| OLD | NEW |
|---|
| 1 /* | 1 /* |
| 2 * Copyright (C) 2011 Google Inc. All rights reserved. | 2 * Copyright (C) 2011 Google Inc. All rights reserved. |
| 3 * | 3 * |
| 4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
| 5 * modification, are permitted provided that the following conditions are | 5 * modification, are permitted provided that the following conditions are |
| 6 * met: | 6 * met: |
| 7 * | 7 * |
| 8 * * Redistributions of source code must retain the above copyright | 8 * * Redistributions of source code must retain the above copyright |
| 9 * notice, this list of conditions and the following disclaimer. | 9 * notice, this list of conditions and the following disclaimer. |
| 10 * * Redistributions in binary form must reproduce the above | 10 * * Redistributions in binary form must reproduce the above |
| (...skipping 35 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 46 #include "core/frame/LocalDOMWindow.h" | 46 #include "core/frame/LocalDOMWindow.h" |
| 47 #include "core/frame/LocalFrame.h" | 47 #include "core/frame/LocalFrame.h" |
| 48 #include "core/frame/UseCounter.h" | 48 #include "core/frame/UseCounter.h" |
| 49 #include "core/frame/csp/ContentSecurityPolicy.h" | 49 #include "core/frame/csp/ContentSecurityPolicy.h" |
| 50 #include "core/inspector/ConsoleMessage.h" | 50 #include "core/inspector/ConsoleMessage.h" |
| 51 #include "core/inspector/ScriptCallStack.h" | 51 #include "core/inspector/ScriptCallStack.h" |
| 52 #include "modules/websockets/CloseEvent.h" | 52 #include "modules/websockets/CloseEvent.h" |
| 53 #include "platform/Logging.h" | 53 #include "platform/Logging.h" |
| 54 #include "platform/blob/BlobData.h" | 54 #include "platform/blob/BlobData.h" |
| 55 #include "platform/heap/Handle.h" | 55 #include "platform/heap/Handle.h" |
| 56 #include "platform/weborigin/KnownPorts.h" | |
| 57 #include "platform/weborigin/SecurityOrigin.h" | 56 #include "platform/weborigin/SecurityOrigin.h" |
| 58 #include "public/platform/Platform.h" | 57 #include "public/platform/Platform.h" |
| 59 #include "wtf/Assertions.h" | 58 #include "wtf/Assertions.h" |
| 60 #include "wtf/HashSet.h" | 59 #include "wtf/HashSet.h" |
| 61 #include "wtf/PassOwnPtr.h" | 60 #include "wtf/PassOwnPtr.h" |
| 62 #include "wtf/StdLibExtras.h" | 61 #include "wtf/StdLibExtras.h" |
| 63 #include "wtf/text/CString.h" | 62 #include "wtf/text/CString.h" |
| 64 #include "wtf/text/StringBuilder.h" | 63 #include "wtf/text/StringBuilder.h" |
| 65 #include "wtf/text/WTFString.h" | 64 #include "wtf/text/WTFString.h" |
| 66 | 65 |
| (...skipping 231 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 298 m_state = CLOSED; | 297 m_state = CLOSED; |
| 299 exceptionState.throwDOMException(SyntaxError, "The URL's scheme must be
either 'ws' or 'wss'. '" + m_url.protocol() + "' is not allowed."); | 298 exceptionState.throwDOMException(SyntaxError, "The URL's scheme must be
either 'ws' or 'wss'. '" + m_url.protocol() + "' is not allowed."); |
| 300 return; | 299 return; |
| 301 } | 300 } |
| 302 | 301 |
| 303 if (m_url.hasFragmentIdentifier()) { | 302 if (m_url.hasFragmentIdentifier()) { |
| 304 m_state = CLOSED; | 303 m_state = CLOSED; |
| 305 exceptionState.throwDOMException(SyntaxError, "The URL contains a fragme
nt identifier ('" + m_url.fragmentIdentifier() + "'). Fragment identifiers are n
ot allowed in WebSocket URLs."); | 304 exceptionState.throwDOMException(SyntaxError, "The URL contains a fragme
nt identifier ('" + m_url.fragmentIdentifier() + "'). Fragment identifiers are n
ot allowed in WebSocket URLs."); |
| 306 return; | 305 return; |
| 307 } | 306 } |
| 308 if (!portAllowed(m_url)) { | 307 |
| 308 if (!Platform::current()->portAllowed(m_url)) { |
| 309 m_state = CLOSED; | 309 m_state = CLOSED; |
| 310 exceptionState.throwSecurityError("The port " + String::number(m_url.por
t()) + " is not allowed."); | 310 exceptionState.throwSecurityError("The port " + String::number(m_url.por
t()) + " is not allowed."); |
| 311 return; | 311 return; |
| 312 } | 312 } |
| 313 | 313 |
| 314 // FIXME: Convert this to check the isolated world's Content Security Policy
once webkit.org/b/104520 is solved. | 314 // FIXME: Convert this to check the isolated world's Content Security Policy
once webkit.org/b/104520 is solved. |
| 315 if (!ContentSecurityPolicy::shouldBypassMainWorld(executionContext()) && !ex
ecutionContext()->contentSecurityPolicy()->allowConnectToSource(m_url)) { | 315 if (!ContentSecurityPolicy::shouldBypassMainWorld(executionContext()) && !ex
ecutionContext()->contentSecurityPolicy()->allowConnectToSource(m_url)) { |
| 316 m_state = CLOSED; | 316 m_state = CLOSED; |
| 317 // The URL is safe to expose to JavaScript, as this check happens synchr
onously before redirection. | 317 // The URL is safe to expose to JavaScript, as this check happens synchr
onously before redirection. |
| 318 exceptionState.throwSecurityError("Refused to connect to '" + m_url.elid
edString() + "' because it violates the document's Content Security Policy."); | 318 exceptionState.throwSecurityError("Refused to connect to '" + m_url.elid
edString() + "' because it violates the document's Content Security Policy."); |
| (...skipping 365 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 684 DEFINE_TRACE(DOMWebSocket) | 684 DEFINE_TRACE(DOMWebSocket) |
| 685 { | 685 { |
| 686 visitor->trace(m_channel); | 686 visitor->trace(m_channel); |
| 687 visitor->trace(m_eventQueue); | 687 visitor->trace(m_eventQueue); |
| 688 WebSocketChannelClient::trace(visitor); | 688 WebSocketChannelClient::trace(visitor); |
| 689 RefCountedGarbageCollectedEventTargetWithInlineData<DOMWebSocket>::trace(vis
itor); | 689 RefCountedGarbageCollectedEventTargetWithInlineData<DOMWebSocket>::trace(vis
itor); |
| 690 ActiveDOMObject::trace(visitor); | 690 ActiveDOMObject::trace(visitor); |
| 691 } | 691 } |
| 692 | 692 |
| 693 } // namespace blink | 693 } // namespace blink |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 908483002:
Fix to respect --explicitly-allowed-ports command line option (Closed)
Base URL: https://chromium.googlesource.com/chromium/blink.git@master