OLD | NEW |
1 /* | 1 /* |
2 * Copyright (C) 2007, 2008 Apple Inc. All rights reserved. | 2 * Copyright (C) 2007, 2008 Apple Inc. All rights reserved. |
3 * | 3 * |
4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
5 * modification, are permitted provided that the following conditions | 5 * modification, are permitted provided that the following conditions |
6 * are met: | 6 * are met: |
7 * | 7 * |
8 * 1. Redistributions of source code must retain the above copyright | 8 * 1. Redistributions of source code must retain the above copyright |
9 * notice, this list of conditions and the following disclaimer. | 9 * notice, this list of conditions and the following disclaimer. |
10 * 2. Redistributions in binary form must reproduce the above copyright | 10 * 2. Redistributions in binary form must reproduce the above copyright |
(...skipping 95 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
106 // Returns true if this SecurityOrigin can receive drag content from the | 106 // Returns true if this SecurityOrigin can receive drag content from the |
107 // initiator. For example, call this function before allowing content to be | 107 // initiator. For example, call this function before allowing content to be |
108 // dropped onto a target. | 108 // dropped onto a target. |
109 bool canReceiveDragData(const SecurityOrigin* dragInitiator) const; | 109 bool canReceiveDragData(const SecurityOrigin* dragInitiator) const; |
110 | 110 |
111 // Returns true if |document| can display content from the given URL (e.g., | 111 // Returns true if |document| can display content from the given URL (e.g., |
112 // in an iframe or as an image). For example, web sites generally cannot | 112 // in an iframe or as an image). For example, web sites generally cannot |
113 // display content from the user's files system. | 113 // display content from the user's files system. |
114 bool canDisplay(const KURL&) const; | 114 bool canDisplay(const KURL&) const; |
115 | 115 |
| 116 // A "secure origin" as defined by [1] are those that load resources either |
| 117 // from the local machine (necessarily trusted) or over the network from a |
| 118 // cryptographically-authenticated server. |
| 119 // |
| 120 // [1] http://www.chromium.org/Home/chromium-security/security-faq#TOC-Which
-origins-are-secure- |
| 121 // |
| 122 bool canAccessFeatureRequiringSecureOrigin() const; |
| 123 |
116 // Returns true if this SecurityOrigin can load local resources, such | 124 // Returns true if this SecurityOrigin can load local resources, such |
117 // as images, iframes, and style sheets, and can link to local URLs. | 125 // as images, iframes, and style sheets, and can link to local URLs. |
118 // For example, call this function before creating an iframe to a | 126 // For example, call this function before creating an iframe to a |
119 // file:// URL. | 127 // file:// URL. |
120 // | 128 // |
121 // Note: A SecurityOrigin might be allowed to load local resources | 129 // Note: A SecurityOrigin might be allowed to load local resources |
122 // without being able to issue an XMLHttpRequest for a local URL. | 130 // without being able to issue an XMLHttpRequest for a local URL. |
123 // To determine whether the SecurityOrigin can issue an | 131 // To determine whether the SecurityOrigin can issue an |
124 // XMLHttpRequest for a URL, call canRequest(url). | 132 // XMLHttpRequest for a URL, call canRequest(url). |
125 bool canLoadLocalResources() const { return m_canLoadLocalResources; } | 133 bool canLoadLocalResources() const { return m_canLoadLocalResources; } |
126 | 134 |
127 // Explicitly grant the ability to load local resources to this | 135 // Explicitly grant the ability to load local resources to this |
128 // SecurityOrigin. | 136 // SecurityOrigin. |
129 // | 137 // |
130 // Note: This method exists only to support backwards compatibility | 138 // Note: This method exists only to support backwards compatibility |
131 // with older versions of WebKit. | 139 // with older versions of WebKit. |
132 void grantLoadLocalResources(); | 140 void grantLoadLocalResources(); |
133 | 141 |
134 // Explicitly grant the ability to access very other SecurityOrigin. | 142 // Explicitly grant the ability to access every other SecurityOrigin. |
135 // | 143 // |
136 // WARNING: This is an extremely powerful ability. Use with caution! | 144 // WARNING: This is an extremely powerful ability. Use with caution! |
137 void grantUniversalAccess(); | 145 void grantUniversalAccess(); |
138 | 146 |
139 bool canAccessDatabase() const { return !isUnique(); }; | 147 bool canAccessDatabase() const { return !isUnique(); }; |
140 bool canAccessLocalStorage() const { return !isUnique(); }; | 148 bool canAccessLocalStorage() const { return !isUnique(); }; |
141 bool canAccessSharedWorkers() const { return !isUnique(); } | 149 bool canAccessSharedWorkers() const { return !isUnique(); } |
142 bool canAccessCookies() const { return !isUnique(); } | 150 bool canAccessCookies() const { return !isUnique(); } |
143 bool canAccessPasswordManager() const { return !isUnique(); } | 151 bool canAccessPasswordManager() const { return !isUnique(); } |
144 bool canAccessFileSystem() const { return !isUnique(); } | 152 bool canAccessFileSystem() const { return !isUnique(); } |
(...skipping 66 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
211 bool m_universalAccess; | 219 bool m_universalAccess; |
212 bool m_domainWasSetInDOM; | 220 bool m_domainWasSetInDOM; |
213 bool m_canLoadLocalResources; | 221 bool m_canLoadLocalResources; |
214 bool m_enforceFilePathSeparation; | 222 bool m_enforceFilePathSeparation; |
215 bool m_needsDatabaseIdentifierQuirkForFiles; | 223 bool m_needsDatabaseIdentifierQuirkForFiles; |
216 }; | 224 }; |
217 | 225 |
218 } // namespace WebCore | 226 } // namespace WebCore |
219 | 227 |
220 #endif // SecurityOrigin_h | 228 #endif // SecurityOrigin_h |
OLD | NEW |