| OLD | NEW |
|---|
| 1 /* | 1 /* |
| 2 * Copyright (C) 2011, Google Inc. All rights reserved. | 2 * Copyright (C) 2011, Google Inc. All rights reserved. |
| 3 * Copyright (C) 2014, Samsung Electronics. All rights reserved. | 3 * Copyright (C) 2014, Samsung Electronics. All rights reserved. |
| 4 * | 4 * |
| 5 * Redistribution and use in source and binary forms, with or without | 5 * Redistribution and use in source and binary forms, with or without |
| 6 * modification, are permitted provided that the following conditions are met: | 6 * modification, are permitted provided that the following conditions are met: |
| 7 * | 7 * |
| 8 * 1. Redistributions of source code must retain the above copyright | 8 * 1. Redistributions of source code must retain the above copyright |
| 9 * notice, this list of conditions and the following disclaimer. | 9 * notice, this list of conditions and the following disclaimer. |
| 10 * 2. Redistributions in binary form must reproduce the above copyright | 10 * 2. Redistributions in binary form must reproduce the above copyright |
| (...skipping 50 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 61 "tel", | 61 "tel", |
| 62 "urn", | 62 "urn", |
| 63 "webcal", | 63 "webcal", |
| 64 "wtai", | 64 "wtai", |
| 65 "xmpp", | 65 "xmpp", |
| 66 }; | 66 }; |
| 67 for (size_t i = 0; i < WTF_ARRAY_LENGTH(schemes); ++i) | 67 for (size_t i = 0; i < WTF_ARRAY_LENGTH(schemes); ++i) |
| 68 schemeWhitelist->add(schemes[i]); | 68 schemeWhitelist->add(schemes[i]); |
| 69 } | 69 } |
| 70 | 70 |
| 71 static bool verifyCustomHandlerURL(const KURL& baseURL, const String& url, Excep
tionState& exceptionState) | 71 static bool verifyCustomHandlerURL(const Document& document, const String& url,
ExceptionState& exceptionState) |
| 72 { | 72 { |
| 73 // The specification requires that it is a SyntaxError if the "%s" token is | 73 // The specification requires that it is a SyntaxError if the "%s" token is |
| 74 // not present. | 74 // not present. |
| 75 static const char token[] = "%s"; | 75 static const char token[] = "%s"; |
| 76 int index = url.find(token); | 76 int index = url.find(token); |
| 77 if (-1 == index) { | 77 if (-1 == index) { |
| 78 exceptionState.throwDOMException(SyntaxError, "The url provided ('" + ur
l + "') does not contain '%s'."); | 78 exceptionState.throwDOMException(SyntaxError, "The url provided ('" + ur
l + "') does not contain '%s'."); |
| 79 return false; | 79 return false; |
| 80 } | 80 } |
| 81 | 81 |
| 82 // It is also a SyntaxError if the custom handler URL, as created by removin
g | 82 // It is also a SyntaxError if the custom handler URL, as created by removin
g |
| 83 // the "%s" token and prepending the base url, does not resolve. | 83 // the "%s" token and prepending the base url, does not resolve. |
| 84 String newURL = url; | 84 String newURL = url; |
| 85 newURL.remove(index, WTF_ARRAY_LENGTH(token) - 1); | 85 newURL.remove(index, WTF_ARRAY_LENGTH(token) - 1); |
| 86 | 86 |
| 87 KURL kurl(baseURL, newURL); | 87 KURL kurl = document.completeURL(url); |
| 88 | 88 |
| 89 if (kurl.isEmpty() || !kurl.isValid()) { | 89 if (kurl.isEmpty() || !kurl.isValid()) { |
| 90 exceptionState.throwDOMException(SyntaxError, "The custom handler URL cr
eated by removing '%s' and prepending '" + baseURL.string() + "' is invalid."); | 90 exceptionState.throwDOMException(SyntaxError, "The custom handler URL cr
eated by removing '%s' and prepending '" + document.baseURL().string() + "' is i
nvalid."); |
| 91 return false; | 91 return false; |
| 92 } | 92 } |
| 93 | 93 |
| 94 // The specification says that the API throws SecurityError exception if the |
| 95 // URL's origin differs from the document's origin. |
| 96 if (!document.securityOrigin()->canRequest(kurl)) { |
| 97 exceptionState.throwSecurityError("Can only register custom handler in t
he document's origin."); |
| 98 return false; |
| 99 } |
| 100 |
| 94 return true; | 101 return true; |
| 95 } | 102 } |
| 96 | 103 |
| 97 static bool isSchemeWhitelisted(const String& scheme) | 104 static bool isSchemeWhitelisted(const String& scheme) |
| 98 { | 105 { |
| 99 if (!schemeWhitelist) | 106 if (!schemeWhitelist) |
| 100 initCustomSchemeHandlerWhitelist(); | 107 initCustomSchemeHandlerWhitelist(); |
| 101 | 108 |
| 102 StringBuilder builder; | 109 StringBuilder builder; |
| 103 unsigned length = scheme.length(); | 110 unsigned length = scheme.length(); |
| (...skipping 38 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 142 PassOwnPtrWillBeRawPtr<NavigatorContentUtils> NavigatorContentUtils::create(Pass
OwnPtr<NavigatorContentUtilsClient> client) | 149 PassOwnPtrWillBeRawPtr<NavigatorContentUtils> NavigatorContentUtils::create(Pass
OwnPtr<NavigatorContentUtilsClient> client) |
| 143 { | 150 { |
| 144 return adoptPtrWillBeNoop(new NavigatorContentUtils(client)); | 151 return adoptPtrWillBeNoop(new NavigatorContentUtils(client)); |
| 145 } | 152 } |
| 146 | 153 |
| 147 void NavigatorContentUtils::registerProtocolHandler(Navigator& navigator, const
String& scheme, const String& url, const String& title, ExceptionState& exceptio
nState) | 154 void NavigatorContentUtils::registerProtocolHandler(Navigator& navigator, const
String& scheme, const String& url, const String& title, ExceptionState& exceptio
nState) |
| 148 { | 155 { |
| 149 if (!navigator.frame()) | 156 if (!navigator.frame()) |
| 150 return; | 157 return; |
| 151 | 158 |
| 152 ASSERT(navigator.frame()->document()); | 159 Document* document = navigator.frame()->document(); |
| 153 KURL baseURL = navigator.frame()->document()->baseURL(); | 160 ASSERT(document); |
| 154 | 161 |
| 155 if (!verifyCustomHandlerURL(baseURL, url, exceptionState)) | 162 if (!verifyCustomHandlerURL(*document, url, exceptionState)) |
| 156 return; | 163 return; |
| 157 | 164 |
| 158 if (!verifyCustomHandlerScheme(scheme, exceptionState)) | 165 if (!verifyCustomHandlerScheme(scheme, exceptionState)) |
| 159 return; | 166 return; |
| 160 | 167 |
| 161 ASSERT(navigator.frame()->page()); | 168 ASSERT(navigator.frame()->page()); |
| 162 NavigatorContentUtils::from(*navigator.frame()->page())->client()->registerP
rotocolHandler(scheme, baseURL, KURL(ParsedURLString, url), title); | 169 NavigatorContentUtils::from(*navigator.frame()->page())->client()->registerP
rotocolHandler(scheme, document->completeURL(url), title); |
| 163 } | 170 } |
| 164 | 171 |
| 165 static String customHandlersStateString(const NavigatorContentUtilsClient::Custo
mHandlersState state) | 172 static String customHandlersStateString(const NavigatorContentUtilsClient::Custo
mHandlersState state) |
| 166 { | 173 { |
| 167 DEFINE_STATIC_LOCAL(const String, newHandler, ("new")); | 174 DEFINE_STATIC_LOCAL(const String, newHandler, ("new")); |
| 168 DEFINE_STATIC_LOCAL(const String, registeredHandler, ("registered")); | 175 DEFINE_STATIC_LOCAL(const String, registeredHandler, ("registered")); |
| 169 DEFINE_STATIC_LOCAL(const String, declinedHandler, ("declined")); | 176 DEFINE_STATIC_LOCAL(const String, declinedHandler, ("declined")); |
| 170 | 177 |
| 171 switch (state) { | 178 switch (state) { |
| 172 case NavigatorContentUtilsClient::CustomHandlersNew: | 179 case NavigatorContentUtilsClient::CustomHandlersNew: |
| (...skipping 13 matching lines...) Expand all Loading... |
| 186 DEFINE_STATIC_LOCAL(const String, declined, ("declined")); | 193 DEFINE_STATIC_LOCAL(const String, declined, ("declined")); |
| 187 | 194 |
| 188 if (!navigator.frame()) | 195 if (!navigator.frame()) |
| 189 return declined; | 196 return declined; |
| 190 | 197 |
| 191 Document* document = navigator.frame()->document(); | 198 Document* document = navigator.frame()->document(); |
| 192 ASSERT(document); | 199 ASSERT(document); |
| 193 if (document->activeDOMObjectsAreStopped()) | 200 if (document->activeDOMObjectsAreStopped()) |
| 194 return declined; | 201 return declined; |
| 195 | 202 |
| 196 KURL baseURL = document->baseURL(); | 203 if (!verifyCustomHandlerURL(*document, url, exceptionState)) |
| 197 | |
| 198 if (!verifyCustomHandlerURL(baseURL, url, exceptionState)) | |
| 199 return declined; | 204 return declined; |
| 200 | 205 |
| 201 if (!verifyCustomHandlerScheme(scheme, exceptionState)) | 206 if (!verifyCustomHandlerScheme(scheme, exceptionState)) |
| 202 return declined; | 207 return declined; |
| 203 | 208 |
| 204 ASSERT(navigator.frame()->page()); | 209 ASSERT(navigator.frame()->page()); |
| 205 return customHandlersStateString(NavigatorContentUtils::from(*navigator.fram
e()->page())->client()->isProtocolHandlerRegistered(scheme, baseURL, KURL(Parsed
URLString, url))); | 210 return customHandlersStateString(NavigatorContentUtils::from(*navigator.fram
e()->page())->client()->isProtocolHandlerRegistered(scheme, document->completeUR
L(url))); |
| 206 } | 211 } |
| 207 | 212 |
| 208 void NavigatorContentUtils::unregisterProtocolHandler(Navigator& navigator, cons
t String& scheme, const String& url, ExceptionState& exceptionState) | 213 void NavigatorContentUtils::unregisterProtocolHandler(Navigator& navigator, cons
t String& scheme, const String& url, ExceptionState& exceptionState) |
| 209 { | 214 { |
| 210 if (!navigator.frame()) | 215 if (!navigator.frame()) |
| 211 return; | 216 return; |
| 212 | 217 |
| 213 ASSERT(navigator.frame()->document()); | 218 Document* document = navigator.frame()->document(); |
| 214 KURL baseURL = navigator.frame()->document()->baseURL(); | 219 ASSERT(document); |
| 215 | 220 |
| 216 if (!verifyCustomHandlerURL(baseURL, url, exceptionState)) | 221 if (!verifyCustomHandlerURL(*document, url, exceptionState)) |
| 217 return; | 222 return; |
| 218 | 223 |
| 219 if (!verifyCustomHandlerScheme(scheme, exceptionState)) | 224 if (!verifyCustomHandlerScheme(scheme, exceptionState)) |
| 220 return; | 225 return; |
| 221 | 226 |
| 222 ASSERT(navigator.frame()->page()); | 227 ASSERT(navigator.frame()->page()); |
| 223 NavigatorContentUtils::from(*navigator.frame()->page())->client()->unregiste
rProtocolHandler(scheme, baseURL, KURL(ParsedURLString, url)); | 228 NavigatorContentUtils::from(*navigator.frame()->page())->client()->unregiste
rProtocolHandler(scheme, document->completeURL(url)); |
| 224 } | 229 } |
| 225 | 230 |
| 226 const char* NavigatorContentUtils::supplementName() | 231 const char* NavigatorContentUtils::supplementName() |
| 227 { | 232 { |
| 228 return "NavigatorContentUtils"; | 233 return "NavigatorContentUtils"; |
| 229 } | 234 } |
| 230 | 235 |
| 231 void provideNavigatorContentUtilsTo(Page& page, PassOwnPtr<NavigatorContentUtils
Client> client) | 236 void provideNavigatorContentUtilsTo(Page& page, PassOwnPtr<NavigatorContentUtils
Client> client) |
| 232 { | 237 { |
| 233 NavigatorContentUtils::provideTo(page, NavigatorContentUtils::supplementName
(), NavigatorContentUtils::create(client)); | 238 NavigatorContentUtils::provideTo(page, NavigatorContentUtils::supplementName
(), NavigatorContentUtils::create(client)); |
| 234 } | 239 } |
| 235 | 240 |
| 236 } // namespace blink | 241 } // namespace blink |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 392993005:
Custom handlers should throw SecurityError exception if the URL's origin differs from the document'… (Closed)
Base URL: https://chromium.googlesource.com/chromium/blink.git@master