1 files changed, 51 insertions, 6 deletions

diff --git a/WebCore/page/SecurityOrigin.h b/WebCore/page/SecurityOrigin.h
index ab92683..af83f02 100644
--- a/WebCore/page/SecurityOrigin.h
+++ b/WebCore/page/SecurityOrigin.h
@@ -29,14 +29,20 @@
 #ifndef SecurityOrigin_h
 #define SecurityOrigin_h
 
+#include <wtf/HashSet.h>
 #include <wtf/RefCounted.h>
 #include <wtf/PassRefPtr.h>
 #include <wtf/Threading.h>
 
+#include "FrameLoaderTypes.h"
 #include "PlatformString.h"
+#include "StringHash.h"
 
 namespace WebCore {
 
+    typedef HashSet<String, CaseFoldingHash> URLSchemesMap;
+
+    class Document;
     class KURL;
     
     class SecurityOrigin : public ThreadSafeShared<SecurityOrigin> {
@@ -48,7 +54,7 @@ namespace WebCore {
 
         // Create a deep copy of this SecurityOrigin.  This method is useful
         // when marshalling a SecurityOrigin to another thread.
-        PassRefPtr<SecurityOrigin> copy();
+        PassRefPtr<SecurityOrigin> threadsafeCopy();
 
         // Set the domain property of this security origin to newDomain.  This
         // function does not check whether newDomain is a suffix of the current
@@ -72,6 +78,16 @@ namespace WebCore {
         // XMLHttpRequests.
         bool canRequest(const KURL&) const;
 
+        // Returns true if drawing an image from this URL taints a canvas from
+        // this security origin.  For example, call this function before
+        // drawing an image onto an HTML canvas element with the drawImage API.
+        bool taintsCanvas(const KURL&) const;
+
+        // Returns true for any non-local URL. If document parameter is supplied,
+        // its local load policy dictates, otherwise if referrer is non-empty and
+        // represents a local file, then the local load is allowed.
+        static bool canLoad(const KURL&, const String& referrer, Document* document);
+
         // Returns true if this SecurityOrigin can load local resources, such
         // as images, iframes, and style sheets, and can link to local URLs.
         // For example, call this function before creating an iframe to a
@@ -95,6 +111,13 @@ namespace WebCore {
         // WARNING: This is an extremely powerful ability.  Use with caution!
         void grantUniversalAccess();
 
+        // Sandboxing status as determined by the frame.
+        void setSandboxFlags(SandboxFlags flags) { m_sandboxFlags = flags; }
+        bool isSandboxed(SandboxFlags mask) const { return m_sandboxFlags & mask; }
+
+        bool canAccessDatabase() const { return !isSandboxed(SandboxOrigin); }
+        bool canAccessStorage() const { return !isSandboxed(SandboxOrigin); }
+
         bool isSecureTransitionTo(const KURL&) const;
 
         // The local SecurityOrigin is the most privileged SecurityOrigin.
@@ -108,13 +131,18 @@ namespace WebCore {
         // Convert this SecurityOrigin into a string.  The string
         // representation of a SecurityOrigin is similar to a URL, except it
         // lacks a path component.  The string representation does not encode
-        // the value of the SecurityOrigin's domain property.  The empty
-        // SecurityOrigin is represented with the string "null".
+        // the value of the SecurityOrigin's domain property.
+        //
+        // When using the string value, it's important to remember that it
+        // might be "null".  This happens when this SecurityOrigin has
+        // noAccess to other SecurityOrigins.  For example, this SecurityOrigin
+        // might have come from a data URL, the SecurityOrigin might be empty,
+        // or we might have explicitly decided that we
+        // shouldTreatURLSchemeAsNoAccess.
         String toString() const;
 
-        // Serialize the security origin for storage in the database. This format is
-        // deprecated and should be used only for compatibility with old databases;
-        // use toString() and createFromString() instead.
+        // Serialize the security origin to a string that could be used as part of
+        // file names. This format should be used in storage APIs only.
         String databaseIdentifier() const;
 
         // This method checks for equality between SecurityOrigins, not whether
@@ -129,12 +157,28 @@ namespace WebCore {
         bool isSameSchemeHostPort(const SecurityOrigin*) const;
 
         static void registerURLSchemeAsLocal(const String&);
+        static void removeURLSchemeRegisteredAsLocal(const String&);
+        static const URLSchemesMap& localURLSchemes();
         static bool shouldTreatURLAsLocal(const String&);
         static bool shouldTreatURLSchemeAsLocal(const String&);
 
+        static bool shouldHideReferrer(const KURL&, const String& referrer);
+
+        enum LocalLoadPolicy {
+            AllowLocalLoadsForAll,  // No restriction on local loads.
+            AllowLocalLoadsForLocalAndSubstituteData,
+            AllowLocalLoadsForLocalOnly,
+        };
+        static void setLocalLoadPolicy(LocalLoadPolicy);
+        static bool restrictAccessToLocal();
+        static bool allowSubstituteDataAccessToLocal();
+
         static void registerURLSchemeAsNoAccess(const String&);
         static bool shouldTreatURLSchemeAsNoAccess(const String&);
 
+        static void whiteListAccessFromOrigin(const SecurityOrigin& sourceOrigin, const String& destinationProtocol, const String& destinationDomains, bool allowDestinationSubdomains);
+        static void resetOriginAccessWhiteLists();
+
     private:
         explicit SecurityOrigin(const KURL&);
         explicit SecurityOrigin(const SecurityOrigin*);
@@ -143,6 +187,7 @@ namespace WebCore {
         String m_host;
         String m_domain;
         unsigned short m_port;
+        SandboxFlags m_sandboxFlags;
         bool m_noAccess;
         bool m_universalAccess;
         bool m_domainWasSetInDOM;