OLD | NEW |
---|---|
1 /* | 1 /* |
2 * Copyright (C) 2007 Apple Inc. All rights reserved. | 2 * Copyright (C) 2007 Apple Inc. All rights reserved. |
3 * | 3 * |
4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
5 * modification, are permitted provided that the following conditions | 5 * modification, are permitted provided that the following conditions |
6 * are met: | 6 * are met: |
7 * | 7 * |
8 * 1. Redistributions of source code must retain the above copyright | 8 * 1. Redistributions of source code must retain the above copyright |
9 * notice, this list of conditions and the following disclaimer. | 9 * notice, this list of conditions and the following disclaimer. |
10 * 2. Redistributions in binary form must reproduce the above copyright | 10 * 2. Redistributions in binary form must reproduce the above copyright |
(...skipping 10 matching lines...) Expand all Loading... | |
21 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES | 21 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES |
22 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | 22 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; |
23 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND | 23 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND |
24 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | 24 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT |
25 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 25 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
26 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 26 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
27 */ | 27 */ |
28 | 28 |
29 #include "platform/weborigin/SecurityOrigin.h" | 29 #include "platform/weborigin/SecurityOrigin.h" |
30 | 30 |
31 #include <memory> | |
31 #include "platform/RuntimeEnabledFeatures.h" | 32 #include "platform/RuntimeEnabledFeatures.h" |
33 #include "platform/network/NetworkUtils.h" | |
32 #include "platform/weborigin/KURL.h" | 34 #include "platform/weborigin/KURL.h" |
33 #include "platform/weborigin/KnownPorts.h" | 35 #include "platform/weborigin/KnownPorts.h" |
34 #include "platform/weborigin/SchemeRegistry.h" | 36 #include "platform/weborigin/SchemeRegistry.h" |
35 #include "platform/weborigin/SecurityPolicy.h" | 37 #include "platform/weborigin/SecurityPolicy.h" |
36 #include "platform/weborigin/URLSecurityOriginMap.h" | 38 #include "platform/weborigin/URLSecurityOriginMap.h" |
37 #include "url/url_canon.h" | 39 #include "url/url_canon.h" |
38 #include "url/url_canon_ip.h" | 40 #include "url/url_canon_ip.h" |
39 #include "wtf/HexNumber.h" | 41 #include "wtf/HexNumber.h" |
40 #include "wtf/NotFound.h" | 42 #include "wtf/NotFound.h" |
41 #include "wtf/PtrUtil.h" | 43 #include "wtf/PtrUtil.h" |
42 #include "wtf/StdLibExtras.h" | 44 #include "wtf/StdLibExtras.h" |
43 #include "wtf/text/StringBuilder.h" | 45 #include "wtf/text/StringBuilder.h" |
44 #include "wtf/text/StringUTF8Adaptor.h" | 46 #include "wtf/text/StringUTF8Adaptor.h" |
45 #include <memory> | |
46 | 47 |
47 namespace blink { | 48 namespace blink { |
48 | 49 |
49 const int InvalidPort = 0; | 50 const int InvalidPort = 0; |
50 const int MaxAllowedPort = 65535; | 51 const int MaxAllowedPort = 65535; |
51 | 52 |
52 static URLSecurityOriginMap* s_urlOriginMap = 0; | 53 static URLSecurityOriginMap* s_urlOriginMap = 0; |
53 | 54 |
54 static SecurityOrigin* getOriginFromMap(const KURL& url) { | 55 static SecurityOrigin* getOriginFromMap(const KURL& url) { |
55 if (s_urlOriginMap) | 56 if (s_urlOriginMap) |
(...skipping 277 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
333 return m_protocol == protocol || | 334 return m_protocol == protocol || |
334 SecurityPolicy::isAccessToURLWhiteListed(this, url); | 335 SecurityPolicy::isAccessToURLWhiteListed(this, url); |
335 | 336 |
336 if (SchemeRegistry::shouldTreatURLSchemeAsLocal(protocol)) | 337 if (SchemeRegistry::shouldTreatURLSchemeAsLocal(protocol)) |
337 return canLoadLocalResources() || | 338 return canLoadLocalResources() || |
338 SecurityPolicy::isAccessToURLWhiteListed(this, url); | 339 SecurityPolicy::isAccessToURLWhiteListed(this, url); |
339 | 340 |
340 return true; | 341 return true; |
341 } | 342 } |
342 | 343 |
344 bool SecurityOrigin::canNavigateInTopFrame(const KURL& url) const { | |
345 if (m_universalAccess) | |
346 return true; | |
347 | |
348 if (url.protocol() == "data") { | |
kinuko
2017/04/07 07:52:34
nit: protocolIsData()
meacer
2017/04/11 01:08:51
Done.
| |
349 // Block content-initiated loads of data URLs in the top frame. If the mime | |
350 // type is supported, the URL will eventually be rendered, so block it here. | |
351 // Otherwise, the load might be handled by a plugin or end up as a download, | |
352 // so allow it here to let the embedder figure out what to do with it. | |
353 AtomicString mimetype; | |
354 bool isSupportedMimeType = false; | |
355 if (NetworkUtils::getDataURLMimeType(url, mimetype, &isSupportedMimeType) && | |
356 isSupportedMimeType) { | |
357 return false; | |
358 } | |
359 } | |
360 return true; | |
361 } | |
362 | |
343 bool SecurityOrigin::isPotentiallyTrustworthy() const { | 363 bool SecurityOrigin::isPotentiallyTrustworthy() const { |
344 ASSERT(m_protocol != "data"); | 364 ASSERT(m_protocol != "data"); |
345 if (isUnique()) | 365 if (isUnique()) |
346 return m_isUniqueOriginPotentiallyTrustworthy; | 366 return m_isUniqueOriginPotentiallyTrustworthy; |
347 | 367 |
348 if (SchemeRegistry::shouldTreatURLSchemeAsSecure(m_protocol) || isLocal() || | 368 if (SchemeRegistry::shouldTreatURLSchemeAsSecure(m_protocol) || isLocal() || |
349 isLocalhost()) | 369 isLocalhost()) |
350 return true; | 370 return true; |
351 | 371 |
352 if (SecurityPolicy::isOriginWhiteListedTrustworthy(*this)) | 372 if (SecurityPolicy::isOriginWhiteListedTrustworthy(*this)) |
(...skipping 265 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
618 utf8.data(), url::Component(0, utf8.length()), &canonOutput, &outHost); | 638 utf8.data(), url::Component(0, utf8.length()), &canonOutput, &outHost); |
619 } else { | 639 } else { |
620 *success = url::CanonicalizeHost(host.characters16(), | 640 *success = url::CanonicalizeHost(host.characters16(), |
621 url::Component(0, host.length()), | 641 url::Component(0, host.length()), |
622 &canonOutput, &outHost); | 642 &canonOutput, &outHost); |
623 } | 643 } |
624 return String::fromUTF8(canonOutput.data(), canonOutput.length()); | 644 return String::fromUTF8(canonOutput.data(), canonOutput.length()); |
625 } | 645 } |
626 | 646 |
627 } // namespace blink | 647 } // namespace blink |
OLD | NEW |