summaryrefslogtreecommitdiffstats
path: root/src/3rdparty/webkit/WebCore/page/SecurityOrigin.h
diff options
context:
space:
mode:
Diffstat (limited to 'src/3rdparty/webkit/WebCore/page/SecurityOrigin.h')
-rw-r--r--src/3rdparty/webkit/WebCore/page/SecurityOrigin.h312
1 files changed, 172 insertions, 140 deletions
diff --git a/src/3rdparty/webkit/WebCore/page/SecurityOrigin.h b/src/3rdparty/webkit/WebCore/page/SecurityOrigin.h
index 6d4ce1f..11c213e 100644
--- a/src/3rdparty/webkit/WebCore/page/SecurityOrigin.h
+++ b/src/3rdparty/webkit/WebCore/page/SecurityOrigin.h
@@ -34,152 +34,184 @@
#include <wtf/PassRefPtr.h>
#include <wtf/Threading.h>
+#include "FrameLoaderTypes.h"
#include "PlatformString.h"
#include "StringHash.h"
namespace WebCore {
- typedef HashSet<String, CaseFoldingHash> URLSchemesMap;
-
- class Document;
- class KURL;
-
- class SecurityOrigin : public ThreadSafeShared<SecurityOrigin> {
- public:
- static PassRefPtr<SecurityOrigin> createFromDatabaseIdentifier(const String&);
- static PassRefPtr<SecurityOrigin> createFromString(const String&);
- static PassRefPtr<SecurityOrigin> create(const KURL&);
- static PassRefPtr<SecurityOrigin> createEmpty();
-
- // Create a deep copy of this SecurityOrigin. This method is useful
- // when marshalling a SecurityOrigin to another thread.
- PassRefPtr<SecurityOrigin> threadsafeCopy();
-
- // Set the domain property of this security origin to newDomain. This
- // function does not check whether newDomain is a suffix of the current
- // domain. The caller is responsible for validating newDomain.
- void setDomainFromDOM(const String& newDomain);
- bool domainWasSetInDOM() const { return m_domainWasSetInDOM; }
-
- String protocol() const { return m_protocol; }
- String host() const { return m_host; }
- String domain() const { return m_domain; }
- unsigned short port() const { return m_port; }
-
- // Returns true if this SecurityOrigin can script objects in the given
- // SecurityOrigin. For example, call this function before allowing
- // script from one security origin to read or write objects from
- // another SecurityOrigin.
- bool canAccess(const SecurityOrigin*) const;
-
- // Returns true if this SecurityOrigin can read content retrieved from
- // the given URL. For example, call this function before issuing
- // XMLHttpRequests.
- bool canRequest(const KURL&) const;
-
- // Returns true if drawing an image from this URL taints a canvas from
- // this security origin. For example, call this function before
- // drawing an image onto an HTML canvas element with the drawImage API.
- bool taintsCanvas(const KURL&) const;
-
- // Returns true for any non-local URL. If document parameter is supplied,
- // its local load policy dictates, otherwise if referrer is non-empty and
- // represents a local file, then the local load is allowed.
- static bool canLoad(const KURL&, const String& referrer, Document* document);
-
- // Returns true if this SecurityOrigin can load local resources, such
- // as images, iframes, and style sheets, and can link to local URLs.
- // For example, call this function before creating an iframe to a
- // file:// URL.
- //
- // Note: A SecurityOrigin might be allowed to load local resources
- // without being able to issue an XMLHttpRequest for a local URL.
- // To determine whether the SecurityOrigin can issue an
- // XMLHttpRequest for a URL, call canRequest(url).
- bool canLoadLocalResources() const { return m_canLoadLocalResources; }
-
- // Explicitly grant the ability to load local resources to this
- // SecurityOrigin.
- //
- // Note: This method exists only to support backwards compatibility
- // with older versions of WebKit.
- void grantLoadLocalResources();
-
- // Explicitly grant the ability to access very other SecurityOrigin.
- //
- // WARNING: This is an extremely powerful ability. Use with caution!
- void grantUniversalAccess();
-
- bool isSecureTransitionTo(const KURL&) const;
-
- // The local SecurityOrigin is the most privileged SecurityOrigin.
- // The local SecurityOrigin can script any document, navigate to local
- // resources, and can set arbitrary headers on XMLHttpRequests.
- bool isLocal() const;
-
- // The empty SecurityOrigin is the least privileged SecurityOrigin.
- bool isEmpty() const;
-
- // Convert this SecurityOrigin into a string. The string
- // representation of a SecurityOrigin is similar to a URL, except it
- // lacks a path component. The string representation does not encode
- // the value of the SecurityOrigin's domain property. The empty
- // SecurityOrigin is represented with the string "null".
- String toString() const;
-
- // Serialize the security origin to a string that could be used as part of
- // file names. This format should be used in storage APIs only.
- String databaseIdentifier() const;
-
- // This method checks for equality between SecurityOrigins, not whether
- // one origin can access another. It is used for hash table keys.
- // For access checks, use canAccess().
- // FIXME: If this method is really only useful for hash table keys, it
- // should be refactored into SecurityOriginHash.
- bool equal(const SecurityOrigin*) const;
-
- // This method checks for equality, ignoring the value of document.domain
- // (and whether it was set) but considering the host. It is used for postMessage.
- bool isSameSchemeHostPort(const SecurityOrigin*) const;
-
- static void registerURLSchemeAsLocal(const String&);
- static void removeURLSchemeRegisteredAsLocal(const String&);
- static const URLSchemesMap& localURLSchemes();
- static bool shouldTreatURLAsLocal(const String&);
- static bool shouldTreatURLSchemeAsLocal(const String&);
-
- static bool shouldHideReferrer(const KURL&, const String& referrer);
-
- enum LocalLoadPolicy {
- AllowLocalLoadsForAll, // No restriction on local loads.
- AllowLocalLoadsForLocalAndSubstituteData,
- AllowLocalLoadsForLocalOnly,
- };
- static void setLocalLoadPolicy(LocalLoadPolicy);
- static bool restrictAccessToLocal();
- static bool allowSubstituteDataAccessToLocal();
-
- static void registerURLSchemeAsNoAccess(const String&);
- static bool shouldTreatURLSchemeAsNoAccess(const String&);
-
- static void whiteListAccessFromOrigin(const SecurityOrigin& sourceOrigin, const String& destinationProtocol, const String& destinationDomains, bool allowDestinationSubdomains);
- static void resetOriginAccessWhiteLists();
-
- static bool isDefaultPortForProtocol(unsigned short port, const String& protocol);
-
- private:
- explicit SecurityOrigin(const KURL&);
- explicit SecurityOrigin(const SecurityOrigin*);
-
- String m_protocol;
- String m_host;
- String m_domain;
- unsigned short m_port;
- bool m_noAccess;
- bool m_universalAccess;
- bool m_domainWasSetInDOM;
- bool m_canLoadLocalResources;
+typedef HashSet<String, CaseFoldingHash> URLSchemesMap;
+
+class Document;
+class KURL;
+
+class SecurityOrigin : public ThreadSafeShared<SecurityOrigin> {
+public:
+ static PassRefPtr<SecurityOrigin> createFromDatabaseIdentifier(const String&);
+ static PassRefPtr<SecurityOrigin> createFromString(const String&);
+ static PassRefPtr<SecurityOrigin> create(const KURL&, SandboxFlags = SandboxNone);
+ static PassRefPtr<SecurityOrigin> createEmpty();
+
+ // Create a deep copy of this SecurityOrigin. This method is useful
+ // when marshalling a SecurityOrigin to another thread.
+ PassRefPtr<SecurityOrigin> threadsafeCopy();
+
+ // Set the domain property of this security origin to newDomain. This
+ // function does not check whether newDomain is a suffix of the current
+ // domain. The caller is responsible for validating newDomain.
+ void setDomainFromDOM(const String& newDomain);
+ bool domainWasSetInDOM() const { return m_domainWasSetInDOM; }
+
+ static void setDomainRelaxationForbiddenForURLScheme(bool forbidden, const String&);
+ static bool isDomainRelaxationForbiddenForURLScheme(const String&);
+
+ String protocol() const { return m_protocol; }
+ String host() const { return m_host; }
+ String domain() const { return m_domain; }
+ unsigned short port() const { return m_port; }
+
+ // Returns true if this SecurityOrigin can script objects in the given
+ // SecurityOrigin. For example, call this function before allowing
+ // script from one security origin to read or write objects from
+ // another SecurityOrigin.
+ bool canAccess(const SecurityOrigin*) const;
+
+ // Returns true if this SecurityOrigin can read content retrieved from
+ // the given URL. For example, call this function before issuing
+ // XMLHttpRequests.
+ bool canRequest(const KURL&) const;
+
+ // Returns true if drawing an image from this URL taints a canvas from
+ // this security origin. For example, call this function before
+ // drawing an image onto an HTML canvas element with the drawImage API.
+ bool taintsCanvas(const KURL&) const;
+
+ // Returns true for any non-local URL. If document parameter is supplied,
+ // its local load policy dictates, otherwise if referrer is non-empty and
+ // represents a local file, then the local load is allowed.
+ static bool canLoad(const KURL&, const String& referrer, Document* document);
+
+ // Returns true if this SecurityOrigin can load local resources, such
+ // as images, iframes, and style sheets, and can link to local URLs.
+ // For example, call this function before creating an iframe to a
+ // file:// URL.
+ //
+ // Note: A SecurityOrigin might be allowed to load local resources
+ // without being able to issue an XMLHttpRequest for a local URL.
+ // To determine whether the SecurityOrigin can issue an
+ // XMLHttpRequest for a URL, call canRequest(url).
+ bool canLoadLocalResources() const { return m_canLoadLocalResources; }
+
+ // Explicitly grant the ability to load local resources to this
+ // SecurityOrigin.
+ //
+ // Note: This method exists only to support backwards compatibility
+ // with older versions of WebKit.
+ void grantLoadLocalResources();
+
+ // Explicitly grant the ability to access very other SecurityOrigin.
+ //
+ // WARNING: This is an extremely powerful ability. Use with caution!
+ void grantUniversalAccess();
+
+ bool isSandboxed(SandboxFlags mask) const { return m_sandboxFlags & mask; }
+
+ bool canAccessDatabase() const { return !isUnique(); }
+ bool canAccessLocalStorage() const { return !isUnique(); }
+ bool canAccessCookies() const { return !isUnique(); }
+
+ bool isSecureTransitionTo(const KURL&) const;
+
+ // The local SecurityOrigin is the most privileged SecurityOrigin.
+ // The local SecurityOrigin can script any document, navigate to local
+ // resources, and can set arbitrary headers on XMLHttpRequests.
+ bool isLocal() const;
+
+ // The empty SecurityOrigin is the least privileged SecurityOrigin.
+ bool isEmpty() const;
+
+ // The origin is a globally unique identifier assigned when the Document is
+ // created. http://www.whatwg.org/specs/web-apps/current-work/#sandboxOrigin
+ //
+ // There's a subtle difference between a unique origin and an origin that
+ // has the SandboxOrigin flag set. The latter implies the former, and, in
+ // addition, the SandboxOrigin flag is inherited by iframes.
+ bool isUnique() const { return m_isUnique; }
+
+ // Marks an origin as being unique.
+ void makeUnique();
+
+ // Convert this SecurityOrigin into a string. The string
+ // representation of a SecurityOrigin is similar to a URL, except it
+ // lacks a path component. The string representation does not encode
+ // the value of the SecurityOrigin's domain property.
+ //
+ // When using the string value, it's important to remember that it might be
+ // "null". This happens when this SecurityOrigin is unique. For example,
+ // this SecurityOrigin might have come from a sandboxed iframe, the
+ // SecurityOrigin might be empty, or we might have explicitly decided that
+ // we shouldTreatURLSchemeAsNoAccess.
+ String toString() const;
+
+ // Serialize the security origin to a string that could be used as part of
+ // file names. This format should be used in storage APIs only.
+ String databaseIdentifier() const;
+
+ // This method checks for equality between SecurityOrigins, not whether
+ // one origin can access another. It is used for hash table keys.
+ // For access checks, use canAccess().
+ // FIXME: If this method is really only useful for hash table keys, it
+ // should be refactored into SecurityOriginHash.
+ bool equal(const SecurityOrigin*) const;
+
+ // This method checks for equality, ignoring the value of document.domain
+ // (and whether it was set) but considering the host. It is used for postMessage.
+ bool isSameSchemeHostPort(const SecurityOrigin*) const;
+
+ static void registerURLSchemeAsLocal(const String&);
+ static void removeURLSchemeRegisteredAsLocal(const String&);
+ static const URLSchemesMap& localURLSchemes();
+ static bool shouldTreatURLAsLocal(const String&);
+ static bool shouldTreatURLSchemeAsLocal(const String&);
+
+ // Secure schemes do not trigger mixed content warnings. For example,
+ // https and data are secure schemes because they cannot be corrupted by
+ // active network attackers.
+ static void registerURLSchemeAsSecure(const String&);
+ static bool shouldTreatURLSchemeAsSecure(const String&);
+
+ static bool shouldHideReferrer(const KURL&, const String& referrer);
+
+ enum LocalLoadPolicy {
+ AllowLocalLoadsForAll, // No restriction on local loads.
+ AllowLocalLoadsForLocalAndSubstituteData,
+ AllowLocalLoadsForLocalOnly,
};
+ static void setLocalLoadPolicy(LocalLoadPolicy);
+ static bool restrictAccessToLocal();
+ static bool allowSubstituteDataAccessToLocal();
+
+ static void registerURLSchemeAsNoAccess(const String&);
+ static bool shouldTreatURLSchemeAsNoAccess(const String&);
+
+ static void whiteListAccessFromOrigin(const SecurityOrigin& sourceOrigin, const String& destinationProtocol, const String& destinationDomains, bool allowDestinationSubdomains);
+ static void resetOriginAccessWhiteLists();
+
+private:
+ SecurityOrigin(const KURL&, SandboxFlags);
+ explicit SecurityOrigin(const SecurityOrigin*);
+
+ SandboxFlags m_sandboxFlags;
+ String m_protocol;
+ String m_host;
+ mutable String m_encodedHost;
+ String m_domain;
+ unsigned short m_port;
+ bool m_isUnique;
+ bool m_universalAccess;
+ bool m_domainWasSetInDOM;
+ bool m_canLoadLocalResources;
+};
} // namespace WebCore
generated by cgit v0.12 at 2024-10-10 16:28:32 (GMT)