Title: [146580] trunk/Source/WebCore
- Revision
- 146580
- Author
- [email protected]
- Date
- 2013-03-22 02:20:46 -0700 (Fri, 22 Mar 2013)
Log Message
Prefer 'KURL(ParsedURLString, String)' when dealing with known-good data.
https://bugs.webkit.org/show_bug.cgi?id=112965
Reviewed by Alexey Proskuryakov.
In https://bugs.webkit.org/show_bug.cgi?id=112783#c6, Adam noted that
it would be possible to use 'KURL(ParsedURLString, [url])' rather than
'KURL(KURL(), [url])', since we knew that the URL in question is a
value and absolute URL. This patch fixes the obvious instances of this
pattern; there are several more 'KURL(KURL(), String)' calls in
WebCore but these were the only places I was reasonably sure that bad
data couldn't creep in.
* dom/Document.cpp:
(WebCore::Document::updateBaseURL):
'documentURI' is pulled from 'url()->string()'. It's safe.
* page/ContentSecurityPolicy.cpp:
(WebCore::gatherSecurityPolicyViolationEventData):
(WebCore::ContentSecurityPolicy::reportViolation):
'CallFrame::sourceURL()' is a known valid/absolute URL.
* page/SecurityOrigin.cpp:
(WebCore::SecurityOrigin::createFromDatabaseIdentifier):
(WebCore::SecurityOrigin::create):
The strings constructed here are certainly valid.
Modified Paths
Diff
Modified: trunk/Source/WebCore/ChangeLog (146579 => 146580)
--- trunk/Source/WebCore/ChangeLog 2013-03-22 09:17:20 UTC (rev 146579)
+++ trunk/Source/WebCore/ChangeLog 2013-03-22 09:20:46 UTC (rev 146580)
@@ -1,3 +1,30 @@
+2013-03-22 Mike West <[email protected]>
+
+ Prefer 'KURL(ParsedURLString, String)' when dealing with known-good data.
+ https://bugs.webkit.org/show_bug.cgi?id=112965
+
+ Reviewed by Alexey Proskuryakov.
+
+ In https://bugs.webkit.org/show_bug.cgi?id=112783#c6, Adam noted that
+ it would be possible to use 'KURL(ParsedURLString, [url])' rather than
+ 'KURL(KURL(), [url])', since we knew that the URL in question is a
+ value and absolute URL. This patch fixes the obvious instances of this
+ pattern; there are several more 'KURL(KURL(), String)' calls in
+ WebCore but these were the only places I was reasonably sure that bad
+ data couldn't creep in.
+
+ * dom/Document.cpp:
+ (WebCore::Document::updateBaseURL):
+ 'documentURI' is pulled from 'url()->string()'. It's safe.
+ * page/ContentSecurityPolicy.cpp:
+ (WebCore::gatherSecurityPolicyViolationEventData):
+ (WebCore::ContentSecurityPolicy::reportViolation):
+ 'CallFrame::sourceURL()' is a known valid/absolute URL.
+ * page/SecurityOrigin.cpp:
+ (WebCore::SecurityOrigin::createFromDatabaseIdentifier):
+ (WebCore::SecurityOrigin::create):
+ The strings constructed here are certainly valid.
+
2013-03-22 Ilya Tikhonovsky <[email protected]>
Web Inspector: Flame Chart. move overview window when user scrolls the chart.
Modified: trunk/Source/WebCore/dom/Document.cpp (146579 => 146580)
--- trunk/Source/WebCore/dom/Document.cpp 2013-03-22 09:17:20 UTC (rev 146579)
+++ trunk/Source/WebCore/dom/Document.cpp 2013-03-22 09:20:46 UTC (rev 146580)
@@ -2679,7 +2679,7 @@
// The documentURI attribute is read-only from _javascript_, but writable from Objective C, so we need to retain
// this fallback behavior. We use a null base URL, since the documentURI attribute is an arbitrary string
// and DOM 3 Core does not specify how it should be resolved.
- m_baseURL = KURL(KURL(), documentURI());
+ m_baseURL = KURL(ParsedURLString, documentURI());
}
selectorQueryCache()->invalidate();
Modified: trunk/Source/WebCore/page/ContentSecurityPolicy.cpp (146579 => 146580)
--- trunk/Source/WebCore/page/ContentSecurityPolicy.cpp 2013-03-22 09:17:20 UTC (rev 146579)
+++ trunk/Source/WebCore/page/ContentSecurityPolicy.cpp 2013-03-22 09:20:46 UTC (rev 146580)
@@ -1691,7 +1691,7 @@
const ScriptCallFrame& callFrame = getFirstNonNativeFrame(stack);
if (callFrame.lineNumber()) {
- KURL source = KURL(KURL(), callFrame.sourceURL());
+ KURL source = KURL(ParsedURLString, callFrame.sourceURL());
init.sourceURL = source.string();
init.lineNumber = callFrame.lineNumber();
}
@@ -1759,7 +1759,7 @@
const ScriptCallFrame& callFrame = getFirstNonNativeFrame(stack);
if (callFrame.lineNumber()) {
- KURL source = KURL(KURL(), callFrame.sourceURL());
+ KURL source = KURL(ParsedURLString, callFrame.sourceURL());
cspReport->setString("source-file", document->securityOrigin()->canRequest(source) ? source.strippedForUseAsReferrer() : SecurityOrigin::create(source)->toString());
cspReport->setNumber("line-number", callFrame.lineNumber());
}
Modified: trunk/Source/WebCore/page/SecurityOrigin.cpp (146579 => 146580)
--- trunk/Source/WebCore/page/SecurityOrigin.cpp 2013-03-22 09:17:20 UTC (rev 146579)
+++ trunk/Source/WebCore/page/SecurityOrigin.cpp 2013-03-22 09:20:46 UTC (rev 146580)
@@ -529,7 +529,7 @@
String host = databaseIdentifier.substring(separator1 + 1, separator2 - separator1 - 1);
host = decodeURLEscapeSequences(host);
- return create(KURL(KURL(), protocol + "://" + host + ":" + String::number(port)));
+ return create(KURL(ParsedURLString, protocol + "://" + host + ":" + String::number(port) + "/"));
}
PassRefPtr<SecurityOrigin> SecurityOrigin::create(const String& protocol, const String& host, int port)
@@ -537,7 +537,7 @@
if (port < 0 || port > MaxAllowedPort)
createUnique();
String decodedHost = decodeURLEscapeSequences(host);
- return create(KURL(KURL(), protocol + "://" + host + ":" + String::number(port)));
+ return create(KURL(ParsedURLString, protocol + "://" + host + ":" + String::number(port) + "/"));
}
String SecurityOrigin::databaseIdentifier() const
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
