Skip to content
  • weinig@apple.com's avatar
    WebCore: · 205006ed
    weinig@apple.com authored
    2008-04-26  Adam Barth  <hk9565@gmail.com>
    
            Reviewed by Adam Roben and Sam Weinig.
    
            Fixes bug http://bugs.webkit.org/show_bug.cgi?id=17331
            Fixes bug http://bugs.webkit.org/show_bug.cgi?id=16848
            
            Updates postMessage implementation to match HTML 5 specification:
            1) Adds origin parameter to postMessage.
            2) Removes domain and uri attributes of MessageEvent in favor of
               origin attribute.
    
            In order to do this correctly, we need to distinguish between hosts and domains
            in the SecurityOrigin class. There are now three ways to compare security origins:
            1) isSameSchemeHostPort compares scheme, host, and port, and is used for postMessage
            2) equal compares all aspects of the security origin, and is used for hash keys
            3) canAccess understands the semantics of schemes such as file:// and data:// URLs,
               and should be used for scripting access checks.
    
            Changed SecurityOrigin::toString() to generate identifiers that are suitable for 
            being used as a MessageEvent's origin property. In the future, they could be used 
            as database string identifiers as well. Re-used KURL parser to parse serialized 
            SecurityOrigins.
    
            Collin Jackson <collinj-webkit@collinjackson.com> also contributed to this patch.
            
            Tests: http/tests/security/postMessage/invalid-origin-throws-exception.html
                   http/tests/security/postMessage/javascript-page-still-sends-origin.html
                   http/tests/security/postMessage/origin-unaffected-by-base-tag.html
                   http/tests/security/postMessage/origin-unaffected-by-document-domain.html
                   http/tests/security/postMessage/target-origin.html
    
            * WebCore.base.exp:
            * bindings/js/JSDOMWindowCustom.cpp:
            (WebCore::JSDOMWindow::postMessage):
            * dom/Document.cpp:
            (WebCore::Document::domain):
            * dom/MessageEvent.cpp:
            (WebCore::MessageEvent::MessageEvent):
            (WebCore::MessageEvent::initMessageEvent):
            * dom/MessageEvent.h:
            (WebCore::MessageEvent::origin):
            * dom/MessageEvent.idl:
            * html/CanvasRenderingContext2D.cpp:
            (WebCore::CanvasRenderingContext2D::checkOrigin):
            (WebCore::CanvasRenderingContext2D::createPattern):
            * page/DOMWindow.cpp:
            (WebCore::DOMWindow::postMessage):
            * page/DOMWindow.h:
            * page/DOMWindow.idl:
            * platform/SecurityOrigin.cpp:
            (WebCore::SecurityOrigin::SecurityOrigin):
            (WebCore::SecurityOrigin::create):
            (WebCore::SecurityOrigin::createForFrame):
            (WebCore::SecurityOrigin::copy):
            (WebCore::SecurityOrigin::setDomainFromDOM):
            (WebCore::SecurityOrigin::canAccess):
            (WebCore::SecurityOrigin::isSecureTransitionTo):
            (WebCore::SecurityOrigin::toString):
            (WebCore::SecurityOrigin::createFromString):
            (WebCore::SecurityOrigin::createFromDatabaseIdentifier):
            (WebCore::SecurityOrigin::databaseIdentifier):
            (WebCore::SecurityOrigin::equal):
            (WebCore::SecurityOrigin::isSameSchemeHostPort):
            * platform/SecurityOrigin.h:
            (WebCore::SecurityOrigin::host):
            (WebCore::SecurityOrigin::domain):
            * platform/SecurityOriginHash.h:
            (WebCore::SecurityOriginTraits::deletedValue):
            * storage/DatabaseTracker.cpp:
            (WebCore::DatabaseTracker::hasEntryForDatabase):
            (WebCore::DatabaseTracker::originPath):
            (WebCore::DatabaseTracker::fullPathForDatabase):
            (WebCore::DatabaseTracker::populateOrigins):
            (WebCore::DatabaseTracker::databaseNamesForOrigin):
            (WebCore::DatabaseTracker::detailsForNameAndOrigin):
            (WebCore::DatabaseTracker::setDatabaseDetails):
            (WebCore::DatabaseTracker::setQuota):
            (WebCore::DatabaseTracker::addDatabase):
            (WebCore::DatabaseTracker::deleteOrigin):
            (WebCore::DatabaseTracker::deleteDatabase):
    
    WebKit/mac:
    
    2008-04-20 Adam Barth <hk9565@gmail.com>
    
            Reviewed by Adam Roben and Sam Weinig.
    
            Updated WebSecurityOrigin to match new SecurityOrigin API.
    
            Collin Jackson <collinj-webkit@collinjackson.com> also contributed to this patch.
    
            * Storage/WebSecurityOrigin.mm:
            (-[WebSecurityOrigin host]):
            (-[WebSecurityOrigin domain]):
            * Storage/WebSecurityOriginPrivate.h:
    
    WebKit/win:
    
    2008-04-26  Adam Barth <hk9565@gmail.com>
    
            Reviewed by Adam Roben and Sam Weinig.
    
            Renamed "domain" method to "host" to match SecurityOrigin.
    
            * Interfaces/IWebSecurityOrigin.idl:
            * WebSecurityOrigin.cpp:
            (WebSecurityOrigin::host):
            * WebSecurityOrigin.h:
    
    WebKitTools:
    
    2008-04-26  Adam Barth <hk9565@gmail.com>
    
            Reviewed by Adam Roben and Sam Weinig.
    
            Updates LayoutTestController to use host instead of domain.
    
            Collin Jackson <collinj-webkit@collinjackson.com> also contributed to this patch.
    
            * DumpRenderTree/mac/LayoutTestControllerMac.mm:
            (LayoutTestController::setDatabaseQuota):
            * DumpRenderTree/mac/UIDelegate.mm:
            (-[UIDelegate webView:frame:exceededDatabaseQuotaForSecurityOrigin:database:]):
    
    LayoutTests:
    
    2008-04-26  Adam Barth  <hk9565@gmail.com>
    
            Reviewed by Adam Roben and Sam Weinig.
    
            Update LayoutTests for new postMessage API.
    
            Collin Jackson <collinj-webkit@collinjackson.com> also contributed to this patch.
    
            * http/tests/security/postMessage/domain-and-uri-unaffected-by-base-tag-expected.txt: Removed.
            * http/tests/security/postMessage/domain-and-uri-unaffected-by-base-tag.html: Removed.
            * http/tests/security/postMessage/domain-unaffected-by-document-domain-expected.txt: Removed.
            * http/tests/security/postMessage/domain-unaffected-by-document-domain.html: Removed.
            * http/tests/security/postMessage/invalid-origin-throws-exception-expected.txt: Added.
            * http/tests/security/postMessage/invalid-origin-throws-exception.html: Added.
            * http/tests/security/postMessage/javascript-page-still-sends-domain-expected.txt: Removed.
            * http/tests/security/postMessage/javascript-page-still-sends-domain.html: Removed.
            * http/tests/security/postMessage/javascript-page-still-sends-origin-expected.txt: Copied from LayoutTests/http/tests/security/postMessage/javascript-page-still-sends-domain-expected.txt.
            * http/tests/security/postMessage/javascript-page-still-sends-origin.html: Copied from LayoutTests/http/tests/security/postMessage/javascript-page-still-sends-domain.html.
            * http/tests/security/postMessage/origin-unaffected-by-base-tag-expected.txt: Copied from LayoutTests/http/tests/security/postMessage/domain-and-uri-unaffected-by-base-tag-expected.txt.
            * http/tests/security/postMessage/origin-unaffected-by-base-tag.html: Copied from LayoutTests/http/tests/security/postMessage/domain-and-uri-unaffected-by-base-tag.html.
            * http/tests/security/postMessage/origin-unaffected-by-document-domain-expected.txt: Copied from LayoutTests/http/tests/security/postMessage/domain-unaffected-by-document-domain-expected.txt.
            * http/tests/security/postMessage/origin-unaffected-by-document-domain.html: Copied from LayoutTests/http/tests/security/postMessage/domain-unaffected-by-document-domain.html.
            * http/tests/security/postMessage/target-origin-expected.txt: Added.
            * http/tests/security/postMessage/target-origin.html: Added.
    
    
    
    git-svn-id: http://svn.webkit.org/repository/webkit/trunk@32597 268f45cc-cd09-0410-ab3c-d52691b4dbfc
    205006ed