Chromium Code Reviews Chromium Code Reviews
Issue 4074:
Fix some XSS test by fixing an improperly merged file and falling back on... (Closed)
Base URL: svn://chrome-svn/chrome/branches/chrome_webkit_merge_branch/| OLD | NEW |
|---|---|
| 1 /* | 1 /* |
| 2 * Copyright (C) 2007 Apple Inc. All rights reserved. | 2 * Copyright (C) 2007 Apple Inc. All rights reserved. |
| 3 * | 3 * |
| 4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
| 5 * modification, are permitted provided that the following conditions | 5 * modification, are permitted provided that the following conditions |
| 6 * are met: | 6 * are met: |
| 7 * | 7 * |
| 8 * 1. Redistributions of source code must retain the above copyright | 8 * 1. Redistributions of source code must retain the above copyright |
| 9 * notice, this list of conditions and the following disclaimer. | 9 * notice, this list of conditions and the following disclaimer. |
| 10 * 2. Redistributions in binary form must reproduce the above copyright | 10 * 2. Redistributions in binary form must reproduce the above copyright |
| (...skipping 96 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 107 return adoptRef(new SecurityOrigin(this)); | 107 return adoptRef(new SecurityOrigin(this)); |
| 108 } | 108 } |
| 109 | 109 |
| 110 void SecurityOrigin::setDomainFromDOM(const String& newDomain) | 110 void SecurityOrigin::setDomainFromDOM(const String& newDomain) |
| 111 { | 111 { |
| 112 m_domainWasSetInDOM = true; | 112 m_domainWasSetInDOM = true; |
| 113 m_domain = newDomain.lower(); | 113 m_domain = newDomain.lower(); |
| 114 } | 114 } |
| 115 | 115 |
| 116 bool SecurityOrigin::canAccess(const SecurityOrigin* other) const | 116 bool SecurityOrigin::canAccess(const SecurityOrigin* other) const |
| 117 { | 117 { |
|
Evan Martin
2008/09/25 00:56:11
This looks funny, but it's what the upstream versi
| |
| 118 if (isLocal()) | 118 if (isLocal()) |
| 119 return true; | |
| 120 | |
| 119 if (m_noAccess || other->m_noAccess) | 121 if (m_noAccess || other->m_noAccess) |
| 120 return false; | 122 return false; |
| 121 | 123 |
| 122 // Here are two cases where we should permit access: | 124 // Here are two cases where we should permit access: |
| 123 // | 125 // |
| 124 // 1) Neither document has set document.domain. In this case, we insist | 126 // 1) Neither document has set document.domain. In this case, we insist |
| 125 // that the scheme, host, and port of the URLs match. | 127 // that the scheme, host, and port of the URLs match. |
| 126 // | 128 // |
| 127 // 2) Both documents have set document.domain. In this case, we insist | 129 // 2) Both documents have set document.domain. In this case, we insist |
| 128 // that the documents have set document.domain to the same value and | 130 // that the documents have set document.domain to the same value and |
| (...skipping 173 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 302 // We could encode the document.domain state into the security token, | 304 // We could encode the document.domain state into the security token, |
| 303 // but this is an uncommon case and leads to complexity. We're better | 305 // but this is an uncommon case and leads to complexity. We're better |
| 304 // off sending these accesses down the slow path. | 306 // off sending these accesses down the slow path. |
| 305 return String(); | 307 return String(); |
| 306 } | 308 } |
| 307 | 309 |
| 308 return toString(); | 310 return toString(); |
| 309 } | 311 } |
| 310 | 312 |
| 311 } // namespace WebCore | 313 } // namespace WebCore |
| OLD | NEW |
