| OLD | NEW |
|---|
| 1 /* | 1 /* |
| 2 * Copyright (C) 2007, 2008 Apple Inc. All rights reserved. | 2 * Copyright (C) 2007, 2008 Apple Inc. All rights reserved. |
| 3 * | 3 * |
| 4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
| 5 * modification, are permitted provided that the following conditions | 5 * modification, are permitted provided that the following conditions |
| 6 * are met: | 6 * are met: |
| 7 * | 7 * |
| 8 * 1. Redistributions of source code must retain the above copyright | 8 * 1. Redistributions of source code must retain the above copyright |
| 9 * notice, this list of conditions and the following disclaimer. | 9 * notice, this list of conditions and the following disclaimer. |
| 10 * 2. Redistributions in binary form must reproduce the above copyright | 10 * 2. Redistributions in binary form must reproduce the above copyright |
| (...skipping 126 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 137 // Returns true if drawing an image from this URL taints a canvas from | 137 // Returns true if drawing an image from this URL taints a canvas from |
| 138 // this security origin. For example, call this function before | 138 // this security origin. For example, call this function before |
| 139 // drawing an image onto an HTML canvas element with the drawImage API. | 139 // drawing an image onto an HTML canvas element with the drawImage API. |
| 140 bool taintsCanvas(const KURL&) const; | 140 bool taintsCanvas(const KURL&) const; |
| 141 | 141 |
| 142 // Returns true if |document| can display content from the given URL (e.g., | 142 // Returns true if |document| can display content from the given URL (e.g., |
| 143 // in an iframe or as an image). For example, web sites generally cannot | 143 // in an iframe or as an image). For example, web sites generally cannot |
| 144 // display content from the user's files system. | 144 // display content from the user's files system. |
| 145 bool canDisplay(const KURL&) const; | 145 bool canDisplay(const KURL&) const; |
| 146 | 146 |
| 147 bool canNavigateInTopFrame(const KURL&) const; |
| 148 |
| 147 // Returns true if the origin loads resources either from the local | 149 // Returns true if the origin loads resources either from the local |
| 148 // machine or over the network from a | 150 // machine or over the network from a |
| 149 // cryptographically-authenticated origin, as described in | 151 // cryptographically-authenticated origin, as described in |
| 150 // https://w3c.github.io/webappsec/specs/powerfulfeatures/#is-origin-trustwort
hy. | 152 // https://w3c.github.io/webappsec/specs/powerfulfeatures/#is-origin-trustwort
hy. |
| 151 bool isPotentiallyTrustworthy() const; | 153 bool isPotentiallyTrustworthy() const; |
| 152 | 154 |
| 153 // Returns a human-readable error message describing that a non-secure | 155 // Returns a human-readable error message describing that a non-secure |
| 154 // origin's access to a feature is denied. | 156 // origin's access to a feature is denied. |
| 155 static String isPotentiallyTrustworthyErrorMessage(); | 157 static String isPotentiallyTrustworthyErrorMessage(); |
| 156 | 158 |
| (...skipping 150 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 307 bool m_universalAccess; | 309 bool m_universalAccess; |
| 308 bool m_domainWasSetInDOM; | 310 bool m_domainWasSetInDOM; |
| 309 bool m_canLoadLocalResources; | 311 bool m_canLoadLocalResources; |
| 310 bool m_blockLocalAccessFromLocalOrigin; | 312 bool m_blockLocalAccessFromLocalOrigin; |
| 311 bool m_isUniqueOriginPotentiallyTrustworthy; | 313 bool m_isUniqueOriginPotentiallyTrustworthy; |
| 312 }; | 314 }; |
| 313 | 315 |
| 314 } // namespace blink | 316 } // namespace blink |
| 315 | 317 |
| 316 #endif // SecurityOrigin_h | 318 #endif // SecurityOrigin_h |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2702503002:
Block renderer-initiated main frame navigations to data URLs (Closed)
