| OLD | NEW |
|---|
| 1 /* | 1 /* |
| 2 * Copyright (C) 2007, 2008 Apple Inc. All rights reserved. | 2 * Copyright (C) 2007, 2008 Apple Inc. All rights reserved. |
| 3 * | 3 * |
| 4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
| 5 * modification, are permitted provided that the following conditions | 5 * modification, are permitted provided that the following conditions |
| 6 * are met: | 6 * are met: |
| 7 * | 7 * |
| 8 * 1. Redistributions of source code must retain the above copyright | 8 * 1. Redistributions of source code must retain the above copyright |
| 9 * notice, this list of conditions and the following disclaimer. | 9 * notice, this list of conditions and the following disclaimer. |
| 10 * 2. Redistributions in binary form must reproduce the above copyright | 10 * 2. Redistributions in binary form must reproduce the above copyright |
| (...skipping 115 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 126 // Returns true if drawing an image from this URL taints a canvas from | 126 // Returns true if drawing an image from this URL taints a canvas from |
| 127 // this security origin. For example, call this function before | 127 // this security origin. For example, call this function before |
| 128 // drawing an image onto an HTML canvas element with the drawImage API. | 128 // drawing an image onto an HTML canvas element with the drawImage API. |
| 129 bool TaintsCanvas(const KURL&) const; | 129 bool TaintsCanvas(const KURL&) const; |
| 130 | 130 |
| 131 // Returns true if |document| can display content from the given URL (e.g., | 131 // Returns true if |document| can display content from the given URL (e.g., |
| 132 // in an iframe or as an image). For example, web sites generally cannot | 132 // in an iframe or as an image). For example, web sites generally cannot |
| 133 // display content from the user's files system. | 133 // display content from the user's files system. |
| 134 bool CanDisplay(const KURL&) const; | 134 bool CanDisplay(const KURL&) const; |
| 135 | 135 |
| 136 bool CanNavigateInTopFrame(const KURL&) const; |
| 137 |
| 136 // Returns true if the origin loads resources either from the local | 138 // Returns true if the origin loads resources either from the local |
| 137 // machine or over the network from a | 139 // machine or over the network from a |
| 138 // cryptographically-authenticated origin, as described in | 140 // cryptographically-authenticated origin, as described in |
| 139 // https://w3c.github.io/webappsec/specs/powerfulfeatures/#is-origin-trustwort
hy. | 141 // https://w3c.github.io/webappsec/specs/powerfulfeatures/#is-origin-trustwort
hy. |
| 140 bool IsPotentiallyTrustworthy() const; | 142 bool IsPotentiallyTrustworthy() const; |
| 141 | 143 |
| 142 // Returns a human-readable error message describing that a non-secure | 144 // Returns a human-readable error message describing that a non-secure |
| 143 // origin's access to a feature is denied. | 145 // origin's access to a feature is denied. |
| 144 static String IsPotentiallyTrustworthyErrorMessage(); | 146 static String IsPotentiallyTrustworthyErrorMessage(); |
| 145 | 147 |
| (...skipping 150 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 296 bool universal_access_; | 298 bool universal_access_; |
| 297 bool domain_was_set_in_dom_; | 299 bool domain_was_set_in_dom_; |
| 298 bool can_load_local_resources_; | 300 bool can_load_local_resources_; |
| 299 bool block_local_access_from_local_origin_; | 301 bool block_local_access_from_local_origin_; |
| 300 bool is_unique_origin_potentially_trustworthy_; | 302 bool is_unique_origin_potentially_trustworthy_; |
| 301 }; | 303 }; |
| 302 | 304 |
| 303 } // namespace blink | 305 } // namespace blink |
| 304 | 306 |
| 305 #endif // SecurityOrigin_h | 307 #endif // SecurityOrigin_h |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2702503002:
Block renderer-initiated main frame navigations to data URLs (Closed)
