diff options
Diffstat (limited to 'WebCore/page/SecurityOrigin.h')
-rw-r--r-- | WebCore/page/SecurityOrigin.h | 35 |
1 files changed, 34 insertions, 1 deletions
diff --git a/WebCore/page/SecurityOrigin.h b/WebCore/page/SecurityOrigin.h index ab92683..46e6fad 100644 --- a/WebCore/page/SecurityOrigin.h +++ b/WebCore/page/SecurityOrigin.h @@ -29,14 +29,19 @@ #ifndef SecurityOrigin_h #define SecurityOrigin_h +#include <wtf/HashSet.h> #include <wtf/RefCounted.h> #include <wtf/PassRefPtr.h> #include <wtf/Threading.h> #include "PlatformString.h" +#include "StringHash.h" namespace WebCore { + typedef HashSet<String, CaseFoldingHash> URLSchemesMap; + + class Document; class KURL; class SecurityOrigin : public ThreadSafeShared<SecurityOrigin> { @@ -48,7 +53,7 @@ namespace WebCore { // Create a deep copy of this SecurityOrigin. This method is useful // when marshalling a SecurityOrigin to another thread. - PassRefPtr<SecurityOrigin> copy(); + PassRefPtr<SecurityOrigin> threadsafeCopy(); // Set the domain property of this security origin to newDomain. This // function does not check whether newDomain is a suffix of the current @@ -72,6 +77,16 @@ namespace WebCore { // XMLHttpRequests. bool canRequest(const KURL&) const; + // Returns true if drawing an image from this URL taints a canvas from + // this security origin. For example, call this function before + // drawing an image onto an HTML canvas element with the drawImage API. + bool taintsCanvas(const KURL&) const; + + // Returns true for any non-local URL. If document parameter is supplied, + // its local load policy dictates, otherwise if referrer is non-empty and + // represents a local file, then the local load is allowed. + static bool canLoad(const KURL&, const String& referrer, Document* document); + // Returns true if this SecurityOrigin can load local resources, such // as images, iframes, and style sheets, and can link to local URLs. // For example, call this function before creating an iframe to a @@ -129,12 +144,30 @@ namespace WebCore { bool isSameSchemeHostPort(const SecurityOrigin*) const; static void registerURLSchemeAsLocal(const String&); + static void removeURLSchemeRegisteredAsLocal(const String&); + static const URLSchemesMap& localURLSchemes(); static bool shouldTreatURLAsLocal(const String&); static bool shouldTreatURLSchemeAsLocal(const String&); + static bool shouldHideReferrer(const KURL&, const String& referrer); + + enum LocalLoadPolicy { + AllowLocalLoadsForAll, // No restriction on local loads. + AllowLocalLoadsForLocalAndSubstituteData, + AllowLocalLoadsForLocalOnly, + }; + static void setLocalLoadPolicy(LocalLoadPolicy); + static bool restrictAccessToLocal(); + static bool allowSubstituteDataAccessToLocal(); + static void registerURLSchemeAsNoAccess(const String&); static bool shouldTreatURLSchemeAsNoAccess(const String&); + static void whiteListAccessFromOrigin(const SecurityOrigin& sourceOrigin, const String& destinationProtocol, const String& destinationDomains, bool allowDestinationSubdomains); + static void resetOriginAccessWhiteLists(); + + static bool isDefaultPortForProtocol(unsigned short port, const String& protocol); + private: explicit SecurityOrigin(const KURL&); explicit SecurityOrigin(const SecurityOrigin*); |