diff options
| author | Steve Block <steveblock@google.com> | 2011-06-08 08:26:01 -0700 |
|---|---|---|
| committer | Android (Google) Code Review <android-gerrit@google.com> | 2011-06-08 08:26:01 -0700 |
| commit | 3742ac093d35d923c81693096ab6671e9b147700 (patch) | |
| tree | c2add9100f789dad45ef1ec5328bddde02c47a4c /Source/WebCore/page/SecurityOrigin.cpp | |
| parent | 901401d90459bc22580842455d4588b9a697514d (diff) | |
| parent | e5926f4a0d6adc9ad4a75824129f117181953560 (diff) | |
| download | external_webkit-3742ac093d35d923c81693096ab6671e9b147700.zip external_webkit-3742ac093d35d923c81693096ab6671e9b147700.tar.gz external_webkit-3742ac093d35d923c81693096ab6671e9b147700.tar.bz2 | |
Merge changes I55c6d71a,Ifb3277d4,Ia1b847a2,I7ba9cf3f,Ida2b2a8a,I1280ec90,I72f818d5,I2e3b588b,I9a4e6289,Ia724c78b,Icd8612c8,Ie31b15d7,Ie125edae,I77941a88,I89dae78b,I3516e5ca,I1a4c17b5,I2c4ecc1a,I9c8e6537,Ifac13115,Ie1f80e09,Ia541ed77,I60ce9d78
* changes:
Merge WebKit at r82507: Update ThirdPartyProject.prop
Merge WebKit at r82507: Cherry-pick change r88166 to add INSPECTOR guards to ScriptProfiler
Merge WebKit at r82507: Work around a V8 bug
Merge WebKit at r82507: JNIType renamed to JavaType
Merge WebKit at r82507: IconDatabaseClient interface expanded
Merge WebKit at r82507: Don't use new loss-free code path in HTMLCanvasElement::toDataURL()
Merge WebKit at r82507: IcondDatabaseBase::iconForPageURL() renamed
Merge WebKit at r82507: IconDatabaseBase::Open() signature changed
Merge WebKit at r82507: Node::isContentEditable() renamed
Merge WebKit at r82507: Use icon database through IconDatabaseBase
Merge WebKit at r82507: toInputElement() is now a member of Node
Merge WebKit at r82507: FrameLoaderClient::objectContentType() signature changed
Merge WebKit at r82507: StringImpl::computeHash() removed
Merge WebKit at r82507: Stub out FontPlatformData::setOrientation()
Merge WebKit at r82507: Path::strokeBoundingRect() is now const
Merge WebKit at r82507: Add missing UnusedParam.h include in ApplicationCacheGroup.cpp
Merge WebKit at r82507: Continue to use Android's version of FontPlatformData.h
Merge WebKit at r82507: Update signature of FontCustomPlatformData::fontPlatformData()
Merge WebKit at r82507: Fix conflicts due to JNI refactoring
Merge WebKit at r82507: Fix conflicts due to new StorageTracker
Merge WebKit at r82507: Fix conflicts
Merge WebKit at r82507: Fix makefiles
Merge WebKit at r82507: Initial merge by git
Diffstat (limited to 'Source/WebCore/page/SecurityOrigin.cpp')
| -rw-r--r-- | Source/WebCore/page/SecurityOrigin.cpp | 30 |
1 files changed, 18 insertions, 12 deletions
diff --git a/Source/WebCore/page/SecurityOrigin.cpp b/Source/WebCore/page/SecurityOrigin.cpp index 977e860..ddd42ea 100644 --- a/Source/WebCore/page/SecurityOrigin.cpp +++ b/Source/WebCore/page/SecurityOrigin.cpp @@ -79,8 +79,17 @@ SecurityOrigin::SecurityOrigin(const KURL& url, SandboxFlags sandboxFlags) if (m_protocol == "about" || m_protocol == "javascript") m_protocol = ""; +#if ENABLE(BLOB) || ENABLE(FILE_SYSTEM) + bool isBlobOrFileSystemProtocol = false; +#if ENABLE(BLOB) + if (m_protocol == BlobURL::blobProtocol()) + isBlobOrFileSystemProtocol = true; +#endif #if ENABLE(FILE_SYSTEM) - if (m_protocol == "filesystem") { + if (m_protocol == "filesystem") + isBlobOrFileSystemProtocol = true; +#endif + if (isBlobOrFileSystemProtocol) { KURL originURL(ParsedURLString, url.path()); if (originURL.isValid()) { m_protocol = originURL.protocol().lower(); @@ -102,7 +111,13 @@ SecurityOrigin::SecurityOrigin(const KURL& url, SandboxFlags sandboxFlags) m_canLoadLocalResources = isLocal(); if (m_canLoadLocalResources) { // Directories should never be readable. - if (!url.hasPath() || url.path().endsWith("/")) + // Note that we do not do this check for blob or filesystem url because its origin is file:/// when it is created from local file urls. +#if ENABLE(BLOB) || ENABLE(FILE_SYSTEM) + bool doDirectoryCheck = !isBlobOrFileSystemProtocol; +#else + bool doDirectoryCheck = true; +#endif + if (doDirectoryCheck && (!url.hasPath() || url.path().endsWith("/"))) m_isUnique = true; // Store the path in case we are doing per-file origin checking. m_filePath = url.path(); @@ -137,10 +152,6 @@ PassRefPtr<SecurityOrigin> SecurityOrigin::create(const KURL& url, SandboxFlags { if (!url.isValid()) return adoptRef(new SecurityOrigin(KURL(), sandboxFlags)); -#if ENABLE(BLOB) - if (url.protocolIs(BlobURL::blobProtocol())) - return adoptRef(new SecurityOrigin(BlobURL::getOrigin(url), sandboxFlags)); -#endif return adoptRef(new SecurityOrigin(url, sandboxFlags)); } @@ -253,12 +264,7 @@ bool SecurityOrigin::canRequest(const KURL& url) const RefPtr<SecurityOrigin> targetOrigin = SecurityOrigin::create(url); - bool doUniqueOriginCheck = true; -#if ENABLE(BLOB) - // For blob scheme, we want to ignore this check. - doUniqueOriginCheck = !url.protocolIs(BlobURL::blobProtocol()); -#endif - if (doUniqueOriginCheck && targetOrigin->isUnique()) + if (targetOrigin->isUnique()) return false; // We call isSameSchemeHostPort here instead of canAccess because we want |