Index: Source/modules/navigatorcontentutils/NavigatorContentUtils.cpp |
diff --git a/Source/modules/navigatorcontentutils/NavigatorContentUtils.cpp b/Source/modules/navigatorcontentutils/NavigatorContentUtils.cpp |
index 9e06b5af6e3a73d2f29e2a43ace267b702434267..6cefc67d74829aba0a8174017b2b6851622e36ac 100644 |
--- a/Source/modules/navigatorcontentutils/NavigatorContentUtils.cpp |
+++ b/Source/modules/navigatorcontentutils/NavigatorContentUtils.cpp |
@@ -68,7 +68,7 @@ static void initProtocolHandlerWhitelist() |
protocolWhitelist->add(protocols[i]); |
} |
-static bool verifyCustomHandlerURL(const KURL& baseURL, const String& url, ExceptionState& exceptionState) |
+static bool verifyCustomHandlerURL(const Document& document, const String& url, ExceptionState& exceptionState) |
{ |
// The specification requires that it is a SyntaxError if the "%s" token is |
// not present. |
@@ -84,6 +84,7 @@ static bool verifyCustomHandlerURL(const KURL& baseURL, const String& url, Excep |
String newURL = url; |
newURL.remove(index, WTF_ARRAY_LENGTH(token) - 1); |
+ KURL baseURL = document.baseURL(); |
KURL kurl(baseURL, newURL); |
if (kurl.isEmpty() || !kurl.isValid()) { |
@@ -91,6 +92,12 @@ static bool verifyCustomHandlerURL(const KURL& baseURL, const String& url, Excep |
return false; |
} |
+ // The specification says that the API throws SecurityError exception if the URL's origin differs from the document's origin. |
+ if (!document.securityOrigin()->canRequest(kurl)) { |
+ exceptionState.throwSecurityError("Can only register custom handler in the document's origin."); |
+ return false; |
+ } |
+ |
return true; |
} |
@@ -149,15 +156,16 @@ void NavigatorContentUtils::registerProtocolHandler(Navigator& navigator, const |
if (!navigator.frame()) |
return; |
- ASSERT(navigator.frame()->document()); |
- KURL baseURL = navigator.frame()->document()->baseURL(); |
+ Document* document = navigator.frame()->document(); |
+ ASSERT(document); |
- if (!verifyCustomHandlerURL(baseURL, url, exceptionState)) |
+ if (!verifyCustomHandlerURL(*document, url, exceptionState)) |
return; |
if (!verifyCustomHandlerScheme(scheme, exceptionState)) |
return; |
+ KURL baseURL = document->baseURL(); |
gyuyoung-inactive
2014/07/21 00:30:20
Should we use "baseURL" local variable ? This loca
|
ASSERT(navigator.frame()->page()); |
NavigatorContentUtils::from(*navigator.frame()->page())->client()->registerProtocolHandler(scheme, baseURL, KURL(ParsedURLString, url), title); |
} |
@@ -193,14 +201,13 @@ String NavigatorContentUtils::isProtocolHandlerRegistered(Navigator& navigator, |
if (document->activeDOMObjectsAreStopped()) |
return declined; |
- KURL baseURL = document->baseURL(); |
- |
- if (!verifyCustomHandlerURL(baseURL, url, exceptionState)) |
+ if (!verifyCustomHandlerURL(*document, url, exceptionState)) |
return declined; |
if (!verifyCustomHandlerScheme(scheme, exceptionState)) |
return declined; |
+ KURL baseURL = document->baseURL(); |
ASSERT(navigator.frame()->page()); |
return customHandlersStateString(NavigatorContentUtils::from(*navigator.frame()->page())->client()->isProtocolHandlerRegistered(scheme, baseURL, KURL(ParsedURLString, url))); |
} |
@@ -210,15 +217,16 @@ void NavigatorContentUtils::unregisterProtocolHandler(Navigator& navigator, cons |
if (!navigator.frame()) |
return; |
- ASSERT(navigator.frame()->document()); |
- KURL baseURL = navigator.frame()->document()->baseURL(); |
+ Document* document = navigator.frame()->document(); |
+ ASSERT(document); |
- if (!verifyCustomHandlerURL(baseURL, url, exceptionState)) |
+ if (!verifyCustomHandlerURL(*document, url, exceptionState)) |
return; |
if (!verifyCustomHandlerScheme(scheme, exceptionState)) |
return; |
+ KURL baseURL = document->baseURL(); |
gyuyoung-inactive
2014/07/21 00:30:20
ditto.
|
ASSERT(navigator.frame()->page()); |
NavigatorContentUtils::from(*navigator.frame()->page())->client()->unregisterProtocolHandler(scheme, baseURL, KURL(ParsedURLString, url)); |
} |