OLD | NEW |
1 /* | 1 /* |
2 * Copyright (C) 2011 Google Inc. All rights reserved. | 2 * Copyright (C) 2011 Google Inc. All rights reserved. |
3 * | 3 * |
4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
5 * modification, are permitted provided that the following conditions are | 5 * modification, are permitted provided that the following conditions are |
6 * met: | 6 * met: |
7 * | 7 * |
8 * * Redistributions of source code must retain the above copyright | 8 * * Redistributions of source code must retain the above copyright |
9 * notice, this list of conditions and the following disclaimer. | 9 * notice, this list of conditions and the following disclaimer. |
10 * * Redistributions in binary form must reproduce the above | 10 * * Redistributions in binary form must reproduce the above |
(...skipping 35 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
46 #include "core/frame/LocalDOMWindow.h" | 46 #include "core/frame/LocalDOMWindow.h" |
47 #include "core/frame/LocalFrame.h" | 47 #include "core/frame/LocalFrame.h" |
48 #include "core/frame/UseCounter.h" | 48 #include "core/frame/UseCounter.h" |
49 #include "core/frame/csp/ContentSecurityPolicy.h" | 49 #include "core/frame/csp/ContentSecurityPolicy.h" |
50 #include "core/inspector/ConsoleMessage.h" | 50 #include "core/inspector/ConsoleMessage.h" |
51 #include "core/inspector/ScriptCallStack.h" | 51 #include "core/inspector/ScriptCallStack.h" |
52 #include "modules/websockets/CloseEvent.h" | 52 #include "modules/websockets/CloseEvent.h" |
53 #include "platform/Logging.h" | 53 #include "platform/Logging.h" |
54 #include "platform/blob/BlobData.h" | 54 #include "platform/blob/BlobData.h" |
55 #include "platform/heap/Handle.h" | 55 #include "platform/heap/Handle.h" |
56 #include "platform/weborigin/KnownPorts.h" | |
57 #include "platform/weborigin/SecurityOrigin.h" | 56 #include "platform/weborigin/SecurityOrigin.h" |
58 #include "public/platform/Platform.h" | 57 #include "public/platform/Platform.h" |
59 #include "wtf/Assertions.h" | 58 #include "wtf/Assertions.h" |
60 #include "wtf/HashSet.h" | 59 #include "wtf/HashSet.h" |
61 #include "wtf/PassOwnPtr.h" | 60 #include "wtf/PassOwnPtr.h" |
62 #include "wtf/StdLibExtras.h" | 61 #include "wtf/StdLibExtras.h" |
63 #include "wtf/text/CString.h" | 62 #include "wtf/text/CString.h" |
64 #include "wtf/text/StringBuilder.h" | 63 #include "wtf/text/StringBuilder.h" |
65 #include "wtf/text/WTFString.h" | 64 #include "wtf/text/WTFString.h" |
66 | 65 |
(...skipping 231 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
298 m_state = CLOSED; | 297 m_state = CLOSED; |
299 exceptionState.throwDOMException(SyntaxError, "The URL's scheme must be
either 'ws' or 'wss'. '" + m_url.protocol() + "' is not allowed."); | 298 exceptionState.throwDOMException(SyntaxError, "The URL's scheme must be
either 'ws' or 'wss'. '" + m_url.protocol() + "' is not allowed."); |
300 return; | 299 return; |
301 } | 300 } |
302 | 301 |
303 if (m_url.hasFragmentIdentifier()) { | 302 if (m_url.hasFragmentIdentifier()) { |
304 m_state = CLOSED; | 303 m_state = CLOSED; |
305 exceptionState.throwDOMException(SyntaxError, "The URL contains a fragme
nt identifier ('" + m_url.fragmentIdentifier() + "'). Fragment identifiers are n
ot allowed in WebSocket URLs."); | 304 exceptionState.throwDOMException(SyntaxError, "The URL contains a fragme
nt identifier ('" + m_url.fragmentIdentifier() + "'). Fragment identifiers are n
ot allowed in WebSocket URLs."); |
306 return; | 305 return; |
307 } | 306 } |
308 if (!portAllowed(m_url)) { | 307 |
| 308 if (!Platform::current()->portAllowed(m_url)) { |
309 m_state = CLOSED; | 309 m_state = CLOSED; |
310 exceptionState.throwSecurityError("The port " + String::number(m_url.por
t()) + " is not allowed."); | 310 exceptionState.throwSecurityError("The port " + String::number(m_url.por
t()) + " is not allowed."); |
311 return; | 311 return; |
312 } | 312 } |
313 | 313 |
314 // FIXME: Convert this to check the isolated world's Content Security Policy
once webkit.org/b/104520 is solved. | 314 // FIXME: Convert this to check the isolated world's Content Security Policy
once webkit.org/b/104520 is solved. |
315 if (!ContentSecurityPolicy::shouldBypassMainWorld(executionContext()) && !ex
ecutionContext()->contentSecurityPolicy()->allowConnectToSource(m_url)) { | 315 if (!ContentSecurityPolicy::shouldBypassMainWorld(executionContext()) && !ex
ecutionContext()->contentSecurityPolicy()->allowConnectToSource(m_url)) { |
316 m_state = CLOSED; | 316 m_state = CLOSED; |
317 // The URL is safe to expose to JavaScript, as this check happens synchr
onously before redirection. | 317 // The URL is safe to expose to JavaScript, as this check happens synchr
onously before redirection. |
318 exceptionState.throwSecurityError("Refused to connect to '" + m_url.elid
edString() + "' because it violates the document's Content Security Policy."); | 318 exceptionState.throwSecurityError("Refused to connect to '" + m_url.elid
edString() + "' because it violates the document's Content Security Policy."); |
(...skipping 365 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
684 DEFINE_TRACE(DOMWebSocket) | 684 DEFINE_TRACE(DOMWebSocket) |
685 { | 685 { |
686 visitor->trace(m_channel); | 686 visitor->trace(m_channel); |
687 visitor->trace(m_eventQueue); | 687 visitor->trace(m_eventQueue); |
688 WebSocketChannelClient::trace(visitor); | 688 WebSocketChannelClient::trace(visitor); |
689 RefCountedGarbageCollectedEventTargetWithInlineData<DOMWebSocket>::trace(vis
itor); | 689 RefCountedGarbageCollectedEventTargetWithInlineData<DOMWebSocket>::trace(vis
itor); |
690 ActiveDOMObject::trace(visitor); | 690 ActiveDOMObject::trace(visitor); |
691 } | 691 } |
692 | 692 |
693 } // namespace blink | 693 } // namespace blink |
OLD | NEW |