[SCM] WebKit Debian packaging branch, webkit-1.1, updated. upstream/1.1.15.1-1414-gc69ee75
eric at webkit.org
eric at webkit.org
Thu Oct 29 20:40:36 UTC 2009
The following commit has been merged in the webkit-1.1 branch:
commit 48bae877fe7e402e036a4682d06624a2f339329d
Author: eric at webkit.org <eric at webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date: Wed Oct 7 01:05:05 2009 +0000
2009-10-06 Adam Barth <abarth at webkit.org>
Reviewed by Eric Seidel.
Move setLocalLoadPolicy and friends to SecurityOrigin
https://bugs.webkit.org/show_bug.cgi?id=30110
These have more to do with security policies than with loading frames.
* WebCore.base.exp:
* dom/Document.cpp:
(WebCore::Document::initSecurityContext):
* loader/Cache.cpp:
(WebCore::Cache::requestResource):
* loader/FrameLoader.cpp:
* loader/FrameLoader.h:
* loader/SubresourceLoader.cpp:
(WebCore::SubresourceLoader::create):
* page/SecurityOrigin.cpp:
(WebCore::SecurityOrigin::setLocalLoadPolicy):
(WebCore::SecurityOrigin::restrictAccessToLocal):
(WebCore::SecurityOrigin::allowSubstituteDataAccessToLocal):
* page/SecurityOrigin.h:
(WebCore::SecurityOrigin::):
2009-10-06 Adam Barth <abarth at webkit.org>
Reviewed by Eric Seidel.
Move setLocalLoadPolicy and friends to SecurityOrigin
https://bugs.webkit.org/show_bug.cgi?id=30110
Call the new API.
* WebView/WebView.mm:
(-[WebView _commonInitializationWithFrameName:groupName:usesDocumentViews:]):
2009-10-06 Adam Barth <abarth at webkit.org>
Reviewed by Eric Seidel.
Move setLocalLoadPolicy and friends to SecurityOrigin
https://bugs.webkit.org/show_bug.cgi?id=30110
Call the new API.
* Api/qwebpage.cpp:
(QWebPagePrivate::QWebPagePrivate):
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@49211 268f45cc-cd09-0410-ab3c-d52691b4dbfc
diff --git a/WebCore/ChangeLog b/WebCore/ChangeLog
index bcb6445..d9584fc 100644
--- a/WebCore/ChangeLog
+++ b/WebCore/ChangeLog
@@ -1,3 +1,28 @@
+2009-10-06 Adam Barth <abarth at webkit.org>
+
+ Reviewed by Eric Seidel.
+
+ Move setLocalLoadPolicy and friends to SecurityOrigin
+ https://bugs.webkit.org/show_bug.cgi?id=30110
+
+ These have more to do with security policies than with loading frames.
+
+ * WebCore.base.exp:
+ * dom/Document.cpp:
+ (WebCore::Document::initSecurityContext):
+ * loader/Cache.cpp:
+ (WebCore::Cache::requestResource):
+ * loader/FrameLoader.cpp:
+ * loader/FrameLoader.h:
+ * loader/SubresourceLoader.cpp:
+ (WebCore::SubresourceLoader::create):
+ * page/SecurityOrigin.cpp:
+ (WebCore::SecurityOrigin::setLocalLoadPolicy):
+ (WebCore::SecurityOrigin::restrictAccessToLocal):
+ (WebCore::SecurityOrigin::allowSubstituteDataAccessToLocal):
+ * page/SecurityOrigin.h:
+ (WebCore::SecurityOrigin::):
+
2009-10-06 Brian Weinstein <bweinstein at apple.com>
Reviewed by Brady Eidson.
diff --git a/WebCore/WebCore.base.exp b/WebCore/WebCore.base.exp
index abd1309..ab6ef05 100644
--- a/WebCore/WebCore.base.exp
+++ b/WebCore/WebCore.base.exp
@@ -164,7 +164,6 @@ __ZN7WebCore11FrameLoader16detachFromParentEv
__ZN7WebCore11FrameLoader16loadFrameRequestERKNS_16FrameLoadRequestEbbN3WTF10PassRefPtrINS_5EventEEENS5_INS_9FormStateEEE
__ZN7WebCore11FrameLoader17stopForUserCancelEb
__ZN7WebCore11FrameLoader18currentHistoryItemEv
-__ZN7WebCore11FrameLoader18setLocalLoadPolicyENS0_15LocalLoadPolicyE
__ZN7WebCore11FrameLoader18shouldHideReferrerERKNS_4KURLERKNS_6StringE
__ZN7WebCore11FrameLoader21loadURLIntoChildFrameERKNS_4KURLERKNS_6StringEPNS_5FrameE
__ZN7WebCore11FrameLoader21setCurrentHistoryItemEN3WTF10PassRefPtrINS_11HistoryItemEEE
@@ -302,6 +301,7 @@ __ZN7WebCore14ResourceHandle20forceContentSniffingEv
__ZN7WebCore14ResourceLoader14cancelledErrorEv
__ZN7WebCore14ResourceLoader19setShouldBufferDataEb
__ZN7WebCore14SecurityOrigin16createFromStringERKNS_6StringE
+__ZN7WebCore14SecurityOrigin18setLocalLoadPolicyENS0_15LocalLoadPolicyE
__ZN7WebCore14SecurityOrigin24registerURLSchemeAsLocalERKNS_6StringE
__ZN7WebCore14SecurityOrigin25whiteListAccessFromOriginERKS0_RKNS_6StringES5_b
__ZN7WebCore14SecurityOrigin27resetOriginAccessWhiteListsEv
diff --git a/WebCore/dom/Document.cpp b/WebCore/dom/Document.cpp
index 9f8a893..3e58715 100644
--- a/WebCore/dom/Document.cpp
+++ b/WebCore/dom/Document.cpp
@@ -4239,7 +4239,7 @@ void Document::initSecurityContext()
m_cookieURL = url;
ScriptExecutionContext::setSecurityOrigin(SecurityOrigin::create(url));
- if (FrameLoader::allowSubstituteDataAccessToLocal()) {
+ if (SecurityOrigin::allowSubstituteDataAccessToLocal()) {
// If this document was loaded with substituteData, then the document can
// load local resources. See https://bugs.webkit.org/show_bug.cgi?id=16756
// and https://bugs.webkit.org/show_bug.cgi?id=19760 for further
diff --git a/WebCore/loader/Cache.cpp b/WebCore/loader/Cache.cpp
index 14edae9..6f91193 100644
--- a/WebCore/loader/Cache.cpp
+++ b/WebCore/loader/Cache.cpp
@@ -34,6 +34,7 @@
#include "FrameView.h"
#include "Image.h"
#include "ResourceHandle.h"
+#include "SecurityOrigin.h"
#include <stdio.h>
#include <wtf/CurrentTime.h>
@@ -104,7 +105,7 @@ CachedResource* Cache::requestResource(DocLoader* docLoader, CachedResource::Typ
if (resource && requestIsPreload && !resource->isPreloaded())
return 0;
- if (FrameLoader::restrictAccessToLocal() && !FrameLoader::canLoad(url, String(), docLoader->doc())) {
+ if (SecurityOrigin::restrictAccessToLocal() && !FrameLoader::canLoad(url, String(), docLoader->doc())) {
Document* doc = docLoader->doc();
if (doc && !requestIsPreload)
FrameLoader::reportLocalLoadFailed(doc->frame(), url.string());
diff --git a/WebCore/loader/FrameLoader.cpp b/WebCore/loader/FrameLoader.cpp
index c802f2a..21c7637 100644
--- a/WebCore/loader/FrameLoader.cpp
+++ b/WebCore/loader/FrameLoader.cpp
@@ -129,7 +129,6 @@ static const char defaultAcceptHeader[] = "application/xml,application/vnd.wap.x
static const char defaultAcceptHeader[] = "application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5";
#endif
static double storedTimeOfLastCompletedLoad;
-static FrameLoader::LocalLoadPolicy localLoadPolicy = FrameLoader::AllowLocalLoadsForLocalOnly;
bool isBackForwardLoadType(FrameLoadType type)
{
@@ -1058,21 +1057,6 @@ void FrameLoader::startIconLoader()
m_iconLoader->startLoading();
}
-void FrameLoader::setLocalLoadPolicy(LocalLoadPolicy policy)
-{
- localLoadPolicy = policy;
-}
-
-bool FrameLoader::restrictAccessToLocal()
-{
- return localLoadPolicy != FrameLoader::AllowLocalLoadsForAll;
-}
-
-bool FrameLoader::allowSubstituteDataAccessToLocal()
-{
- return localLoadPolicy != FrameLoader::AllowLocalLoadsForLocalOnly;
-}
-
void FrameLoader::commitIconURLToIconDatabase(const KURL& icon)
{
ASSERT(iconDatabase());
diff --git a/WebCore/loader/FrameLoader.h b/WebCore/loader/FrameLoader.h
index 5793b4c..91056ca 100644
--- a/WebCore/loader/FrameLoader.h
+++ b/WebCore/loader/FrameLoader.h
@@ -314,15 +314,6 @@ namespace WebCore {
HistoryItem* currentHistoryItem();
void setCurrentHistoryItem(PassRefPtr<HistoryItem>);
- enum LocalLoadPolicy {
- AllowLocalLoadsForAll, // No restriction on local loads.
- AllowLocalLoadsForLocalAndSubstituteData,
- AllowLocalLoadsForLocalOnly,
- };
- static void setLocalLoadPolicy(LocalLoadPolicy);
- static bool restrictAccessToLocal();
- static bool allowSubstituteDataAccessToLocal();
-
bool committingFirstRealLoad() const { return !m_creatingInitialEmptyDocument && !m_committedFirstRealDocumentLoad; }
bool committedFirstRealDocumentLoad() const { return m_committedFirstRealDocumentLoad; }
diff --git a/WebCore/loader/SubresourceLoader.cpp b/WebCore/loader/SubresourceLoader.cpp
index 047cc6d..33e9430 100644
--- a/WebCore/loader/SubresourceLoader.cpp
+++ b/WebCore/loader/SubresourceLoader.cpp
@@ -33,6 +33,7 @@
#include "Frame.h"
#include "FrameLoader.h"
#include "ResourceHandle.h"
+#include "SecurityOrigin.h"
#include "SubresourceLoaderClient.h"
#include <wtf/RefCountedLeakCounter.h>
@@ -72,7 +73,7 @@ PassRefPtr<SubresourceLoader> SubresourceLoader::create(Frame* frame, Subresourc
ResourceRequest newRequest = request;
if (!skipCanLoadCheck
- && FrameLoader::restrictAccessToLocal()
+ && SecurityOrigin::restrictAccessToLocal()
&& !FrameLoader::canLoad(request.url(), String(), frame->document())) {
FrameLoader::reportLocalLoadFailed(frame, request.url().string());
return 0;
diff --git a/WebCore/page/SecurityOrigin.cpp b/WebCore/page/SecurityOrigin.cpp
index 5031895..3bc4588 100644
--- a/WebCore/page/SecurityOrigin.cpp
+++ b/WebCore/page/SecurityOrigin.cpp
@@ -30,13 +30,14 @@
#include "SecurityOrigin.h"
#include "CString.h"
-#include "FrameLoader.h"
#include "KURL.h"
#include "OriginAccessEntry.h"
#include <wtf/StdLibExtras.h>
namespace WebCore {
+static SecurityOrigin::LocalLoadPolicy localLoadPolicy = SecurityOrigin::AllowLocalLoadsForLocalOnly;
+
typedef Vector<OriginAccessEntry> OriginAccessWhiteList;
typedef HashMap<String, OriginAccessWhiteList*> OriginAccessMap;
@@ -244,7 +245,7 @@ void SecurityOrigin::grantLoadLocalResources()
// in a SecurityOrigin is a security hazard because the documents without
// the privilege can obtain the privilege by injecting script into the
// documents that have been granted the privilege.
- ASSERT(FrameLoader::allowSubstituteDataAccessToLocal());
+ ASSERT(allowSubstituteDataAccessToLocal());
m_canLoadLocalResources = true;
}
@@ -370,13 +371,11 @@ bool SecurityOrigin::isSameSchemeHostPort(const SecurityOrigin* other) const
return true;
}
-// static
void SecurityOrigin::registerURLSchemeAsLocal(const String& scheme)
{
localSchemes().add(scheme);
}
-// static
void SecurityOrigin::removeURLSchemeRegisteredAsLocal(const String& scheme)
{
if (scheme == "file")
@@ -392,13 +391,11 @@ void SecurityOrigin::removeURLSchemeRegisteredAsLocal(const String& scheme)
localSchemes().remove(scheme);
}
-// static
const URLSchemesMap& SecurityOrigin::localURLSchemes()
{
return localSchemes();
}
-// static
bool SecurityOrigin::shouldTreatURLAsLocal(const String& url)
{
// This avoids an allocation of another String and the HashSet contains()
@@ -419,7 +416,6 @@ bool SecurityOrigin::shouldTreatURLAsLocal(const String& url)
return localSchemes().contains(scheme);
}
-// static
bool SecurityOrigin::shouldTreatURLSchemeAsLocal(const String& scheme)
{
// This avoids an allocation of another String and the HashSet contains()
@@ -438,18 +434,31 @@ bool SecurityOrigin::shouldTreatURLSchemeAsLocal(const String& scheme)
return localSchemes().contains(scheme);
}
-// static
void SecurityOrigin::registerURLSchemeAsNoAccess(const String& scheme)
{
noAccessSchemes().add(scheme);
}
-// static
bool SecurityOrigin::shouldTreatURLSchemeAsNoAccess(const String& scheme)
{
return noAccessSchemes().contains(scheme);
}
+void SecurityOrigin::setLocalLoadPolicy(LocalLoadPolicy policy)
+{
+ localLoadPolicy = policy;
+}
+
+bool SecurityOrigin::restrictAccessToLocal()
+{
+ return localLoadPolicy != SecurityOrigin::AllowLocalLoadsForAll;
+}
+
+bool SecurityOrigin::allowSubstituteDataAccessToLocal()
+{
+ return localLoadPolicy != SecurityOrigin::AllowLocalLoadsForLocalOnly;
+}
+
void SecurityOrigin::whiteListAccessFromOrigin(const SecurityOrigin& sourceOrigin, const String& destinationProtocol, const String& destinationDomains, bool allowDestinationSubdomains)
{
ASSERT(isMainThread());
diff --git a/WebCore/page/SecurityOrigin.h b/WebCore/page/SecurityOrigin.h
index 57990d4..46c1d26 100644
--- a/WebCore/page/SecurityOrigin.h
+++ b/WebCore/page/SecurityOrigin.h
@@ -143,6 +143,15 @@ namespace WebCore {
static bool shouldTreatURLAsLocal(const String&);
static bool shouldTreatURLSchemeAsLocal(const String&);
+ enum LocalLoadPolicy {
+ AllowLocalLoadsForAll, // No restriction on local loads.
+ AllowLocalLoadsForLocalAndSubstituteData,
+ AllowLocalLoadsForLocalOnly,
+ };
+ static void setLocalLoadPolicy(LocalLoadPolicy);
+ static bool restrictAccessToLocal();
+ static bool allowSubstituteDataAccessToLocal();
+
static void registerURLSchemeAsNoAccess(const String&);
static bool shouldTreatURLSchemeAsNoAccess(const String&);
diff --git a/WebKit/mac/ChangeLog b/WebKit/mac/ChangeLog
index c7364b5..2ff3cd0 100644
--- a/WebKit/mac/ChangeLog
+++ b/WebKit/mac/ChangeLog
@@ -1,3 +1,15 @@
+2009-10-06 Adam Barth <abarth at webkit.org>
+
+ Reviewed by Eric Seidel.
+
+ Move setLocalLoadPolicy and friends to SecurityOrigin
+ https://bugs.webkit.org/show_bug.cgi?id=30110
+
+ Call the new API.
+
+ * WebView/WebView.mm:
+ (-[WebView _commonInitializationWithFrameName:groupName:usesDocumentViews:]):
+
2009-10-06 Simon Fraser <simon.fraser at apple.com>
Reviewed by Mark Rowe.
diff --git a/WebKit/mac/WebView/WebView.mm b/WebKit/mac/WebView/WebView.mm
index 637c52a..deef0a8 100644
--- a/WebKit/mac/WebView/WebView.mm
+++ b/WebKit/mac/WebView/WebView.mm
@@ -663,11 +663,11 @@ static bool runningTigerMail()
if (!WebKitLinkedOnOrAfter(WEBKIT_FIRST_VERSION_WITH_LOCAL_RESOURCE_SECURITY_RESTRICTION)) {
// Originally, we allowed all local loads.
- FrameLoader::setLocalLoadPolicy(FrameLoader::AllowLocalLoadsForAll);
+ SecurityOrigin::setLocalLoadPolicy(SecurityOrigin::AllowLocalLoadsForAll);
} else if (!WebKitLinkedOnOrAfter(WEBKIT_FIRST_VERSION_WITH_MORE_STRICT_LOCAL_RESOURCE_SECURITY_RESTRICTION)) {
// Later, we allowed local loads for local URLs and documents loaded
// with substitute data.
- FrameLoader::setLocalLoadPolicy(FrameLoader::AllowLocalLoadsForLocalAndSubstituteData);
+ SecurityOrigin::setLocalLoadPolicy(SecurityOrigin::AllowLocalLoadsForLocalAndSubstituteData);
}
if (!WebKitLinkedOnOrAfter(WEBKIT_FIRST_VERSION_WITHOUT_CONTENT_SNIFFING_FOR_FILE_URLS))
diff --git a/WebKit/qt/Api/qwebpage.cpp b/WebKit/qt/Api/qwebpage.cpp
index 3989592..0acec48 100644
--- a/WebKit/qt/Api/qwebpage.cpp
+++ b/WebKit/qt/Api/qwebpage.cpp
@@ -271,7 +271,7 @@ QWebPagePrivate::QWebPagePrivate(QWebPage *qq)
{
WebCore::InitializeLoggingChannelsIfNecessary();
JSC::initializeThreading();
- WebCore::FrameLoader::setLocalLoadPolicy(WebCore::FrameLoader::AllowLocalLoadsForLocalAndSubstituteData);
+ WebCore::SecurityOrigin::setLocalLoadPolicy(WebCore::SecurityOrigin::AllowLocalLoadsForLocalAndSubstituteData);
chromeClient = new ChromeClientQt(q);
contextMenuClient = new ContextMenuClientQt();
diff --git a/WebKit/qt/ChangeLog b/WebKit/qt/ChangeLog
index e764998..4fd745a 100644
--- a/WebKit/qt/ChangeLog
+++ b/WebKit/qt/ChangeLog
@@ -1,3 +1,15 @@
+2009-10-06 Adam Barth <abarth at webkit.org>
+
+ Reviewed by Eric Seidel.
+
+ Move setLocalLoadPolicy and friends to SecurityOrigin
+ https://bugs.webkit.org/show_bug.cgi?id=30110
+
+ Call the new API.
+
+ * Api/qwebpage.cpp:
+ (QWebPagePrivate::QWebPagePrivate):
+
2009-10-06 Benjamin C Meyer <bmeyer at rim.com>
Reviewed by Ariya Hidayat.
--
WebKit Debian packaging
More information about the Pkg-webkit-commits
mailing list