Custom handlers should throw SecurityError exception if the URL's origin differs from the document'…

Source/modules/navigatorcontentutils/NavigatorContentUtils.cpp

 /*
  * Copyright (C) 2011, Google Inc. All rights reserved.
  * Copyright (C) 2014, Samsung Electronics. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions are met:
  *
  * 1. Redistributions of source code must retain the above copyright
  *    notice, this list of conditions and the following disclaimer.
  * 2. Redistributions in binary form must reproduce the above copyright
@@ skipping 50 matching lines @@
         "tel",
         "urn",
         "webcal",
         "wtai",
         "xmpp",
     };
     for (size_t i = 0; i < WTF_ARRAY_LENGTH(protocols); ++i)
         protocolWhitelist->add(protocols[i]);
 }
 
-static bool verifyCustomHandlerURL(const KURL& baseURL, const String& url, ExceptionState& exceptionState)
+static bool verifyCustomHandlerURL(const Document& document, const KURL& baseURL, const String& url, ExceptionState& exceptionState)
 {
     // The specification requires that it is a SyntaxError if the "%s" token is
     // not present.
     static const char token[] = "%s";
     int index = url.find(token);
     if (-1 == index) {
         exceptionState.throwDOMException(SyntaxError, "The url provided ('" + url + "') does not contain '%s'.");
         return false;
     }
 
     // It is also a SyntaxError if the custom handler URL, as created by removing
     // the "%s" token and prepending the base url, does not resolve.
     String newURL = url;
     newURL.remove(index, WTF_ARRAY_LENGTH(token) - 1);
 
     KURL kurl(baseURL, newURL);
 
     if (kurl.isEmpty() || !kurl.isValid()) {
         exceptionState.throwDOMException(SyntaxError, "The custom handler URL created by removing '%s' and prepending '" + baseURL.string() + "' is invalid.");
         return false;
     }
 
+    // The specification says that the API throws SecurityError exception if the URL's origin differs from the document's origin.
+    RefPtr<SecurityOrigin> origin = SecurityOrigin::create(kurl);
+    if (!origin->isSameSchemeHostPort(document.securityOrigin())) {

[abarth-chromium, 2014/07/16 16:32:39]

You don't really ever want to call isSameSchemeHostPort.  How about:

document.securityOrigin()->canRequest(kurl)

?

[pals, 2014/07/18 14:17:54]

Done.

+        exceptionState.throwSecurityError("Can only register handler in the document's origin.");

[gyuyoung-inactive, 2014/07/16 06:20:17]

Isn't it better mention "custom handler" instead of just "handler" ?

[pals, 2014/07/18 14:17:54]

Done.

+        return false;
+    }
+
     return true;
 }
 
 static bool isProtocolWhitelisted(const String& scheme)
 {
     if (!protocolWhitelist)
         initProtocolHandlerWhitelist();
 
     StringBuilder builder;
     unsigned length = scheme.length();
@@ skipping 38 matching lines @@
 PassOwnPtrWillBeRawPtr<NavigatorContentUtils> NavigatorContentUtils::create(PassOwnPtr<NavigatorContentUtilsClient> client)
 {
     return adoptPtrWillBeNoop(new NavigatorContentUtils(client));
 }
 
 void NavigatorContentUtils::registerProtocolHandler(Navigator& navigator, const String& scheme, const String& url, const String& title, ExceptionState& exceptionState)
 {
     if (!navigator.frame())
         return;
 
-    ASSERT(navigator.frame()->document());
-    KURL baseURL = navigator.frame()->document()->baseURL();
+    Document* document = navigator.frame()->document();
+    ASSERT(document);
+    KURL baseURL = document->baseURL();
 
-    if (!verifyCustomHandlerURL(baseURL, url, exceptionState))
+    if (!verifyCustomHandlerURL(*document, baseURL, url, exceptionState))

[abarth-chromium, 2014/07/16 16:32:39]

Why don't we just pass in the complete URL to verifyCustomHandlerURL?

[gyuyoung-inactive, 2014/07/17 07:01:19]

We are passing baseURL and registered url to client side. So, if we complete to
merge two urls here, we can pass the complete url to client side. If so, it
would be good to handle this suggestion with new CL.

However, if we should pass two urls to client side continually, I don't know
what is benefit to merge the two urls here.

[pals, 2014/07/18 14:17:53]

Done.

         return;
 
     if (!verifyProtocolHandlerScheme(scheme, "registerProtocolHandler", exceptionState))
         return;
 
     ASSERT(navigator.frame()->page());
     NavigatorContentUtils::from(*navigator.frame()->page())->client()->registerProtocolHandler(scheme, baseURL, KURL(ParsedURLString, url), title);
 }
 
 static String customHandlersStateString(const NavigatorContentUtilsClient::CustomHandlersState state)
@@ skipping 22 matching lines @@
     if (!navigator.frame())
         return declined;
 
     Document* document = navigator.frame()->document();
     ASSERT(document);
     if (document->activeDOMObjectsAreStopped())
         return declined;
 
     KURL baseURL = document->baseURL();
 
-    if (!verifyCustomHandlerURL(baseURL, url, exceptionState))
+    if (!verifyCustomHandlerURL(*document, baseURL, url, exceptionState))
         return declined;
 
     if (!verifyProtocolHandlerScheme(scheme, "isProtocolHandlerRegistered", exceptionState))
         return declined;
 
     ASSERT(navigator.frame()->page());
     return customHandlersStateString(NavigatorContentUtils::from(*navigator.frame()->page())->client()->isProtocolHandlerRegistered(scheme, baseURL, KURL(ParsedURLString, url)));
 }
 
 void NavigatorContentUtils::unregisterProtocolHandler(Navigator& navigator, const String& scheme, const String& url, ExceptionState& exceptionState)
 {
     if (!navigator.frame())
         return;
 
-    ASSERT(navigator.frame()->document());
-    KURL baseURL = navigator.frame()->document()->baseURL();
+    Document* document = navigator.frame()->document();
+    ASSERT(document);
+    KURL baseURL = document->baseURL();
 
-    if (!verifyCustomHandlerURL(baseURL, url, exceptionState))
+    if (!verifyCustomHandlerURL(*document, baseURL, url, exceptionState))
         return;
 
     if (!verifyProtocolHandlerScheme(scheme, "unregisterProtocolHandler", exceptionState))
         return;
 
     ASSERT(navigator.frame()->page());
     NavigatorContentUtils::from(*navigator.frame()->page())->client()->unregisterProtocolHandler(scheme, baseURL, KURL(ParsedURLString, url));
 }
 
 const char* NavigatorContentUtils::supplementName()
 {
     return "NavigatorContentUtils";
 }
 
 void provideNavigatorContentUtilsTo(Page& page, PassOwnPtr<NavigatorContentUtilsClient> client)
 {
     NavigatorContentUtils::provideTo(page, NavigatorContentUtils::supplementName(), NavigatorContentUtils::create(client));
 }
 
 } // namespace WebCore