (m_frame && m_frame->tree().parent() && | 5509 if (m_frame && m_frame->tree().parent() && |
5523 m_frame->tree().parent()->isLocalFrame()) { | 5510 m_frame->tree().parent()->isLocalFrame()) { |
5524 ContentSecurityPolicy* parentCSP = toLocalFrame(m_frame->tree().parent()) | 5511 ContentSecurityPolicy* parentCSP = toLocalFrame(m_frame->tree().parent()) |
5525 ->document() | 5512 ->document() |
5526 ->contentSecurityPolicy(); | 5513 ->contentSecurityPolicy(); |
5527 if (shouldInheritSecurityOriginFromOwner(m_url)) { | 5514 |
| 5515 // We inherit the parent frame's CSP for documents with "local" schemes: |
| 5516 // 'about', 'blob', 'data', and 'filesystem'. We also inherit the parent |
| 5517 // frame's CSP for documents with empty/invalid URLs because we treat |
| 5518 // those URLs as 'about:blank' in Blink. |
| 5519 // |
| 5520 // https://w3c.github.io/webappsec-csp/#initialize-document-csp |
| 5521 if (m_url.isEmpty() || m_url.protocolIsAbout() || m_url.protocolIsData() || |
| 5522 m_url.protocolIs("blob") || m_url.protocolIs("filesystem")) { |
5528 contentSecurityPolicy()->copyStateFrom(parentCSP); | 5523 contentSecurityPolicy()->copyStateFrom(parentCSP); |
5529 } else if (isPluginDocument()) { | 5524 } else if (isPluginDocument()) { |
5530 // Per CSP2, plugin-types for plugin documents in nested browsing | 5525 // Per CSP2, plugin-types for plugin documents in nested browsing |
5531 // contexts gets inherited from the parent. | 5526 // contexts gets inherited from the parent. |
5532 contentSecurityPolicy()->copyPluginTypesFrom(parentCSP); | 5527 contentSecurityPolicy()->copyPluginTypesFrom(parentCSP); |
5533 } | 5528 } |
5534 } | 5529 } |
5535 contentSecurityPolicy()->bindToExecutionContext(this); | 5530 contentSecurityPolicy()->bindToExecutionContext(this); |
5536 } | 5531 } |
5537 | 5532 |
(...skipping 1047 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
6585 } | 6580 } |
6586 | 6581 |
6587 void showLiveDocumentInstances() { | 6582 void showLiveDocumentInstances() { |
6588 WeakDocumentSet& set = liveDocumentSet(); | 6583 WeakDocumentSet& set = liveDocumentSet(); |
6589 fprintf(stderr, "There are %u documents currently alive:\n", set.size()); | 6584 fprintf(stderr, "There are %u documents currently alive:\n", set.size()); |
6590 for (Document* document : set) | 6585 for (Document* document : set) |
6591 fprintf(stderr, "- Document %p URL: %s\n", document, | 6586 fprintf(stderr, "- Document %p URL: %s\n", document, |
6592 document->url().getString().utf8().data()); | 6587 document->url().getString().utf8().data()); |
6593 } | 6588 } |
6594 #endif | 6589 #endif |
OLD | NEW |