Skip to content
Find file Blame History Permalink
  • abarth@webkit.org's avatar
    Unique origins shouldn't remember their scheme, host, or port · 6b94e708
    abarth@webkit.org authored 
    https://bugs.webkit.org/show_bug.cgi?id=72308

Reviewed by Eric Seidel.

Source/WebCore: 

This patch contains the bulk (all?) of the behavior differences in this
patch series.  Unique origins shouldn't remember their schemes.  Doing
so causes some privileges (e.g., local access) to leak into unique
origins.

* page/SecurityOrigin.cpp:
(WebCore::SecurityOrigin::SecurityOrigin):
    - Explicitly clear out the protocol, host, and port for unique
      origins.  A future patch will refactor all this code to be more
      elegant.
* platform/SchemeRegistry.cpp:
(WebCore::schemesWithUniqueOrigins):
    - Merge "about" and "javascript" in with the general case now that
      we don't have a separate notion of an empty origin.

LayoutTests: 

* fast/filesystem/async-operations-expected.txt:
* fast/filesystem/not-enough-arguments-expected.txt:
* fast/filesystem/read-directory-expected.txt:
* fast/filesystem/simple-persistent-expected.txt:
* fast/filesystem/simple-readonly-expected.txt:
* fast/filesystem/simple-temporary-expected.txt:
    - Update test results to show that we no longer leak the scheme in
      storage identifiers.
* fast/frames/resources/sandboxed-iframe-storage-disallowed.html:
    - Inline script because the sandbox iframe isn't allowed to load
      local resources.
* fast/frames/sandboxed-iframe-attribute-parsing.html:
* fast/frames/sandboxed-iframe-forms-dynamic.html:
* fast/frames/sandboxed-iframe-forms.html:
* fast/frames/sandboxed-iframe-navigation-top-by-constant-name.html:
* fast/frames/sandboxed-iframe-navigation-top-by-constant-name2.html:
* fast/frames/sandboxed-iframe-navigation-top-by-name.html:
* fast/frames/sandboxed-iframe-navigation-top.html:
* media/video-controls-no-scripting.html:
    - Previously sandboxed local iframes still got universal access
      when we're running with universal access for file URLs!  Now that
      they correctly get unique origins, we need to update these tests
      to allow-same-origin access in order for them to function
      properly.


git-svn-id: http://svn.webkit.org/repository/webkit/trunk@100213 268f45cc-cd09-0410-ab3c-d52691b4dbfc
    6b94e708