diff options
Diffstat (limited to 'src/3rdparty/webkit/WebCore/page/SecurityOrigin.cpp')
-rw-r--r-- | src/3rdparty/webkit/WebCore/page/SecurityOrigin.cpp | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/src/3rdparty/webkit/WebCore/page/SecurityOrigin.cpp b/src/3rdparty/webkit/WebCore/page/SecurityOrigin.cpp index c0b3e22..516c533 100644 --- a/src/3rdparty/webkit/WebCore/page/SecurityOrigin.cpp +++ b/src/3rdparty/webkit/WebCore/page/SecurityOrigin.cpp @@ -90,6 +90,20 @@ static URLSchemesMap& schemesWithUniqueOrigins() return schemesWithUniqueOrigins; } +static bool schemeRequiresAuthority(const String& scheme) +{ + DEFINE_STATIC_LOCAL(URLSchemesMap, schemes, ()); + + if (schemes.isEmpty()) { + schemes.add("http"); + schemes.add("https"); + schemes.add("ftp"); + } + + return schemes.contains(scheme); +} + + SecurityOrigin::SecurityOrigin(const KURL& url, SandboxFlags sandboxFlags) : m_sandboxFlags(sandboxFlags) , m_protocol(url.protocol().isNull() ? "" : url.protocol().lower()) @@ -103,6 +117,10 @@ SecurityOrigin::SecurityOrigin(const KURL& url, SandboxFlags sandboxFlags) if (m_protocol == "about" || m_protocol == "javascript") m_protocol = ""; + // For edge case URLs that were probably misparsed, make sure that the origin is unique. + if (schemeRequiresAuthority(m_protocol) && m_host.isEmpty()) + m_isUnique = true; + // document.domain starts as m_host, but can be set by the DOM. m_domain = m_host; |