https://bugs.webkit.org/show_bug.cgi?id=79704
<rdar://problem/10912430>

Reviewed by Adam Barth.

Source/WebCore:

Before checking or requesting permissions, we look at whether we can show notifications based on
the security context. If not, we short circuit and do not forward the request to the client.

* notifications/Notification.cpp:
(WebCore::Notification::Notification): Fix a bug where creating a notification goes through slightly
different logic for checking permissions than when checking permissions through the
notification center.
* notifications/NotificationCenter.cpp:
(WebCore::NotificationCenter::checkPermission): Check to see if the origin can show notifications.
(WebCore::NotificationCenter::requestPermission): If we know whether an origin can show notifications,
we asynchronously call the callback with that decision. Otherwise we ask the client.

Add new variable in the notification center to keep track of pending callbacks when we short-circuit
requestPermission().
* notifications/NotificationCenter.h:
(NotificationRequestCallback): Add new private class encapsulating the callback.
* notifications/NotificationCenter.cpp:
(WebCore::NotificationCenter::requestTimedOut): Remove the request from the set of pending callbacks.
(WebCore::NotificationCenter::NotificationRequest::createAndStartTimer): Because this is used when we already
know the decision, and are not asking the client to decide, we can immediately trigger a one-shot timer
to invoke the callback.
(WebCore::NotificationCenter::NotificationRequest::NotificationRequest):
(WebCore::NotificationCenter::NotificationRequest::startTimer):
(WebCore::NotificationCenter::NotificationRequest::timerFired): Invoke the callback and tell the notification
center.
* page/SecurityOrigin.h: Add new toRawString() method to return the string representation of the origin,
regardless of any restrictions that might otherwise cause toString() to return "null".
* page/SecurityOrigin.cpp:
(WebCore::SecurityOrigin::canShowNotifications): Added to return a tri-state regarding whether we know
the origin can show notifications. If the origin is unique, we never let it show. If the origin has
universal access, we always let it show. Otherwise the client should be asked.
(WebCore::SecurityOrigin::toString): Refactor to use toRawString().
(WebCore::SecurityOrigin::toRawString):

Added FIXME's regarding the naming of enforceFilePathSeparation().
* dom/Document.cpp:
(WebCore::Document::initSecurityContext): Also, tab reformatting.

* WebCore.exp.in: Export toRawString().

Source/WebKit2:

In the specific case where a file URL has restricted file access and is denied universal access,
SecurityOrigin::canShowNotifications() returns Ask, since it is not considered a unique origin.
The cached table of permissions held by the notification manager will typically not have an entry for
the toString() representation of these file URLs, which is "null", since that can also cover unique
origins, and it is possible that the client will want different permissions between the two types.

It is reasonable, however, for there to be an entry for "file://", so we use toRawString() to do the lookup.

* WebProcess/Notifications/WebNotificationManager.cpp:
(WebKit::WebNotificationManager::policyForOrigin):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@111445 268f45cc-cd09-0410-ab3c-d52691b4dbfc