Title: [204834] releases/WebKitGTK/webkit-2.12/Source/WebCore
- Revision
- 204834
- Author
- [email protected]
- Date
- 2016-08-23 06:43:58 -0700 (Tue, 23 Aug 2016)
Log Message
Merge r203013 - Move shouldInheritSecurityOriginFromOwner() from URL to Document
https://bugs.webkit.org/show_bug.cgi?id=158987
Reviewed by Alex Christensen.
The URL class should not have knowledge of the concept of an origin or the semantics of origin
inheritance as these are higher level concepts. We should make URL::shouldInheritSecurityOriginFromOwner()
a static non-member, non-friend function of Document because its implements the origin semantics
for a Document object as described in section Origin of the HTML5 spec., <https://html.spec.whatwg.org/multipage/browsers.html#origin> (8 July 2016).
These semantics only apply to Documents.
No functionality changed. So, no new tests.
* dom/Document.cpp:
(WebCore::shouldInheritSecurityOriginFromOwner): Added.
(WebCore::Document::initSecurityContext): Modified to call WebCore::shouldInheritSecurityOriginFromOwner().
(WebCore::Document::initContentSecurityPolicy): Ditto.
* platform/URL.cpp:
(WebCore::URL::shouldInheritSecurityOriginFromOwner): Deleted.
* platform/URL.h:
Modified Paths
Diff
Modified: releases/WebKitGTK/webkit-2.12/Source/WebCore/ChangeLog (204833 => 204834)
--- releases/WebKitGTK/webkit-2.12/Source/WebCore/ChangeLog 2016-08-23 13:43:50 UTC (rev 204833)
+++ releases/WebKitGTK/webkit-2.12/Source/WebCore/ChangeLog 2016-08-23 13:43:58 UTC (rev 204834)
@@ -1,3 +1,26 @@
+2016-07-08 Daniel Bates <[email protected]>
+
+ Move shouldInheritSecurityOriginFromOwner() from URL to Document
+ https://bugs.webkit.org/show_bug.cgi?id=158987
+
+ Reviewed by Alex Christensen.
+
+ The URL class should not have knowledge of the concept of an origin or the semantics of origin
+ inheritance as these are higher level concepts. We should make URL::shouldInheritSecurityOriginFromOwner()
+ a static non-member, non-friend function of Document because its implements the origin semantics
+ for a Document object as described in section Origin of the HTML5 spec., <https://html.spec.whatwg.org/multipage/browsers.html#origin> (8 July 2016).
+ These semantics only apply to Documents.
+
+ No functionality changed. So, no new tests.
+
+ * dom/Document.cpp:
+ (WebCore::shouldInheritSecurityOriginFromOwner): Added.
+ (WebCore::Document::initSecurityContext): Modified to call WebCore::shouldInheritSecurityOriginFromOwner().
+ (WebCore::Document::initContentSecurityPolicy): Ditto.
+ * platform/URL.cpp:
+ (WebCore::URL::shouldInheritSecurityOriginFromOwner): Deleted.
+ * platform/URL.h:
+
2016-06-17 John Wilander <[email protected]>
Ignore case in the check for security origin inheritance
Modified: releases/WebKitGTK/webkit-2.12/Source/WebCore/dom/Document.cpp (204833 => 204834)
--- releases/WebKitGTK/webkit-2.12/Source/WebCore/dom/Document.cpp 2016-08-23 13:43:50 UTC (rev 204833)
+++ releases/WebKitGTK/webkit-2.12/Source/WebCore/dom/Document.cpp 2016-08-23 13:43:58 UTC (rev 204834)
@@ -5066,6 +5066,20 @@
return m_xpathEvaluator->evaluate(_expression_, contextNode, resolver, type, result, ec);
}
+static bool shouldInheritSecurityOriginFromOwner(const URL& url)
+{
+ // Paraphrased from <https://html.spec.whatwg.org/multipage/browsers.html#origin> (8 July 2016)
+ //
+ // If a Document has the address "about:blank"
+ // The origin of the document is the origin it was assigned when its browsing context was created.
+ // If a Document has the address "about:srcdoc"
+ // The origin of the document is the origin of its parent document.
+ //
+ // Note: We generalize this to invalid URLs because we treat such URLs as about:blank.
+ //
+ return url.isEmpty() || equalIgnoringASCIICase(url.string(), blankURL()) || equalLettersIgnoringASCIICase(url.string(), "about:srcdoc");
+}
+
void Document::initSecurityContext()
{
if (haveInitializedSecurityOrigin()) {
@@ -5118,7 +5132,7 @@
setBaseURLOverride(parentDocument->baseURL());
}
- if (!m_url.shouldInheritSecurityOriginFromOwner())
+ if (!shouldInheritSecurityOriginFromOwner(m_url))
return;
// If we do not obtain a meaningful origin from the URL, then we try to
@@ -5151,7 +5165,7 @@
void Document::initContentSecurityPolicy()
{
- if (!m_frame->tree().parent() || (!m_url.shouldInheritSecurityOriginFromOwner() && !isPluginDocument()))
+ if (!m_frame->tree().parent() || (!shouldInheritSecurityOriginFromOwner(m_url) && !isPluginDocument()))
return;
contentSecurityPolicy()->copyStateFrom(m_frame->tree().parent()->document()->contentSecurityPolicy());
Modified: releases/WebKitGTK/webkit-2.12/Source/WebCore/platform/URL.cpp (204833 => 204834)
--- releases/WebKitGTK/webkit-2.12/Source/WebCore/platform/URL.cpp 2016-08-23 13:43:50 UTC (rev 204833)
+++ releases/WebKitGTK/webkit-2.12/Source/WebCore/platform/URL.cpp 2016-08-23 13:43:58 UTC (rev 204834)
@@ -2022,13 +2022,6 @@
return protocolIs("about");
}
-bool URL::shouldInheritSecurityOriginFromOwner() const
-{
- return isEmpty()
- || equalIgnoringASCIICase(m_string, blankURL().string())
- || equalLettersIgnoringASCIICase(m_string, "about:srcdoc");
-}
-
typedef HashMap<String, unsigned short, ASCIICaseInsensitiveHash> DefaultPortsMap;
static const DefaultPortsMap& defaultPortsMap()
{
Modified: releases/WebKitGTK/webkit-2.12/Source/WebCore/platform/URL.h (204833 => 204834)
--- releases/WebKitGTK/webkit-2.12/Source/WebCore/platform/URL.h 2016-08-23 13:43:50 UTC (rev 204833)
+++ releases/WebKitGTK/webkit-2.12/Source/WebCore/platform/URL.h 2016-08-23 13:43:58 UTC (rev 204834)
@@ -134,7 +134,6 @@
bool protocolIsInHTTPFamily() const;
WEBCORE_EXPORT bool isLocalFile() const;
bool isBlankURL() const;
- bool shouldInheritSecurityOriginFromOwner() const;
WEBCORE_EXPORT bool setProtocol(const String&);
void setHost(const String&);
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
