OLD | NEW |
| (Empty) |
1 /* | |
2 * Copyright (C) 2010 Apple Inc. All Rights Reserved. | |
3 * | |
4 * Redistribution and use in source and binary forms, with or without | |
5 * modification, are permitted provided that the following conditions | |
6 * are met: | |
7 * 1. Redistributions of source code must retain the above copyright | |
8 * notice, this list of conditions and the following disclaimer. | |
9 * 2. Redistributions in binary form must reproduce the above copyright | |
10 * notice, this list of conditions and the following disclaimer in the | |
11 * documentation and/or other materials provided with the distribution. | |
12 * | |
13 * THIS SOFTWARE IS PROVIDED BY APPLE, INC. ``AS IS'' AND ANY | |
14 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
15 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | |
16 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE COMPUTER, INC. OR | |
17 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, | |
18 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, | |
19 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR | |
20 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY | |
21 * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | |
22 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE | |
23 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | |
24 * | |
25 */ | |
26 | |
27 #ifndef SchemeRegistry_h | |
28 #define SchemeRegistry_h | |
29 | |
30 #include "weborigin/WebOriginExport.h" | |
31 #include "wtf/HashSet.h" | |
32 #include "wtf/text/StringHash.h" | |
33 #include "wtf/text/WTFString.h" | |
34 | |
35 namespace WebCore { | |
36 | |
37 typedef HashSet<String, CaseFoldingHash> URLSchemesMap; | |
38 | |
39 class WEBORIGIN_EXPORT SchemeRegistry { | |
40 public: | |
41 static void registerURLSchemeAsLocal(const String&); | |
42 static void removeURLSchemeRegisteredAsLocal(const String&); | |
43 static const URLSchemesMap& localSchemes(); | |
44 | |
45 static bool shouldTreatURLSchemeAsLocal(const String&); | |
46 | |
47 // Secure schemes do not trigger mixed content warnings. For example, | |
48 // https and data are secure schemes because they cannot be corrupted by | |
49 // active network attackers. | |
50 static void registerURLSchemeAsSecure(const String&); | |
51 static bool shouldTreatURLSchemeAsSecure(const String&); | |
52 | |
53 static void registerURLSchemeAsNoAccess(const String&); | |
54 static bool shouldTreatURLSchemeAsNoAccess(const String&); | |
55 | |
56 // Display-isolated schemes can only be displayed (in the sense of | |
57 // SecurityOrigin::canDisplay) by documents from the same scheme. | |
58 static void registerURLSchemeAsDisplayIsolated(const String&); | |
59 static bool shouldTreatURLSchemeAsDisplayIsolated(const String&); | |
60 | |
61 static void registerURLSchemeAsEmptyDocument(const String&); | |
62 static bool shouldLoadURLSchemeAsEmptyDocument(const String&); | |
63 | |
64 static void setDomainRelaxationForbiddenForURLScheme(bool forbidden, const S
tring&); | |
65 static bool isDomainRelaxationForbiddenForURLScheme(const String&); | |
66 | |
67 // Such schemes should delegate to SecurityOrigin::canRequest for any URL | |
68 // passed to SecurityOrigin::canDisplay. | |
69 static bool canDisplayOnlyIfCanRequest(const String& scheme); | |
70 static void registerAsCanDisplayOnlyIfCanRequest(const String& scheme); | |
71 | |
72 // Schemes against which javascript: URLs should not be allowed to run (stop | |
73 // bookmarklets from running on sensitive pages). | |
74 static void registerURLSchemeAsNotAllowingJavascriptURLs(const String& schem
e); | |
75 static bool shouldTreatURLSchemeAsNotAllowingJavascriptURLs(const String& sc
heme); | |
76 | |
77 // Allow non-HTTP schemes to be registered to allow CORS requests. | |
78 static void registerURLSchemeAsCORSEnabled(const String& scheme); | |
79 static bool shouldTreatURLSchemeAsCORSEnabled(const String& scheme); | |
80 | |
81 // Allow resources from some schemes to load on a page, regardless of its | |
82 // Content Security Policy. | |
83 static void registerURLSchemeAsBypassingContentSecurityPolicy(const String&
scheme); | |
84 static void removeURLSchemeRegisteredAsBypassingContentSecurityPolicy(const
String& scheme); | |
85 static bool schemeShouldBypassContentSecurityPolicy(const String& scheme); | |
86 }; | |
87 | |
88 } // namespace WebCore | |
89 | |
90 #endif // SchemeRegistry_h | |
OLD | NEW |