third_party/WebKit/Source/core/dom/Document.cpp - Issue 2530343006: CSP: "local schemes" should inherit policy when window.opened.

Side by Side Diff: third_party/WebKit/Source/core/dom/Document.cpp

Issue 2530343006: CSP: "local schemes" should inherit policy when window.opened. (Closed)

Patch Set: Created 4 years ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

« no previous file with comments | « third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/cascade/same-origin-with-own-policy-window-open.html ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

OLD	NEW
1 /*	1 /*

2 * Copyright (C) 1999 Lars Knoll (knoll@kde.org)	2 * Copyright (C) 1999 Lars Knoll (knoll@kde.org)

3 * (C) 1999 Antti Koivisto (koivisto@kde.org)	3 * (C) 1999 Antti Koivisto (koivisto@kde.org)

4 * (C) 2001 Dirk Mueller (mueller@kde.org)	4 * (C) 2001 Dirk Mueller (mueller@kde.org)

5 * (C) 2006 Alexey Proskuryakov (ap@webkit.org)	5 * (C) 2006 Alexey Proskuryakov (ap@webkit.org)

6 * Copyright (C) 2004, 2005, 2006, 2007, 2008, 2009, 2011, 2012 Apple Inc. All	6 * Copyright (C) 2004, 2005, 2006, 2007, 2008, 2009, 2011, 2012 Apple Inc. All

7 * rights reserved.	7 * rights reserved.

8 * Copyright (C) 2008, 2009 Torch Mobile Inc. All rights reserved.	8 * Copyright (C) 2008, 2009 Torch Mobile Inc. All rights reserved.

9 * (http://www.torchmobile.com/)	9 * (http://www.torchmobile.com/)

10 * Copyright (C) 2008, 2009, 2011, 2012 Google Inc. All rights reserved.	10 * Copyright (C) 2008, 2009, 2011, 2012 Google Inc. All rights reserved.

(...skipping 5488 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
5499 if (getSecurityOrigin()->isUnique() &&	5499 if (getSecurityOrigin()->isUnique() &&

5500 SecurityOrigin::create(m_url)->isPotentiallyTrustworthy())	5500 SecurityOrigin::create(m_url)->isPotentiallyTrustworthy())

5501 getSecurityOrigin()->setUniqueOriginIsPotentiallyTrustworthy(true);	5501 getSecurityOrigin()->setUniqueOriginIsPotentiallyTrustworthy(true);

5502	5502

5503 if (getSecurityOrigin()->hasSuborigin())	5503 if (getSecurityOrigin()->hasSuborigin())

5504 enforceSuborigin(*getSecurityOrigin()->suborigin());	5504 enforceSuborigin(*getSecurityOrigin()->suborigin());

5505 }	5505 }

5506	5506

5507 void Document::initContentSecurityPolicy(ContentSecurityPolicy* csp) {	5507 void Document::initContentSecurityPolicy(ContentSecurityPolicy* csp) {

5508 setContentSecurityPolicy(csp ? csp : ContentSecurityPolicy::create());	5508 setContentSecurityPolicy(csp ? csp : ContentSecurityPolicy::create());

5509 if (m_frame && m_frame->tree().parent() &&

5510 m_frame->tree().parent()->isLocalFrame()) {

5511 ContentSecurityPolicy* parentCSP = toLocalFrame(m_frame->tree().parent())

5512 ->document()

5513 ->contentSecurityPolicy();

5514	5509

5515 // We inherit the parent frame's CSP for documents with "local" schemes:	5510 // We inherit the parent/opener's CSP for documents with "local" schemes:

5516 // 'about', 'blob', 'data', and 'filesystem'. We also inherit the parent	5511 // 'about', 'blob', 'data', and 'filesystem'. We also inherit CSP for

5517 // frame's CSP for documents with empty/invalid URLs because we treat	5512 // documents with empty/invalid URLs because we treat those URLs as

5518 // those URLs as 'about:blank' in Blink.	5513 // 'about:blank' in Blink.

5519 //	5514 //

5520 // https://w3c.github.io/webappsec-csp/#initialize-document-csp	5515 // https://w3c.github.io/webappsec-csp/#initialize-document-csp

	5516 Frame* inheritFrom = nullptr;

	5517 if (m_frame && m_frame->tree().parent())
	dcheng 2016/11/29 22:37:23 Random musing: this feels kind of similar to https Random musing: this feels kind of similar to https://cs.chromium.org/chromium/src/third_party/WebKit/Source/core/loader/Do..., it sure would be nice if we could combine them (though I'd need to simplify the latter to use SecurityContext generically) Would you mind adding a TODO(dcheng) for this?
	5518 inheritFrom = m_frame->tree().parent();

	5519 else if (m_frame && m_frame->client())
	dcheng 2016/11/29 22:37:23 Nit: I think we should be able to assume client() Nit: I think we should be able to assume client() is non-null here; are there cases where it isn't?
	5520 inheritFrom = m_frame->client()->opener();

	5521 if (inheritFrom) {

	5522 DCHECK(inheritFrom->securityContext() &&

	5523 inheritFrom->securityContext()->contentSecurityPolicy());

	5524 ContentSecurityPolicy* policyToInherit =

	5525 inheritFrom->securityContext()->contentSecurityPolicy();

5521 if (m_url.isEmpty() \|\| m_url.protocolIsAbout() \|\| m_url.protocolIsData() \|\|	5526 if (m_url.isEmpty() \|\| m_url.protocolIsAbout() \|\| m_url.protocolIsData() \|\|

5522 m_url.protocolIs("blob") \|\| m_url.protocolIs("filesystem")) {	5527 m_url.protocolIs("blob") \|\| m_url.protocolIs("filesystem")) {

5523 contentSecurityPolicy()->copyStateFrom(parentCSP);	5528 contentSecurityPolicy()->copyStateFrom(policyToInherit);

5524 } else if (isPluginDocument()) {

5525 // Per CSP2, plugin-types for plugin documents in nested browsing

5526 // contexts gets inherited from the parent.

5527 contentSecurityPolicy()->copyPluginTypesFrom(parentCSP);

5528 }	5529 }

	5530 // Plugin documents inherit their parent/opener's 'plugin-types' directive

	5531 // regardless of URL.

	5532 if (isPluginDocument())

	5533 contentSecurityPolicy()->copyPluginTypesFrom(policyToInherit);

5529 }	5534 }

5530 contentSecurityPolicy()->bindToExecutionContext(this);	5535 contentSecurityPolicy()->bindToExecutionContext(this);

5531 }	5536 }

5532	5537

5533 bool Document::isSecureTransitionTo(const KURL& url) const {	5538 bool Document::isSecureTransitionTo(const KURL& url) const {

5534 RefPtr<SecurityOrigin> other = SecurityOrigin::create(url);	5539 RefPtr<SecurityOrigin> other = SecurityOrigin::create(url);

5535 return getSecurityOrigin()->canAccess(other.get());	5540 return getSecurityOrigin()->canAccess(other.get());

5536 }	5541 }

5537	5542

5538 bool Document::allowInlineEventHandler(Node* node,	5543 bool Document::allowInlineEventHandler(Node* node,

(...skipping 1041 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
6580 }	6585 }

6581	6586

6582 void showLiveDocumentInstances() {	6587 void showLiveDocumentInstances() {

6583 WeakDocumentSet& set = liveDocumentSet();	6588 WeakDocumentSet& set = liveDocumentSet();

6584 fprintf(stderr, "There are %u documents currently alive:\n", set.size());	6589 fprintf(stderr, "There are %u documents currently alive:\n", set.size());

6585 for (Document* document : set)	6590 for (Document* document : set)

6586 fprintf(stderr, "- Document %p URL: %s\n", document,	6591 fprintf(stderr, "- Document %p URL: %s\n", document,

6587 document->url().getString().utf8().data());	6592 document->url().getString().utf8().data());

6588 }	6593 }

6589 #endif	6594 #endif

OLD	NEW