OLD | NEW |
---|---|
1 /* | 1 /* |
2 * Copyright (C) 2007 Apple Inc. All rights reserved. | 2 * Copyright (C) 2007 Apple Inc. All rights reserved. |
3 * | 3 * |
4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
5 * modification, are permitted provided that the following conditions | 5 * modification, are permitted provided that the following conditions |
6 * are met: | 6 * are met: |
7 * | 7 * |
8 * 1. Redistributions of source code must retain the above copyright | 8 * 1. Redistributions of source code must retain the above copyright |
9 * notice, this list of conditions and the following disclaimer. | 9 * notice, this list of conditions and the following disclaimer. |
10 * 2. Redistributions in binary form must reproduce the above copyright | 10 * 2. Redistributions in binary form must reproduce the above copyright |
(...skipping 12 matching lines...) Expand all Loading... | |
23 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND | 23 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND |
24 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | 24 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT |
25 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 25 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
26 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 26 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
27 */ | 27 */ |
28 | 28 |
29 #include "platform/weborigin/SecurityOrigin.h" | 29 #include "platform/weborigin/SecurityOrigin.h" |
30 | 30 |
31 #include <memory> | 31 #include <memory> |
32 #include "platform/RuntimeEnabledFeatures.h" | 32 #include "platform/RuntimeEnabledFeatures.h" |
33 #include "platform/network/NetworkUtils.h" | |
33 #include "platform/weborigin/KURL.h" | 34 #include "platform/weborigin/KURL.h" |
34 #include "platform/weborigin/KnownPorts.h" | 35 #include "platform/weborigin/KnownPorts.h" |
35 #include "platform/weborigin/SchemeRegistry.h" | 36 #include "platform/weborigin/SchemeRegistry.h" |
36 #include "platform/weborigin/SecurityPolicy.h" | 37 #include "platform/weborigin/SecurityPolicy.h" |
37 #include "platform/weborigin/URLSecurityOriginMap.h" | 38 #include "platform/weborigin/URLSecurityOriginMap.h" |
38 #include "platform/wtf/HexNumber.h" | 39 #include "platform/wtf/HexNumber.h" |
39 #include "platform/wtf/NotFound.h" | 40 #include "platform/wtf/NotFound.h" |
40 #include "platform/wtf/PtrUtil.h" | 41 #include "platform/wtf/PtrUtil.h" |
41 #include "platform/wtf/StdLibExtras.h" | 42 #include "platform/wtf/StdLibExtras.h" |
42 #include "platform/wtf/text/StringBuilder.h" | 43 #include "platform/wtf/text/StringBuilder.h" |
(...skipping 286 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
329 return protocol_ == protocol || | 330 return protocol_ == protocol || |
330 SecurityPolicy::IsAccessToURLWhiteListed(this, url); | 331 SecurityPolicy::IsAccessToURLWhiteListed(this, url); |
331 | 332 |
332 if (SchemeRegistry::ShouldTreatURLSchemeAsLocal(protocol)) | 333 if (SchemeRegistry::ShouldTreatURLSchemeAsLocal(protocol)) |
333 return CanLoadLocalResources() || | 334 return CanLoadLocalResources() || |
334 SecurityPolicy::IsAccessToURLWhiteListed(this, url); | 335 SecurityPolicy::IsAccessToURLWhiteListed(this, url); |
335 | 336 |
336 return true; | 337 return true; |
337 } | 338 } |
338 | 339 |
340 bool SecurityOrigin::CanNavigateInTopFrame(const KURL& url) const { | |
341 if (universal_access_) | |
dcheng
2017/04/15 00:11:24
I assume this exception is required for layout tes
meacer
2017/04/15 00:53:53
As we discussed offline, it's not required for lay
| |
342 return true; | |
343 | |
344 // Block content-initiated loads of data URLs in the top frame. If the mime | |
345 // type is supported, the URL will eventually be rendered, so block it here. | |
346 // Otherwise, the load might be handled by a plugin or end up as a download, | |
347 // so allow it to let the embedder figure out what to do with it. | |
348 if (url.ProtocolIsData() && NetworkUtils::IsDataURLMimeTypeSupported(url)) { | |
349 return false; | |
350 } | |
351 return true; | |
352 } | |
353 | |
339 bool SecurityOrigin::IsPotentiallyTrustworthy() const { | 354 bool SecurityOrigin::IsPotentiallyTrustworthy() const { |
340 ASSERT(protocol_ != "data"); | 355 ASSERT(protocol_ != "data"); |
341 if (IsUnique()) | 356 if (IsUnique()) |
342 return is_unique_origin_potentially_trustworthy_; | 357 return is_unique_origin_potentially_trustworthy_; |
343 | 358 |
344 if (SchemeRegistry::ShouldTreatURLSchemeAsSecure(protocol_) || IsLocal() || | 359 if (SchemeRegistry::ShouldTreatURLSchemeAsSecure(protocol_) || IsLocal() || |
345 IsLocalhost()) | 360 IsLocalhost()) |
346 return true; | 361 return true; |
347 | 362 |
348 if (SecurityPolicy::IsOriginWhiteListedTrustworthy(*this)) | 363 if (SecurityPolicy::IsOriginWhiteListedTrustworthy(*this)) |
(...skipping 268 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
617 &canon_output, &out_host); | 632 &canon_output, &out_host); |
618 } else { | 633 } else { |
619 *success = url::CanonicalizeHost(host.Characters16(), | 634 *success = url::CanonicalizeHost(host.Characters16(), |
620 url::Component(0, host.length()), | 635 url::Component(0, host.length()), |
621 &canon_output, &out_host); | 636 &canon_output, &out_host); |
622 } | 637 } |
623 return String::FromUTF8(canon_output.data(), canon_output.length()); | 638 return String::FromUTF8(canon_output.data(), canon_output.length()); |
624 } | 639 } |
625 | 640 |
626 } // namespace blink | 641 } // namespace blink |
OLD | NEW |