OLD | NEW |
---|---|
1 /* | 1 /* |
2 * Copyright (C) 2011 Google Inc. All rights reserved. | 2 * Copyright (C) 2011 Google Inc. All rights reserved. |
3 * | 3 * |
4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
5 * modification, are permitted provided that the following conditions are | 5 * modification, are permitted provided that the following conditions are |
6 * met: | 6 * met: |
7 * | 7 * |
8 * * Redistributions of source code must retain the above copyright | 8 * * Redistributions of source code must retain the above copyright |
9 * notice, this list of conditions and the following disclaimer. | 9 * notice, this list of conditions and the following disclaimer. |
10 * * Redistributions in binary form must reproduce the above | 10 * * Redistributions in binary form must reproduce the above |
(...skipping 34 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
45 #include "core/frame/ConsoleTypes.h" | 45 #include "core/frame/ConsoleTypes.h" |
46 #include "core/frame/LocalDOMWindow.h" | 46 #include "core/frame/LocalDOMWindow.h" |
47 #include "core/frame/LocalFrame.h" | 47 #include "core/frame/LocalFrame.h" |
48 #include "core/frame/csp/ContentSecurityPolicy.h" | 48 #include "core/frame/csp/ContentSecurityPolicy.h" |
49 #include "core/inspector/ConsoleMessage.h" | 49 #include "core/inspector/ConsoleMessage.h" |
50 #include "core/inspector/ScriptCallStack.h" | 50 #include "core/inspector/ScriptCallStack.h" |
51 #include "modules/websockets/CloseEvent.h" | 51 #include "modules/websockets/CloseEvent.h" |
52 #include "platform/Logging.h" | 52 #include "platform/Logging.h" |
53 #include "platform/blob/BlobData.h" | 53 #include "platform/blob/BlobData.h" |
54 #include "platform/heap/Handle.h" | 54 #include "platform/heap/Handle.h" |
55 #include "platform/weborigin/KnownPorts.h" | |
56 #include "platform/weborigin/SecurityOrigin.h" | 55 #include "platform/weborigin/SecurityOrigin.h" |
57 #include "public/platform/Platform.h" | 56 #include "public/platform/Platform.h" |
58 #include "wtf/Assertions.h" | 57 #include "wtf/Assertions.h" |
59 #include "wtf/HashSet.h" | 58 #include "wtf/HashSet.h" |
60 #include "wtf/PassOwnPtr.h" | 59 #include "wtf/PassOwnPtr.h" |
61 #include "wtf/StdLibExtras.h" | 60 #include "wtf/StdLibExtras.h" |
62 #include "wtf/text/CString.h" | 61 #include "wtf/text/CString.h" |
63 #include "wtf/text/StringBuilder.h" | 62 #include "wtf/text/StringBuilder.h" |
64 #include "wtf/text/WTFString.h" | 63 #include "wtf/text/WTFString.h" |
65 | 64 |
(...skipping 230 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
296 m_state = CLOSED; | 295 m_state = CLOSED; |
297 exceptionState.throwDOMException(SyntaxError, "The URL's scheme must be either 'ws' or 'wss'. '" + m_url.protocol() + "' is not allowed."); | 296 exceptionState.throwDOMException(SyntaxError, "The URL's scheme must be either 'ws' or 'wss'. '" + m_url.protocol() + "' is not allowed."); |
298 return; | 297 return; |
299 } | 298 } |
300 | 299 |
301 if (m_url.hasFragmentIdentifier()) { | 300 if (m_url.hasFragmentIdentifier()) { |
302 m_state = CLOSED; | 301 m_state = CLOSED; |
303 exceptionState.throwDOMException(SyntaxError, "The URL contains a fragme nt identifier ('" + m_url.fragmentIdentifier() + "'). Fragment identifiers are n ot allowed in WebSocket URLs."); | 302 exceptionState.throwDOMException(SyntaxError, "The URL contains a fragme nt identifier ('" + m_url.fragmentIdentifier() + "'). Fragment identifiers are n ot allowed in WebSocket URLs."); |
304 return; | 303 return; |
305 } | 304 } |
306 if (!portAllowed(m_url)) { | 305 |
306 if (!Platform::current()->portAllowed(m_url.port(), m_url.protocolIs("ftp")) ) { | |
eroman
2015/04/10 01:55:56
A couple things here:
(1) It is weird to be cal
Paritosh Kumar
2015/04/10 12:52:35
Updated in new CL.
| |
307 m_state = CLOSED; | 307 m_state = CLOSED; |
308 exceptionState.throwSecurityError("The port " + String::number(m_url.por t()) + " is not allowed."); | 308 exceptionState.throwSecurityError("The port " + String::number(m_url.por t()) + " is not allowed."); |
309 return; | 309 return; |
310 } | 310 } |
311 | 311 |
312 // FIXME: Convert this to check the isolated world's Content Security Policy once webkit.org/b/104520 is solved. | 312 // FIXME: Convert this to check the isolated world's Content Security Policy once webkit.org/b/104520 is solved. |
313 if (!ContentSecurityPolicy::shouldBypassMainWorld(executionContext()) && !ex ecutionContext()->contentSecurityPolicy()->allowConnectToSource(m_url)) { | 313 if (!ContentSecurityPolicy::shouldBypassMainWorld(executionContext()) && !ex ecutionContext()->contentSecurityPolicy()->allowConnectToSource(m_url)) { |
314 m_state = CLOSED; | 314 m_state = CLOSED; |
315 // The URL is safe to expose to JavaScript, as this check happens synchr onously before redirection. | 315 // The URL is safe to expose to JavaScript, as this check happens synchr onously before redirection. |
316 exceptionState.throwSecurityError("Refused to connect to '" + m_url.elid edString() + "' because it violates the document's Content Security Policy."); | 316 exceptionState.throwSecurityError("Refused to connect to '" + m_url.elid edString() + "' because it violates the document's Content Security Policy."); |
(...skipping 365 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
682 DEFINE_TRACE(DOMWebSocket) | 682 DEFINE_TRACE(DOMWebSocket) |
683 { | 683 { |
684 visitor->trace(m_channel); | 684 visitor->trace(m_channel); |
685 visitor->trace(m_eventQueue); | 685 visitor->trace(m_eventQueue); |
686 WebSocketChannelClient::trace(visitor); | 686 WebSocketChannelClient::trace(visitor); |
687 RefCountedGarbageCollectedEventTargetWithInlineData<DOMWebSocket>::trace(vis itor); | 687 RefCountedGarbageCollectedEventTargetWithInlineData<DOMWebSocket>::trace(vis itor); |
688 ActiveDOMObject::trace(visitor); | 688 ActiveDOMObject::trace(visitor); |
689 } | 689 } |
690 | 690 |
691 } // namespace blink | 691 } // namespace blink |
OLD | NEW |