OLD | NEW |
1 /* | 1 /* |
2 * Copyright (C) 2007 Apple Inc. All rights reserved. | 2 * Copyright (C) 2007 Apple Inc. All rights reserved. |
3 * | 3 * |
4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
5 * modification, are permitted provided that the following conditions | 5 * modification, are permitted provided that the following conditions |
6 * are met: | 6 * are met: |
7 * | 7 * |
8 * 1. Redistributions of source code must retain the above copyright | 8 * 1. Redistributions of source code must retain the above copyright |
9 * notice, this list of conditions and the following disclaimer. | 9 * notice, this list of conditions and the following disclaimer. |
10 * 2. Redistributions in binary form must reproduce the above copyright | 10 * 2. Redistributions in binary form must reproduce the above copyright |
(...skipping 313 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
324 } | 324 } |
325 return false; | 325 return false; |
326 } | 326 } |
327 | 327 |
328 bool SecurityOrigin::isAccessToURLWhiteListed(const KURL& url) const | 328 bool SecurityOrigin::isAccessToURLWhiteListed(const KURL& url) const |
329 { | 329 { |
330 RefPtr<SecurityOrigin> targetOrigin = SecurityOrigin::create(url); | 330 RefPtr<SecurityOrigin> targetOrigin = SecurityOrigin::create(url); |
331 return isAccessWhiteListed(targetOrigin.get()); | 331 return isAccessWhiteListed(targetOrigin.get()); |
332 } | 332 } |
333 | 333 |
| 334 // This is a hack to allow keep navigation to http/https feeds working. To remov
e this |
| 335 // we need to introduce new API akin to registerURLSchemeAsLocal, that registers
a |
| 336 // protocols navigation policy. |
| 337 // feed(|s|search): is considered a 'nesting' scheme by embedders that support i
t, so it can be |
| 338 // local or remote depending on what is nested. Currently we just check if we ar
e nesting |
| 339 // http or https, otherwise we ignore the nesting for the purpose of a security
check. We need |
| 340 // a facility for registering nesting schemes, and some generalized logic for th
em. |
| 341 // This function should be removed as an outcome of https://bugs.webkit.org/show
_bug.cgi?id=69196 |
| 342 static bool isFeedWithNestedProtocolInHTTPFamily(const KURL& url) |
| 343 { |
| 344 const String& urlString = url.string(); |
| 345 if (!urlString.startsWith("feed", false)) |
| 346 return false; |
| 347 |
| 348 return urlString.startsWith("feed://", false) |
| 349 || urlString.startsWith("feed:http:", false) || urlString.startsWith("fe
ed:https:", false) |
| 350 || urlString.startsWith("feeds:http:", false) || urlString.startsWith("f
eeds:https:", false) |
| 351 || urlString.startsWith("feedsearch:http:", false) || urlString.startsWi
th("feedsearch:https:", false); |
| 352 } |
| 353 |
334 bool SecurityOrigin::canDisplay(const KURL& url) const | 354 bool SecurityOrigin::canDisplay(const KURL& url) const |
335 { | 355 { |
336 String protocol = url.protocol().lower(); | 356 String protocol = url.protocol().lower(); |
337 | 357 |
| 358 if (isFeedWithNestedProtocolInHTTPFamily(url)) |
| 359 return true; |
| 360 |
338 if (SchemeRegistry::canDisplayOnlyIfCanRequest(protocol)) | 361 if (SchemeRegistry::canDisplayOnlyIfCanRequest(protocol)) |
339 return canRequest(url); | 362 return canRequest(url); |
340 | 363 |
341 if (SchemeRegistry::shouldTreatURLSchemeAsDisplayIsolated(protocol)) | 364 if (SchemeRegistry::shouldTreatURLSchemeAsDisplayIsolated(protocol)) |
342 return m_protocol == protocol || isAccessToURLWhiteListed(url); | 365 return m_protocol == protocol || isAccessToURLWhiteListed(url); |
343 | 366 |
344 if (restrictAccessToLocal() && SchemeRegistry::shouldTreatURLSchemeAsLocal(p
rotocol)) | 367 if (restrictAccessToLocal() && SchemeRegistry::shouldTreatURLSchemeAsLocal(p
rotocol)) |
345 return canLoadLocalResources() || isAccessToURLWhiteListed(url); | 368 return canLoadLocalResources() || isAccessToURLWhiteListed(url); |
346 | 369 |
347 return true; | 370 return true; |
(...skipping 231 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
579 | 602 |
580 void SecurityOrigin::resetOriginAccessWhitelists() | 603 void SecurityOrigin::resetOriginAccessWhitelists() |
581 { | 604 { |
582 ASSERT(isMainThread()); | 605 ASSERT(isMainThread()); |
583 OriginAccessMap& map = originAccessMap(); | 606 OriginAccessMap& map = originAccessMap(); |
584 deleteAllValues(map); | 607 deleteAllValues(map); |
585 map.clear(); | 608 map.clear(); |
586 } | 609 } |
587 | 610 |
588 } // namespace WebCore | 611 } // namespace WebCore |
OLD | NEW |