Commit 82988b5d authored by abarth@webkit.org's avatar abarth@webkit.org

2008-06-23 Adam Barth <abarth@webkit.org>

        Reviewed by Darin Adler.

        https://bugs.webkit.org/show_bug.cgi?id=16756

        Move isAllowedToLoadLocalResources into SecurityOrigin.

        * dom/Document.cpp:
        (WebCore::Document::Document):
        (WebCore::Document::setURL):
        (WebCore::Document::initSecurityContext):
        * dom/Document.h:
        * loader/FrameLoader.cpp:
        (WebCore::FrameLoader::canLoad):
        * platform/SecurityOrigin.cpp:
        (WebCore::SecurityOrigin::SecurityOrigin):
        (WebCore::SecurityOrigin::isLocal):
        * platform/SecurityOrigin.h:
        (WebCore::SecurityOrigin::protocol):
        (WebCore::SecurityOrigin::host):
        (WebCore::SecurityOrigin::domain):
        (WebCore::SecurityOrigin::port):
        (WebCore::SecurityOrigin::canLoadLocalResources):
        (WebCore::SecurityOrigin::grantLoadLocalResources):
        * xml/XMLHttpRequest.cpp:
        (WebCore::XMLHttpRequest::setRequestHeader):


git-svn-id: http://svn.webkit.org/repository/webkit/trunk@34753 268f45cc-cd09-0410-ab3c-d52691b4dbfc
parent 2b8ef06b
2008-06-23 Adam Barth <abarth@webkit.org>
Reviewed by Darin Adler.
https://bugs.webkit.org/show_bug.cgi?id=16756
Move isAllowedToLoadLocalResources into SecurityOrigin.
* dom/Document.cpp:
(WebCore::Document::Document):
(WebCore::Document::setURL):
(WebCore::Document::initSecurityContext):
* dom/Document.h:
* loader/FrameLoader.cpp:
(WebCore::FrameLoader::canLoad):
* platform/SecurityOrigin.cpp:
(WebCore::SecurityOrigin::SecurityOrigin):
(WebCore::SecurityOrigin::isLocal):
* platform/SecurityOrigin.h:
(WebCore::SecurityOrigin::protocol):
(WebCore::SecurityOrigin::host):
(WebCore::SecurityOrigin::domain):
(WebCore::SecurityOrigin::port):
(WebCore::SecurityOrigin::canLoadLocalResources):
(WebCore::SecurityOrigin::grantLoadLocalResources):
* xml/XMLHttpRequest.cpp:
(WebCore::XMLHttpRequest::setRequestHeader):
2008-06-23 Mark Rowe <mrowe@apple.com>
Fix the Windows build.
......@@ -287,7 +287,6 @@ Document::Document(Frame* frame, bool isXHTML)
, m_accessKeyMapValid(false)
, m_createRenderers(true)
, m_inPageCache(false)
, m_isAllowedToLoadLocalResources(false)
, m_useSecureKeyboardEntryWhenActive(false)
, m_isXHTML(isXHTML)
, m_numNodeListCaches(0)
......@@ -1705,28 +1704,8 @@ void Document::setURL(const KURL& url)
m_url = newURL;
m_documentURI = m_url.string();
m_isAllowedToLoadLocalResources = shouldBeAllowedToLoadLocalResources();
updateBaseURL();
}
bool Document::shouldBeAllowedToLoadLocalResources() const
{
if (FrameLoader::shouldTreatURLAsLocal(m_url.string()))
return true;
Frame* frame = this->frame();
if (!frame)
return false;
DocumentLoader* documentLoader = frame->loader()->documentLoader();
if (!documentLoader)
return false;
if (m_url == blankURL() && frame->loader()->opener() && frame->loader()->opener()->document()->isAllowedToLoadLocalResources())
return true;
return documentLoader->substituteData().isValid();
}
void Document::setBaseElementURL(const KURL& baseElementURL)
{
......@@ -3945,6 +3924,13 @@ void Document::initSecurityContext()
m_cookieURL = url;
m_securityOrigin = SecurityOrigin::create(url);
// If this document was loaded with substituteData, then the document can
// load local resources. See https://bugs.webkit.org/show_bug.cgi?id=16756
// for further discussion.
DocumentLoader* documentLoader = m_frame->loader()->documentLoader();
if (documentLoader && documentLoader->substituteData().isValid())
m_securityOrigin->grantLoadLocalResources();
if (!m_securityOrigin->isEmpty())
return;
......
......@@ -729,8 +729,6 @@ public:
const String& iconURL() const { return m_iconURL; }
void setIconURL(const String& iconURL, const String& type);
bool isAllowedToLoadLocalResources() const { return m_isAllowedToLoadLocalResources; }
void setUseSecureKeyboardEntryWhenActive(bool);
bool useSecureKeyboardEntryWhenActive() const;
......@@ -964,8 +962,6 @@ protected:
void clearXMLVersion() { m_xmlVersion = String(); }
private:
bool shouldBeAllowedToLoadLocalResources() const;
void updateTitle();
void removeAllDisconnectedNodeEventListeners();
void imageLoadEventTimerFired(Timer<Document>*);
......@@ -1020,8 +1016,6 @@ private:
HashSet<Element*> m_pageCacheCallbackElements;
bool m_isAllowedToLoadLocalResources;
bool m_useSecureKeyboardEntryWhenActive;
bool m_isXHTML;
......
......@@ -2262,7 +2262,7 @@ bool FrameLoader::canLoad(const KURL& url, const Document* doc)
if (!shouldTreatURLAsLocal(url.string()))
return true;
return doc && doc->isAllowedToLoadLocalResources();
return doc && doc->securityOrigin()->canLoadLocalResources();
}
bool FrameLoader::canLoad(const CachedResource& resource, const Document* doc)
......@@ -2270,7 +2270,7 @@ bool FrameLoader::canLoad(const CachedResource& resource, const Document* doc)
if (!resource.treatAsLocal())
return true;
return doc && doc->isAllowedToLoadLocalResources();
return doc && doc->securityOrigin()->canLoadLocalResources();
}
void FrameLoader::reportLocalLoadFailed(Frame* frame, const String& url)
......
......@@ -69,6 +69,9 @@ SecurityOrigin::SecurityOrigin(const KURL& url)
// document.domain starts as m_host, but can be set by the DOM.
m_domain = m_host;
// By default, only local SecurityOrigins can load local resources.
m_canLoadLocalResources = isLocal();
if (isDefaultPortForProtocol(m_port, m_protocol))
m_port = 0;
}
......@@ -80,6 +83,7 @@ SecurityOrigin::SecurityOrigin(const SecurityOrigin* other)
, m_port(other->m_port)
, m_noAccess(other->m_noAccess)
, m_domainWasSetInDOM(other->m_domainWasSetInDOM)
, m_canLoadLocalResources(other->m_canLoadLocalResources)
{
}
......@@ -111,7 +115,7 @@ void SecurityOrigin::setDomainFromDOM(const String& newDomain)
bool SecurityOrigin::canAccess(const SecurityOrigin* other) const
{
if (FrameLoader::shouldTreatSchemeAsLocal(m_protocol))
if (isLocal())
return true;
if (m_noAccess || other->m_noAccess)
......@@ -152,7 +156,7 @@ bool SecurityOrigin::canAccess(const SecurityOrigin* other) const
bool SecurityOrigin::canRequest(const KURL& url) const
{
if (FrameLoader::shouldTreatSchemeAsLocal(m_protocol))
if (isLocal())
return true;
if (m_noAccess)
......@@ -165,6 +169,11 @@ bool SecurityOrigin::canRequest(const KURL& url) const
return isSameSchemeHostPort(targetOrigin.get());
}
bool SecurityOrigin::isLocal() const
{
return FrameLoader::shouldTreatSchemeAsLocal(m_protocol);
}
bool SecurityOrigin::isSecureTransitionTo(const KURL& url) const
{
// New window created by the application
......
......@@ -46,26 +46,61 @@ namespace WebCore {
static PassRefPtr<SecurityOrigin> create(const KURL&);
static PassRefPtr<SecurityOrigin> createEmpty();
// Create a deep copy of this SecurityOrigin. This method is useful
// when marshalling a SecurityOrigin to another thread.
PassRefPtr<SecurityOrigin> copy();
// Set the domain property of this security origin to newDomain. This
// function does not check whether newDomain is a suffix of the current
// domain. The caller is responsible for validating newDomain.
void setDomainFromDOM(const String& newDomain);
String protocol() const { return m_protocol; }
String host() const { return m_host; }
String domain() const { return m_domain; }
unsigned short port() const { return m_port; }
// Returns true if this SecurityOrigin can script objects in the given
// SecurityOrigin.
// SecurityOrigin. For example, call this function before allowing
// script from one security origin to read or write objects from
// another SecurityOrigin.
bool canAccess(const SecurityOrigin*) const;
// Returns true if this SecurityOrigin can read content retrieved from
// the given URL. For example, call this function before issuing
// the given URL. For example, call this function before issuing
// XMLHttpRequests.
bool canRequest(const KURL&) const;
// Returns true if this SecurityOrigin can load local resources, such
// as images, iframes, and style sheets, and can link to local URLs.
// For example, call this function before creating an iframe to a
// file:// URL.
//
// Note: A SecurityOrigin might be allowed to load local resources
// without being able to issue an XMLHttpRequest for a local URL.
// To determine whether the SecurityOrigin can issue an
// XMLHttpRequest for a URL, call canRequest(url).
bool canLoadLocalResources() const { return m_canLoadLocalResources; }
// Explicitly grant the ability to load local resources to this
// SecurityOrigin.
void grantLoadLocalResources() { m_canLoadLocalResources = true; }
bool isSecureTransitionTo(const KURL&) const;
// The local SecurityOrigin is the most privileged SecurityOrigin.
// The local SecurityOrigin can script any document, navigate to local
// resources, and can set arbitrary headers on XMLHttpRequests.
bool isLocal() const;
// The empty SecurityOrigin is the least privileged SecurityOrigin.
bool isEmpty() const;
// Convert this SecurityOrigin into a string. The string
// representation of a SecurityOrigin is similar to a URL, except it
// lacks a path component. The string representation does not encode
// the value of the SecurityOrigin's domain property. The empty
// SecurityOrigin is represented with the null string.
String toString() const;
// Serialize the security origin for storage in the database. This format is
......@@ -94,6 +129,7 @@ namespace WebCore {
unsigned short m_port;
bool m_noAccess;
bool m_domainWasSetInDOM;
bool m_canLoadLocalResources;
};
} // namespace WebCore
......
......@@ -702,7 +702,7 @@ void XMLHttpRequest::setRequestHeader(const String& name, const String& value, E
}
// A privileged script (e.g. a Dashboard widget) can set any headers.
if (!m_doc->isAllowedToLoadLocalResources() && !isSafeRequestHeader(name)) {
if (!m_doc->securityOrigin()->canLoadLocalResources() && !isSafeRequestHeader(name)) {
if (m_doc && m_doc->frame())
m_doc->frame()->domWindow()->console()->addMessage(JSMessageSource, ErrorMessageLevel, "Refused to set unsafe header " + name, 1, String());
return;
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment