Custom handlers should throw SecurityError exception if the URL's origin differs from the document'…

Source/modules/navigatorcontentutils/NavigatorContentUtils.cpp

Index: Source/modules/navigatorcontentutils/NavigatorContentUtils.cpp
diff --git a/Source/modules/navigatorcontentutils/NavigatorContentUtils.cpp b/Source/modules/navigatorcontentutils/NavigatorContentUtils.cpp
index fdd04992108529cb2c5ff2b0685a49822ef84286..8ea190a5c34f31965073b50b4676193909d9d76e 100644
--- a/Source/modules/navigatorcontentutils/NavigatorContentUtils.cpp
+++ b/Source/modules/navigatorcontentutils/NavigatorContentUtils.cpp
@@ -68,7 +68,7 @@ static void initProtocolHandlerWhitelist()
         protocolWhitelist->add(protocols[i]);
 }
 
-static bool verifyCustomHandlerURL(const KURL& baseURL, const String& url, ExceptionState& exceptionState)
+static bool verifyCustomHandlerURL(const Document& document, const KURL& baseURL, const String& url, ExceptionState& exceptionState)
 {
     // The specification requires that it is a SyntaxError if the "%s" token is
     // not present.
@@ -91,6 +91,13 @@ static bool verifyCustomHandlerURL(const KURL& baseURL, const String& url, Excep
         return false;
     }
 
+    // The specification says that the API throws SecurityError exception if the URL's origin differs from the document's origin.
+    RefPtr<SecurityOrigin> origin = SecurityOrigin::create(kurl);
+    if (!origin->isSameSchemeHostPort(document.securityOrigin())) {

[abarth-chromium, 2014/07/16 16:32:39]

You don't really ever want to call isSameSchemeHostPort.  How about:

document.securityOrigin()->canRequest(kurl)

?

[pals, 2014/07/18 14:17:54]

Done.

+        exceptionState.throwSecurityError("Can only register handler in the document's origin.");

[gyuyoung-inactive, 2014/07/16 06:20:17]

Isn't it better mention "custom handler" instead of just "handler" ?

[pals, 2014/07/18 14:17:54]

Done.

+        return false;
+    }
+
     return true;
 }
 
@@ -149,10 +156,11 @@ void NavigatorContentUtils::registerProtocolHandler(Navigator& navigator, const
     if (!navigator.frame())
         return;
 
-    ASSERT(navigator.frame()->document());
-    KURL baseURL = navigator.frame()->document()->baseURL();
+    Document* document = navigator.frame()->document();
+    ASSERT(document);
+    KURL baseURL = document->baseURL();
 
-    if (!verifyCustomHandlerURL(baseURL, url, exceptionState))
+    if (!verifyCustomHandlerURL(*document, baseURL, url, exceptionState))

[abarth-chromium, 2014/07/16 16:32:39]

Why don't we just pass in the complete URL to verifyCustomHandlerURL?

[gyuyoung-inactive, 2014/07/17 07:01:19]

We are passing baseURL and registered url to client side. So, if we complete to
merge two urls here, we can pass the complete url to client side. If so, it
would be good to handle this suggestion with new CL.

However, if we should pass two urls to client side continually, I don't know
what is benefit to merge the two urls here.

[pals, 2014/07/18 14:17:53]

Done.

         return;
 
     if (!verifyProtocolHandlerScheme(scheme, "registerProtocolHandler", exceptionState))
@@ -195,7 +203,7 @@ String NavigatorContentUtils::isProtocolHandlerRegistered(Navigator& navigator,
 
     KURL baseURL = document->baseURL();
 
-    if (!verifyCustomHandlerURL(baseURL, url, exceptionState))
+    if (!verifyCustomHandlerURL(*document, baseURL, url, exceptionState))
         return declined;
 
     if (!verifyProtocolHandlerScheme(scheme, "isProtocolHandlerRegistered", exceptionState))
@@ -210,10 +218,11 @@ void NavigatorContentUtils::unregisterProtocolHandler(Navigator& navigator, cons
     if (!navigator.frame())
         return;
 
-    ASSERT(navigator.frame()->document());
-    KURL baseURL = navigator.frame()->document()->baseURL();
+    Document* document = navigator.frame()->document();
+    ASSERT(document);
+    KURL baseURL = document->baseURL();
 
-    if (!verifyCustomHandlerURL(baseURL, url, exceptionState))
+    if (!verifyCustomHandlerURL(*document, baseURL, url, exceptionState))
         return;
 
     if (!verifyProtocolHandlerScheme(scheme, "unregisterProtocolHandler", exceptionState))