Commit 3db1ca14 authored by ap@webkit.org's avatar ap@webkit.org

Reviewed by Darin Adler.

        https://bugs.webkit.org/show_bug.cgi?id=23535
        Strengthen debug checks in KURL

        Covered (and prompted) by existing tests.

        * platform/KURL.cpp:
        (WebCore::checkEncodedString): Check that the first character of the URL is an allowed
        first scheme character, not just that it isn't a slash.
        (WebCore::KURL::KURL): Assert that parsing didn't affect the string (which must be the case
        because of parsing being idempotent).

        * page/SecurityOrigin.cpp:
        (WebCore::SecurityOrigin::create): Added a check for the URL being valid - if it is not, an
        empty security origin is created.
        (WebCore::SecurityOrigin::createFromString): Parse the string as URL, do not just convert
        it - it is not guaranteed to be properly encoded.

        * dom/Document.cpp: (WebCore::Document::updateBaseURL): As documentURI is an arbitrary
        string, it needs to be parsed into an URL, not just converted into one.

        * html/CanvasRenderingContext2D.cpp: (WebCore::CanvasRenderingContext2D::createPattern):
        Create the security origin with createFromString() instead of create(). I do not know where
        the string comes from and whether it might not be properly encoded, but this change can't
        hurt, and makes the code slightly more clear.

        * xml/XMLHttpRequest.cpp: (WebCore::XMLHttpRequest::accessControlCheck): Create the security
        origin with createFromString() instead of create(). The string comes from an HTTP response
        header, so it may not be a properly encoded URL.

        * loader/DocLoader.cpp: (WebCore::DocLoader::requestResource): Do not try to request using
        invalid URLs.

        * page/DOMWindow.cpp: (WebCore::DOMWindow::postMessage): Updated to call
        SecurityOrigin::createFromString() (no change in behavior).



git-svn-id: http://svn.webkit.org/repository/webkit/trunk@40242 268f45cc-cd09-0410-ab3c-d52691b4dbfc
parent ff3ec5a6
2009-01-25 Alexey Proskuryakov <ap@webkit.org>
Reviewed by Darin Adler.
https://bugs.webkit.org/show_bug.cgi?id=23535
Strengthen debug checks in KURL
Covered (and prompted) by existing tests.
* platform/KURL.cpp:
(WebCore::checkEncodedString): Check that the first character of the URL is an allowed
first scheme character, not just that it isn't a slash.
(WebCore::KURL::KURL): Assert that parsing didn't affect the string (which must be the case
because of parsing being idempotent).
* page/SecurityOrigin.cpp:
(WebCore::SecurityOrigin::create): Added a check for the URL being valid - if it is not, an
empty security origin is created.
(WebCore::SecurityOrigin::createFromString): Parse the string as URL, do not just convert
it - it is not guaranteed to be properly encoded.
* dom/Document.cpp: (WebCore::Document::updateBaseURL): As documentURI is an arbitrary
string, it needs to be parsed into an URL, not just converted into one.
* html/CanvasRenderingContext2D.cpp: (WebCore::CanvasRenderingContext2D::createPattern):
Create the security origin with createFromString() instead of create(). I do not know where
the string comes from and whether it might not be properly encoded, but this change can't
hurt, and makes the code slightly more clear.
* xml/XMLHttpRequest.cpp: (WebCore::XMLHttpRequest::accessControlCheck): Create the security
origin with createFromString() instead of create(). The string comes from an HTTP response
header, so it may not be a properly encoded URL.
* loader/DocLoader.cpp: (WebCore::DocLoader::requestResource): Do not try to request using
invalid URLs.
* page/DOMWindow.cpp: (WebCore::DOMWindow::postMessage): Updated to call
SecurityOrigin::createFromString() (no change in behavior).
2009-01-25 Mark Rowe <mrowe@apple.com>
Rubber-stamped by Dan Bernstein.
......@@ -1769,7 +1769,15 @@ void Document::setBaseElementURL(const KURL& baseElementURL)
void Document::updateBaseURL()
{
m_baseURL = m_baseElementURL.isEmpty() ? KURL(documentURI()) : m_baseElementURL;
// DOM 3 Core: When the Document supports the feature "HTML" [DOM Level 2 HTML], the base URI is computed using
// first the value of the href attribute of the HTML BASE element if any, and the value of the documentURI attribute
// from the Document interface otherwise.
if (m_baseElementURL.isEmpty()) {
// The documentURI attribute is an arbitrary string. DOM 3 Core does not specify how it should be resolved,
// so we use a null base URL.
m_baseURL = KURL(KURL(), documentURI());
} else
m_baseURL = m_baseElementURL;
if (!m_baseURL.isValid())
m_baseURL = KURL();
......
......@@ -1110,8 +1110,7 @@ PassRefPtr<CanvasPattern> CanvasRenderingContext2D::createPattern(HTMLImageEleme
if (!cachedImage || !image->cachedImage()->image())
return CanvasPattern::create(Image::nullImage(), repeatX, repeatY, true);
KURL url(cachedImage->url());
RefPtr<SecurityOrigin> origin = SecurityOrigin::create(url);
RefPtr<SecurityOrigin> origin = SecurityOrigin::createFromString(cachedImage->url());
bool originClean = m_canvas->document()->securityOrigin()->canAccess(origin.get());
return CanvasPattern::create(cachedImage->image(), repeatX, repeatY, originClean);
}
......
......@@ -191,7 +191,7 @@ CachedResource* DocLoader::requestResource(CachedResource::Type type, const Stri
{
KURL fullURL = m_doc->completeURL(url);
if (!canRequest(type, fullURL))
if (!fullURL.isValid() || !canRequest(type, fullURL))
return 0;
if (cache()->disabled()) {
......
......@@ -363,7 +363,7 @@ void DOMWindow::postMessage(const String& message, MessagePort* messagePort, con
// to generate the SYNTAX_ERR exception correctly.
RefPtr<SecurityOrigin> target;
if (targetOrigin != "*") {
target = SecurityOrigin::create(KURL(KURL(), targetOrigin, UTF8Encoding()));
target = SecurityOrigin::createFromString(targetOrigin);
if (target->isEmpty()) {
ec = SYNTAX_ERR;
return;
......
......@@ -96,6 +96,8 @@ bool SecurityOrigin::isEmpty() const
PassRefPtr<SecurityOrigin> SecurityOrigin::create(const KURL& url)
{
if (!url.isValid())
return adoptRef(new SecurityOrigin(KURL()));
return adoptRef(new SecurityOrigin(url));
}
......@@ -224,7 +226,7 @@ String SecurityOrigin::toString() const
PassRefPtr<SecurityOrigin> SecurityOrigin::createFromString(const String& originString)
{
return SecurityOrigin::create(KURL(originString));
return SecurityOrigin::create(KURL(KURL(), originString));
}
static const char SeparatorCharacter = '_';
......
......@@ -273,8 +273,7 @@ static void checkEncodedString(const String& url)
for (unsigned i = 0; i < url.length(); ++i)
ASSERT(!(url[i] & ~0x7F));
// FIXME: The first character should be checked with isSchemeFirstChar(), but some layout tests currently trigger this assertion.
ASSERT(!url.length() || url[0] != '/');
ASSERT(!url.length() || isSchemeFirstChar(url[0]));
}
#else
static inline void checkEncodedString(const String&)
......@@ -305,6 +304,7 @@ void KURL::invalidate()
KURL::KURL(const char* url)
{
parse(url, 0);
ASSERT(url == m_string);
}
KURL::KURL(const String& url)
......@@ -312,6 +312,7 @@ KURL::KURL(const String& url)
checkEncodedString(url);
parse(url);
ASSERT(url == m_string);
}
KURL::KURL(const KURL& base, const String& relative)
......
......@@ -1233,11 +1233,7 @@ bool XMLHttpRequest::accessControlCheck(const ResourceResponse& response)
if (accessControlOriginString == "*" && !m_includeCredentials)
return true;
KURL accessControlOriginURL(accessControlOriginString);
if (!accessControlOriginURL.isValid())
return false;
RefPtr<SecurityOrigin> accessControlOrigin = SecurityOrigin::create(accessControlOriginURL);
RefPtr<SecurityOrigin> accessControlOrigin = SecurityOrigin::createFromString(accessControlOriginString);
if (!accessControlOrigin->isSameSchemeHostPort(scriptExecutionContext()->securityOrigin()))
return false;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment