Source/modules/navigatorcontentutils/NavigatorContentUtils.cpp - Issue 392993005: Custom handlers should throw SecurityError exception if the URL's origin differs from the document'…

Unified Diff: Source/modules/navigatorcontentutils/NavigatorContentUtils.cpp

Issue 392993005: Custom handlers should throw SecurityError exception if the URL's origin differs from the document'… (Closed) Base URL: https://chromium.googlesource.com/chromium/blink.git@master

Patch Set: moved navigatorcontentutils to http/tests Created 6 years, 4 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

« no previous file with comments | « LayoutTests/navigatorcontentutils/unregister-protocol-handler-expected.txt ('k') | Source/modules/navigatorcontentutils/NavigatorContentUtilsClient.h » ('j') | public/web/WebViewClient.h » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

Index: Source/modules/navigatorcontentutils/NavigatorContentUtils.cpp

diff --git a/Source/modules/navigatorcontentutils/NavigatorContentUtils.cpp b/Source/modules/navigatorcontentutils/NavigatorContentUtils.cpp

index 1b86cf25ed48951fe845f704cc3f9ef075c74bcf..337fe281aafd9d44bddeaf866fa28995d552f8ea 100644

--- a/Source/modules/navigatorcontentutils/NavigatorContentUtils.cpp

+++ b/Source/modules/navigatorcontentutils/NavigatorContentUtils.cpp

@@ -68,7 +68,7 @@ static void initCustomSchemeHandlerWhitelist()

schemeWhitelist->add(schemes[i]);

}

-static bool verifyCustomHandlerURL(const KURL& baseURL, const String& url, ExceptionState& exceptionState)

+static bool verifyCustomHandlerURL(const Document& document, const String& url, ExceptionState& exceptionState)

{

// The specification requires that it is a SyntaxError if the "%s" token is

// not present.

@@ -84,6 +84,7 @@ static bool verifyCustomHandlerURL(const KURL& baseURL, const String& url, Excep

String newURL = url;

newURL.remove(index, WTF_ARRAY_LENGTH(token) - 1);

+ KURL baseURL = document.baseURL();

KURL kurl(baseURL, newURL);

abarth-chromium 2014/08/20 18:15:10 document.completeURL(newURL)

pals 2014/08/21 14:02:56 Done.

if (kurl.isEmpty() || !kurl.isValid()) {

@@ -91,6 +92,12 @@ static bool verifyCustomHandlerURL(const KURL& baseURL, const String& url, Excep

return false;

}

+ // The specification says that the API throws SecurityError exception if the URL's origin differs from the document's origin.

+ if (!document.securityOrigin()->canRequest(kurl)) {

+ exceptionState.throwSecurityError("Can only register custom handler in the document's origin.");

+ return false;

+ }

return true;

}

@@ -149,17 +156,19 @@ void NavigatorContentUtils::registerProtocolHandler(Navigator& navigator, const

if (!navigator.frame())

return;

- ASSERT(navigator.frame()->document());

- KURL baseURL = navigator.frame()->document()->baseURL();

+ Document* document = navigator.frame()->document();

+ ASSERT(document);

- if (!verifyCustomHandlerURL(baseURL, url, exceptionState))

+ if (!verifyCustomHandlerURL(*document, url, exceptionState))

return;

if (!verifyCustomHandlerScheme(scheme, exceptionState))

return;

ASSERT(navigator.frame()->page());

- NavigatorContentUtils::from(*navigator.frame()->page())->client()->registerProtocolHandler(scheme, baseURL, KURL(ParsedURLString, url), title);

+ KURL baseURL = document->baseURL();

+ KURL absoluteURL(baseURL, url);

abarth-chromium 2014/08/20 18:15:10 document->completeURL(...)

pals 2014/08/21 14:02:56 Done.

+ NavigatorContentUtils::from(*navigator.frame()->page())->client()->registerProtocolHandler(scheme, absoluteURL, title);

}

static String customHandlersStateString(const NavigatorContentUtilsClient::CustomHandlersState state)

@@ -193,16 +202,16 @@ String NavigatorContentUtils::isProtocolHandlerRegistered(Navigator& navigator,

if (document->activeDOMObjectsAreStopped())

return declined;

- KURL baseURL = document->baseURL();

- if (!verifyCustomHandlerURL(baseURL, url, exceptionState))

+ if (!verifyCustomHandlerURL(*document, url, exceptionState))

return declined;

if (!verifyCustomHandlerScheme(scheme, exceptionState))

return declined;

ASSERT(navigator.frame()->page());

- return customHandlersStateString(NavigatorContentUtils::from(*navigator.frame()->page())->client()->isProtocolHandlerRegistered(scheme, baseURL, KURL(ParsedURLString, url)));

+ KURL baseURL = document->baseURL();

+ KURL absoluteURL(baseURL, url);

abarth-chromium 2014/08/20 18:15:10 ditto

pals 2014/08/21 14:02:56 Done.

+ return customHandlersStateString(NavigatorContentUtils::from(*navigator.frame()->page())->client()->isProtocolHandlerRegistered(scheme, absoluteURL));

}

void NavigatorContentUtils::unregisterProtocolHandler(Navigator& navigator, const String& scheme, const String& url, ExceptionState& exceptionState)

@@ -210,17 +219,19 @@ void NavigatorContentUtils::unregisterProtocolHandler(Navigator& navigator, cons

if (!navigator.frame())

return;

- ASSERT(navigator.frame()->document());

- KURL baseURL = navigator.frame()->document()->baseURL();

+ Document* document = navigator.frame()->document();

+ ASSERT(document);

- if (!verifyCustomHandlerURL(baseURL, url, exceptionState))

+ if (!verifyCustomHandlerURL(*document, url, exceptionState))

return;

if (!verifyCustomHandlerScheme(scheme, exceptionState))

return;

ASSERT(navigator.frame()->page());

- NavigatorContentUtils::from(*navigator.frame()->page())->client()->unregisterProtocolHandler(scheme, baseURL, KURL(ParsedURLString, url));

+ KURL baseURL = document->baseURL();

+ KURL absoluteURL(baseURL, url);

abarth-chromium 2014/08/20 18:15:10 ditto

pals 2014/08/21 14:02:55 Done.

+ NavigatorContentUtils::from(*navigator.frame()->page())->client()->unregisterProtocolHandler(scheme, absoluteURL);

}

const char* NavigatorContentUtils::supplementName()