diff options
Diffstat (limited to 'WebCore/loader')
| -rw-r--r-- | WebCore/loader/DocLoader.cpp | 15 | ||||
| -rw-r--r-- | WebCore/loader/DocLoader.h | 5 | ||||
| -rw-r--r-- | WebCore/loader/DocumentWriter.cpp | 6 | ||||
| -rw-r--r-- | WebCore/loader/FrameLoader.cpp | 37 | ||||
| -rw-r--r-- | WebCore/loader/FrameLoader.h | 5 | ||||
| -rw-r--r-- | WebCore/loader/HistoryController.cpp | 9 | ||||
| -rw-r--r-- | WebCore/loader/PluginDocument.h | 3 | ||||
| -rw-r--r-- | WebCore/loader/SinkDocument.cpp | 71 | ||||
| -rw-r--r-- | WebCore/loader/SinkDocument.h | 49 | ||||
| -rw-r--r-- | WebCore/loader/WorkerThreadableLoader.cpp | 2 | ||||
| -rw-r--r-- | WebCore/loader/icon/IconDatabase.cpp | 4 |
11 files changed, 172 insertions, 34 deletions
diff --git a/WebCore/loader/DocLoader.cpp b/WebCore/loader/DocLoader.cpp index 6a0b3d1..c0ba2f3 100644 --- a/WebCore/loader/DocLoader.cpp +++ b/WebCore/loader/DocLoader.cpp @@ -477,10 +477,14 @@ void DocLoader::requestPreload(CachedResource::Type type, const String& url, con encoding = charset.isEmpty() ? m_doc->frame()->loader()->writer()->encoding() : charset; CachedResource* resource = requestResource(type, url, encoding, true); - if (!resource || m_preloads.contains(resource)) + if (!resource || (m_preloads && m_preloads->contains(resource))) return; resource->increasePreloadCount(); - m_preloads.add(resource); + + if (!m_preloads) + m_preloads.set(new ListHashSet<CachedResource*>); + m_preloads->add(resource); + #if PRELOAD_DEBUG printf("PRELOADING %s\n", resource->url().latin1().data()); #endif @@ -491,8 +495,11 @@ void DocLoader::clearPreloads() #if PRELOAD_DEBUG printPreloadStats(); #endif - ListHashSet<CachedResource*>::iterator end = m_preloads.end(); - for (ListHashSet<CachedResource*>::iterator it = m_preloads.begin(); it != end; ++it) { + if (!m_preloads) + return; + + ListHashSet<CachedResource*>::iterator end = m_preloads->end(); + for (ListHashSet<CachedResource*>::iterator it = m_preloads->begin(); it != end; ++it) { CachedResource* res = *it; res->decreasePreloadCount(); if (res->canDelete() && !res->inCache()) diff --git a/WebCore/loader/DocLoader.h b/WebCore/loader/DocLoader.h index 2f8f639..ec3e619 100644 --- a/WebCore/loader/DocLoader.h +++ b/WebCore/loader/DocLoader.h @@ -50,8 +50,7 @@ class CachedLinkPrefetch; #endif // The DocLoader manages the loading of scripts/images/stylesheets for a single document. -class DocLoader : public Noncopyable -{ +class DocLoader : public Noncopyable { friend class Cache; friend class ImageLoader; @@ -129,7 +128,7 @@ private: int m_requestCount; - ListHashSet<CachedResource*> m_preloads; + OwnPtr<ListHashSet<CachedResource*> > m_preloads; struct PendingPreload { CachedResource::Type m_type; String m_url; diff --git a/WebCore/loader/DocumentWriter.cpp b/WebCore/loader/DocumentWriter.cpp index ba0695e..0bed159 100644 --- a/WebCore/loader/DocumentWriter.cpp +++ b/WebCore/loader/DocumentWriter.cpp @@ -40,6 +40,7 @@ #include "SecurityOrigin.h" #include "SegmentedString.h" #include "Settings.h" +#include "SinkDocument.h" #include "TextResourceDecoder.h" #include "Tokenizer.h" @@ -96,6 +97,11 @@ void DocumentWriter::begin(const KURL& url, bool dispatch, SecurityOrigin* origi // Create a new document before clearing the frame, because it may need to // inherit an aliased security context. RefPtr<Document> document = createDocument(); + + // If the new document is for a Plugin but we're supposed to be sandboxed from Plugins, + // then replace the document with one whose tokenizer will ignore the incoming data (bug 39323) + if (document->isPluginDocument() && m_frame->loader()->isSandboxed(SandboxPlugins)) + document = SinkDocument::create(m_frame); bool resetScripting = !(m_frame->loader()->isDisplayingInitialEmptyDocument() && m_frame->document()->securityOrigin()->isSecureTransitionTo(url)); m_frame->loader()->clear(resetScripting, resetScripting); diff --git a/WebCore/loader/FrameLoader.cpp b/WebCore/loader/FrameLoader.cpp index c3b4d80..6fcdcbe 100644 --- a/WebCore/loader/FrameLoader.cpp +++ b/WebCore/loader/FrameLoader.cpp @@ -179,6 +179,18 @@ static inline bool canReferToParentFrameEncoding(const Frame* frame, const Frame return parentFrame && parentFrame->document()->securityOrigin()->canAccess(frame->document()->securityOrigin()); } +// This is not in the FrameLoader class to emphasize that it does not depend on +// private FrameLoader data, and to avoid increasing the number of public functions +// with access to private data. Since only this .cpp file needs it, making it +// non-member lets us exclude it from the header file, thus keeping FrameLoader.h's +// API simpler. +// +// FIXME: isDocumentSandboxed should eventually replace isSandboxed. +static bool isDocumentSandboxed(Frame* frame, SandboxFlags mask) +{ + return frame->document() && frame->document()->securityOrigin()->isSandboxed(mask); +} + FrameLoader::FrameLoader(Frame* frame, FrameLoaderClient* client) : m_frame(frame) , m_client(client) @@ -288,7 +300,7 @@ Frame* FrameLoader::createWindow(FrameLoader* frameLoaderForFrameLookup, const F } // Sandboxed frames cannot open new auxiliary browsing contexts. - if (isDocumentSandboxed(SandboxNavigation)) + if (isDocumentSandboxed(m_frame, SandboxNavigation)) return 0; // FIXME: Setting the referrer should be the caller's responsibility. @@ -353,13 +365,13 @@ void FrameLoader::changeLocation(const KURL& url, const String& referrer, bool l urlSelected(request, "_self", 0, lockHistory, lockBackForwardList, userGesture, SendReferrer, ReplaceDocumentIfJavaScriptURL); } -void FrameLoader::urlSelected(const ResourceRequest& request, const String& passedTarget, PassRefPtr<Event> triggeringEvent, bool lockHistory, bool lockBackForwardList, bool userGesture, ReferrerPolicy referrerPolicy) +void FrameLoader::urlSelected(const KURL& url, const String& passedTarget, PassRefPtr<Event> triggeringEvent, bool lockHistory, bool lockBackForwardList, bool userGesture, ReferrerPolicy referrerPolicy) { - urlSelected(request, passedTarget, triggeringEvent, lockHistory, lockBackForwardList, userGesture, referrerPolicy, DoNotReplaceDocumentIfJavaScriptURL); + urlSelected(ResourceRequest(url), passedTarget, triggeringEvent, lockHistory, lockBackForwardList, userGesture, referrerPolicy, DoNotReplaceDocumentIfJavaScriptURL); } -// This overload will go away when the FIXME to eliminate the shouldReplaceDocumentIfJavaScriptURL -// parameter from ScriptController::executeIfJavaScriptURL() is addressed. +// The shouldReplaceDocumentIfJavaScriptURL parameter will go away when the FIXME to eliminate the +// corresponding parameter from ScriptController::executeIfJavaScriptURL() is addressed. void FrameLoader::urlSelected(const ResourceRequest& request, const String& passedTarget, PassRefPtr<Event> triggeringEvent, bool lockHistory, bool lockBackForwardList, bool userGesture, ReferrerPolicy referrerPolicy, ShouldReplaceDocumentIfJavaScriptURL shouldReplaceDocumentIfJavaScriptURL) { ASSERT(!m_suppressOpenerInNewFrame); @@ -482,7 +494,7 @@ void FrameLoader::submitForm(const char* action, const String& url, PassRefPtr<F if (u.isEmpty()) return; - if (isDocumentSandboxed(SandboxForms)) + if (isDocumentSandboxed(m_frame, SandboxForms)) return; if (protocolIsJavaScript(u)) { @@ -757,7 +769,7 @@ void FrameLoader::clear(bool clearWindowProperties, bool clearScriptObjects, boo // Do this after detaching the document so that the unload event works. if (clearWindowProperties) { m_frame->clearDOMWindow(); - m_frame->script()->clearWindowShell(); + m_frame->script()->clearWindowShell(m_frame->document()->inPageCache()); } m_frame->selection()->clear(); @@ -1173,7 +1185,7 @@ bool FrameLoader::requestObject(RenderEmbeddedObject* renderer, const String& ur && !MIMETypeRegistry::isApplicationPluginMIMEType(mimeType)) || (!settings->isJavaEnabled() && MIMETypeRegistry::isJavaAppletMIMEType(mimeType))) return false; - if (isDocumentSandboxed(SandboxPlugins)) + if (isDocumentSandboxed(m_frame, SandboxPlugins)) return false; return loadPlugin(renderer, completedURL, mimeType, paramNames, paramValues, useFallback); } @@ -2218,11 +2230,11 @@ bool FrameLoader::shouldAllowNavigation(Frame* targetFrame) const // Let a frame navigate the top-level window that contains it. This is // important to allow because it lets a site "frame-bust" (escape from a // frame created by another web site). - if (!isDocumentSandboxed(SandboxTopNavigation) && targetFrame == m_frame->tree()->top()) + if (!isDocumentSandboxed(m_frame, SandboxTopNavigation) && targetFrame == m_frame->tree()->top()) return true; // A sandboxed frame can only navigate itself and its descendants. - if (isDocumentSandboxed(SandboxNavigation) && !targetFrame->tree()->isDescendantOf(m_frame)) + if (isDocumentSandboxed(m_frame, SandboxNavigation) && !targetFrame->tree()->isDescendantOf(m_frame)) return false; // Let a frame navigate its opener if the opener is a top-level window. @@ -3992,11 +4004,6 @@ void FrameLoader::updateSandboxFlags() child->loader()->updateSandboxFlags(); } -bool FrameLoader::isDocumentSandboxed(SandboxFlags mask) const -{ - return m_frame->document() && m_frame->document()->securityOrigin()->isSandboxed(mask); -} - PassRefPtr<Widget> FrameLoader::createJavaAppletWidget(const IntSize& size, HTMLAppletElement* element, const HashMap<String, String>& args) { String baseURLString; diff --git a/WebCore/loader/FrameLoader.h b/WebCore/loader/FrameLoader.h index 0d1e7a9..70e4b9f 100644 --- a/WebCore/loader/FrameLoader.h +++ b/WebCore/loader/FrameLoader.h @@ -129,6 +129,7 @@ public: static void reportLocalLoadFailed(Frame*, const String& url); // Called by createWindow in JSDOMWindowBase.cpp, e.g. to fulfill a modal dialog creation + // FIXME: Move this method outside of the FrameLoader class. Frame* createWindow(FrameLoader* frameLoaderForFrameLookup, const FrameLoadRequest&, const WindowFeatures&, bool& created); unsigned long loadResourceSynchronously(const ResourceRequest&, StoredCredentials, ResourceError&, ResourceResponse&, Vector<char>& data); @@ -224,7 +225,7 @@ public: void setDefersLoading(bool); void changeLocation(const KURL&, const String& referrer, bool lockHistory = true, bool lockBackForwardList = true, bool userGesture = false, bool refresh = false); - void urlSelected(const ResourceRequest&, const String& target, PassRefPtr<Event>, bool lockHistory, bool lockBackForwardList, bool userGesture, ReferrerPolicy); + void urlSelected(const KURL&, const String& target, PassRefPtr<Event>, bool lockHistory, bool lockBackForwardList, bool userGesture, ReferrerPolicy); bool requestFrame(HTMLFrameOwnerElement*, const String& url, const AtomicString& frameName, bool lockHistory = true, bool lockBackForwardList = true); void submitForm(const char* action, const String& url, @@ -473,8 +474,6 @@ private: bool shouldTreatURLAsSameAsCurrent(const KURL&) const; void updateSandboxFlags(); - // FIXME: isDocumentSandboxed should eventually replace isSandboxed. - bool isDocumentSandboxed(SandboxFlags) const; Frame* m_frame; FrameLoaderClient* m_client; diff --git a/WebCore/loader/HistoryController.cpp b/WebCore/loader/HistoryController.cpp index e3d3b6b..c4e9e5a 100644 --- a/WebCore/loader/HistoryController.cpp +++ b/WebCore/loader/HistoryController.cpp @@ -644,6 +644,9 @@ void HistoryController::updateBackForwardListClippedAtTarget(bool doClip) void HistoryController::pushState(PassRefPtr<SerializedScriptValue> stateObject, const String& title, const String& urlString) { + if (!m_currentItem) + return; + Page* page = m_frame->page(); ASSERT(page); @@ -665,12 +668,8 @@ void HistoryController::pushState(PassRefPtr<SerializedScriptValue> stateObject, void HistoryController::replaceState(PassRefPtr<SerializedScriptValue> stateObject, const String& title, const String& urlString) { - // FIXME: We should always have m_currentItem here!! - // https://bugs.webkit.org/show_bug.cgi?id=36464 - if (!m_currentItem) { - ASSERT_NOT_REACHED(); + if (!m_currentItem) return; - } if (!urlString.isEmpty()) m_currentItem->setURLString(urlString); diff --git a/WebCore/loader/PluginDocument.h b/WebCore/loader/PluginDocument.h index 7b4b36b..7ff028a 100644 --- a/WebCore/loader/PluginDocument.h +++ b/WebCore/loader/PluginDocument.h @@ -41,10 +41,11 @@ public: Widget* pluginWidget(); Node* pluginNode(); + virtual bool isPluginDocument() const { return true; } + private: PluginDocument(Frame*); - virtual bool isPluginDocument() const { return true; } virtual Tokenizer* createTokenizer(); }; diff --git a/WebCore/loader/SinkDocument.cpp b/WebCore/loader/SinkDocument.cpp new file mode 100644 index 0000000..b9c892e --- /dev/null +++ b/WebCore/loader/SinkDocument.cpp @@ -0,0 +1,71 @@ +/* + * Copyright (C) 2010 Apple Inc. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY APPLE COMPUTER, INC. ``AS IS'' AND ANY + * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE COMPUTER, INC. OR + * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, + * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, + * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY + * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include "config.h" +#include "SinkDocument.h" + +#include "Tokenizer.h" + +namespace WebCore { + +class SinkTokenizer : public Tokenizer { +public: + SinkTokenizer(Document* document) : m_document(document) { } + +private: + virtual void write(const SegmentedString&, bool) { ASSERT_NOT_REACHED(); } + virtual void stopParsing(); + virtual void finish(); + virtual bool isWaitingForScripts() const { return false; } + + virtual bool wantsRawData() const { return true; } + virtual bool writeRawData(const char*, int) { return false; } + + Document* m_document; +}; + +void SinkTokenizer::stopParsing() +{ + Tokenizer::stopParsing(); +} + +void SinkTokenizer::finish() +{ + if (!m_parserStopped) + m_document->finishedParsing(); +} + +SinkDocument::SinkDocument(Frame* frame) + : HTMLDocument(frame) +{ + setParseMode(Compat); +} + +Tokenizer* SinkDocument::createTokenizer() +{ + return new SinkTokenizer(this); +} + +} // namespace WebCore diff --git a/WebCore/loader/SinkDocument.h b/WebCore/loader/SinkDocument.h new file mode 100644 index 0000000..c79ffc3 --- /dev/null +++ b/WebCore/loader/SinkDocument.h @@ -0,0 +1,49 @@ +/* + * Copyright (C) 2010 Apple Inc. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY APPLE COMPUTER, INC. ``AS IS'' AND ANY + * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE COMPUTER, INC. OR + * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, + * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, + * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY + * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#ifndef SinkDocument_h +#define SinkDocument_h + +#include "HTMLDocument.h" + +namespace WebCore { + +class SinkDocument : public HTMLDocument { +public: + static PassRefPtr<SinkDocument> create(Frame* frame) + { + return adoptRef(new SinkDocument(frame)); + } + +private: + SinkDocument(Frame*); + + virtual Tokenizer* createTokenizer(); +}; + + +}; // namespace WebCore + +#endif // SinkDocument_h diff --git a/WebCore/loader/WorkerThreadableLoader.cpp b/WebCore/loader/WorkerThreadableLoader.cpp index 2583498..4789a05 100644 --- a/WebCore/loader/WorkerThreadableLoader.cpp +++ b/WebCore/loader/WorkerThreadableLoader.cpp @@ -34,7 +34,7 @@ #include "WorkerThreadableLoader.h" -#include "GenericWorkerTask.h" +#include "CrossThreadTask.h" #include "ResourceError.h" #include "ResourceRequest.h" #include "ResourceResponse.h" diff --git a/WebCore/loader/icon/IconDatabase.cpp b/WebCore/loader/icon/IconDatabase.cpp index 5a9bfaa..b8149d2 100644 --- a/WebCore/loader/icon/IconDatabase.cpp +++ b/WebCore/loader/icon/IconDatabase.cpp @@ -1639,11 +1639,11 @@ void IconDatabase::pruneUnretainedIcons() SQLiteStatement pageDeleteSQL(m_syncDB, "DELETE FROM PageURL WHERE rowid = (?);"); pageDeleteSQL.prepare(); for (size_t i = 0; i < numToDelete; ++i) { - LOG(IconDatabase, "Pruning page with rowid %lli from disk", pageIDsToDelete[i]); + LOG(IconDatabase, "Pruning page with rowid %lli from disk", static_cast<long long>(pageIDsToDelete[i])); pageDeleteSQL.bindInt64(1, pageIDsToDelete[i]); int result = pageDeleteSQL.step(); if (result != SQLResultDone) - LOG_ERROR("Unabled to delete page with id %lli from disk", pageIDsToDelete[i]); + LOG_ERROR("Unabled to delete page with id %lli from disk", static_cast<long long>(pageIDsToDelete[i])); pageDeleteSQL.reset(); // If the thread was asked to terminate, we should commit what pruning we've done so far, figuring we can |