diff options
Diffstat (limited to 'WebCore/page/SecurityOrigin.cpp')
-rw-r--r-- | WebCore/page/SecurityOrigin.cpp | 45 |
1 files changed, 24 insertions, 21 deletions
diff --git a/WebCore/page/SecurityOrigin.cpp b/WebCore/page/SecurityOrigin.cpp index b44a35e..6001983 100644 --- a/WebCore/page/SecurityOrigin.cpp +++ b/WebCore/page/SecurityOrigin.cpp @@ -125,7 +125,7 @@ PassRefPtr<SecurityOrigin> SecurityOrigin::create(const KURL& url, SandboxFlags if (!url.isValid()) return adoptRef(new SecurityOrigin(KURL(), sandboxFlags)); #if ENABLE(BLOB) - if (url.protocolIs("blob")) + if (url.protocolIs(BlobURL::blobProtocol())) return adoptRef(new SecurityOrigin(BlobURL::getOrigin(url), sandboxFlags)); #endif return adoptRef(new SecurityOrigin(url, sandboxFlags)); @@ -240,7 +240,7 @@ bool SecurityOrigin::canRequest(const KURL& url) const bool doUniqueOriginCheck = true; #if ENABLE(BLOB) // For blob scheme, we want to ignore this check. - doUniqueOriginCheck = !url.protocolIs("blob"); + doUniqueOriginCheck = !url.protocolIs(BlobURL::blobProtocol()); #endif if (doUniqueOriginCheck && targetOrigin->isUnique()) return false; @@ -284,32 +284,35 @@ bool SecurityOrigin::isAccessWhiteListed(const SecurityOrigin* targetOrigin) con return false; } -bool SecurityOrigin::canDisplay(const KURL& url, const String& referrer, Document* document) +bool SecurityOrigin::canDisplay(const KURL& url) const { #if ENABLE(BLOB) - if (url.protocolIs("blob") && document) { - SecurityOrigin* documentOrigin = document->securityOrigin(); - RefPtr<SecurityOrigin> targetOrigin = SecurityOrigin::create(url); - return documentOrigin->isSameSchemeHostPort(targetOrigin.get()); - } + if (url.protocolIs(BlobURL::blobProtocol())) + return canRequest(url); #endif + if (!restrictAccessToLocal()) + return true; + if (!SchemeRegistry::shouldTreatURLAsLocal(url.string())) return true; - // If we were provided a document, we first check if the access has been white listed. - // Then we let its local file police dictate the result. - // Otherwise we allow local loads only if the supplied referrer is also local. - if (document) { - SecurityOrigin* documentOrigin = document->securityOrigin(); - RefPtr<SecurityOrigin> targetOrigin = SecurityOrigin::create(url); - if (documentOrigin->isAccessWhiteListed(targetOrigin.get())) - return true; - return documentOrigin->canLoadLocalResources(); - } - if (!referrer.isEmpty()) - return SchemeRegistry::shouldTreatURLAsLocal(referrer); - return false; + RefPtr<SecurityOrigin> targetOrigin = SecurityOrigin::create(url); + if (isAccessWhiteListed(targetOrigin.get())) + return true; + + return canLoadLocalResources(); +} + +bool SecurityOrigin::deprecatedCanDisplay(const String& referrer, const KURL& url) +{ + if (!restrictAccessToLocal()) + return true; + + if (!SchemeRegistry::shouldTreatURLAsLocal(url.string())) + return true; + + return SchemeRegistry::shouldTreatURLAsLocal(referrer); } void SecurityOrigin::grantLoadLocalResources() |