-
aroben@apple.com authored
Fixes <http://webkit.org/b/33806> <rdar://problem/7552837> Would like API to disallow setting of document.domain for pages with certain URL schemes Reviewed by Sam Weinig. WebCore: Add SecurityOrigin::{set,is}DomainRelaxationForbiddenForURLScheme and respect it Test: http/tests/security/setDomainRelaxationForbiddenForURLScheme.html * WebCore.base.exp: Export SecurityOrigin::setDomainRelaxationForbiddenForURLScheme. * dom/Document.cpp: (WebCore::Document::setDomain): If domain relaxation is forbidden for our security origin's scheme, throw an exception and don't allow the domain to be set. * page/SecurityOrigin.cpp: (WebCore::schemesForbiddenFromDomainRelaxation): Added. Returns a global set of schemes. (WebCore::SecurityOrigin::setDomainRelaxationForbiddenForURLScheme): Add or remove the scheme to schemesForbiddenFromDomainRelaxation, as appropriate. (WebCore::SecurityOrigin::isDomainRelaxationForbiddenForURLScheme): Returns true if the scheme is in schemesForbiddenFromDomainRelaxation. * page/SecurityOrigin.h: Added {set,is}DomainRelaxationForbiddenForURLScheme. WebKit/mac: Add +[WebView _setDomainRelaxationForbidden:forURLScheme:] * WebView/WebView.mm: (+[WebView _setDomainRelaxationForbidden:forURLScheme:]): * WebView/WebViewPrivate.h: Added. Calls through to SecurityOrigin. WebKit/win: Add IWebViewPrivate::setDomainRelaxationForbiddenForURLScheme * Interfaces/IWebViewPrivate.idl: Added setDomainRelaxationForbiddenForURLScheme. * Interfaces/WebKit.idl: Touched to force a build. * WebView.cpp: (WebView::setDomainRelaxationForbiddenForURLScheme): * WebView.h: Added. Calls through to SecurityOrigin. WebKitTools: Add LayoutTestController support for calling new WebKit SPI to disallow setting document.domain * DumpRenderTree/LayoutTestController.cpp: (setDomainRelaxationForbiddenForURLSchemeCallback): Added. Calls through to LayoutTestController. (LayoutTestController::staticFunctions): Added setDomainRelaxationForbiddenForURLScheme. * DumpRenderTree/LayoutTestController.h: Added setDomainRelaxationForbiddenForURLScheme. * DumpRenderTree/mac/LayoutTestControllerMac.mm: (LayoutTestController::setDomainRelaxationForbiddenForURLScheme): * DumpRenderTree/win/LayoutTestControllerWin.cpp: (LayoutTestController::setDomainRelaxationForbiddenForURLScheme): Added. Calls through to WebKit. * DumpRenderTree/gtk/LayoutTestControllerGtk.cpp: (LayoutTestController::setDomainRelaxationForbiddenForURLScheme): * DumpRenderTree/wx/LayoutTestControllerWx.cpp: (LayoutTestController::setDomainRelaxationForbiddenForURLScheme): Stubbed out. LayoutTests: Add tests for new WebKit SPI to disallow setting document.domain * http/tests/security/setDomainRelaxationForbiddenForURLScheme-expected.txt: Added. * http/tests/security/setDomainRelaxationForbiddenForURLScheme.html: Added. * platform/gtk/Skipped: Skip the new test since WebKitGtk doesn't have this API. git-svn-id: http://svn.webkit.org/repository/webkit/trunk@53423 268f45cc-cd09-0410-ab3c-d52691b4dbfc
9ca1e9e3