[SCM] WebKit Debian packaging branch, debian/experimental, updated. upstream/1.3.3-10851-g50815da
darin at apple.com
darin at apple.com
Wed Dec 22 18:07:04 UTC 2010
The following commit has been merged in the debian/experimental branch:
commit 1cf3d560d457738da7760ecfd099dbb9e0479e22
Author: darin at apple.com <darin at apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date: Tue Dec 7 16:23:03 2010 +0000
2010-12-06 Darin Adler <darin at apple.com>
Reviewed by Sam Weinig.
Pass security origin to make local file decision correctly
https://bugs.webkit.org/show_bug.cgi?id=48603
* src/ApplicationCacheHost.cpp:
(WebCore::ApplicationCacheHost::selectCacheWithManifest): Pass security origin.
* src/FrameLoaderClientImpl.cpp:
(WebKit::FrameLoaderClientImpl::dispatchCreatePage): Ditto.
(WebKit::FrameLoaderClientImpl::createFrame): Ditto.
* src/WebPluginContainerImpl.cpp:
(WebKit::WebPluginContainerImpl::loadFrameRequest): Ditto.
2010-12-06 Darin Adler <darin at apple.com>
Reviewed by Sam Weinig.
Pass security origin to make local file decision correctly
https://bugs.webkit.org/show_bug.cgi?id=48603
* Api/qwebpage.cpp:
(frameLoadRequest): Pass security origin.
2010-12-06 Darin Adler <darin at apple.com>
Reviewed by Sam Weinig.
Pass security origin to make local file decision correctly
https://bugs.webkit.org/show_bug.cgi?id=48603
* WebCoreSupport/WebContextMenuClient.cpp:
(WebContextMenuClient::searchWithGoogle): Pass security origin.
2010-12-06 Darin Adler <darin at apple.com>
Reviewed by Sam Weinig.
Pass security origin to make local file decision correctly
https://bugs.webkit.org/show_bug.cgi?id=48603
* WebView/WebPDFView.mm:
(-[WebPDFView PDFViewWillClickOnLink:withURL:]): Pass security origin.
2010-12-06 Darin Adler <darin at apple.com>
Reviewed by Sam Weinig.
Pass security origin to make local file decision correctly
https://bugs.webkit.org/show_bug.cgi?id=48603
* bindings/generic/BindingDOMWindow.h:
(WebCore::BindingDOMWindow::createWindow): Pass security origin.
(WebCore::BindingDOMWindow::open): Ditto.
* bindings/generic/BindingFrame.h:
(WebCore::BindingFrame::navigateIfAllowed): Ditto.
* bindings/js/JSDOMWindowCustom.cpp:
(WebCore::JSDOMWindow::setLocation): Pass security origin.
(WebCore::createWindow): Ditto.
(WebCore::JSDOMWindow::open): Ditto.
* bindings/js/JSDocumentCustom.cpp:
(WebCore::JSDocument::setLocation): Pass security origin.
* dom/Document.cpp:
(WebCore::Document::processHttpEquiv): Pass security origin.
* inspector/InspectorController.cpp:
(WebCore::InspectorController::openInInspectedWindow):
Pass security origin.
* loader/FrameLoader.cpp:
(WebCore::FrameLoader::changeLocation): Added a security origin
argument, passed through to urlSelected.
(WebCore::FrameLoader::urlSelected): Replaced the resource request
and frame name arguments with a frame load request arguments in one
overload, and changed the other overload to pass in the current
frame's document for the security origin.
(WebCore::FrameLoader::loadFrameRequest): Moved the canDisplay
check before the referrer computation because it no longer needs
to look at the referrer. Replaced the call to canDisplay that
used the target frame's security origin and the call to
deprecatedCanDisplay with a single call to canDisplay that uses
the requester security origin.
* loader/FrameLoader.h: Updated for argument changes above.
* loader/NavigationScheduler.cpp:
(WebCore::ScheduledURLNavigation::ScheduledURLNavigation): Added
a security origin.
(WebCore::ScheduledURLNavigation::fire): Pass the security origin
in to FrameLoader::changeLocation.
(WebCore::ScheduledURLNavigation::securityOrigin): Added.
(WebCore::ScheduledRedirect::ScheduledRedirect): Added a security
origin argument.
(WebCore::ScheduledLocationChange::ScheduledLocationChange): Ditto.
(WebCore::ScheduledRefresh::ScheduledRefresh): Ditto.
(WebCore::ScheduledRefresh::fire): Pass the security origin in to
FrameLoader::changeLocation.
(WebCore::ScheduledFormSubmission::fire): Include the security
origin when constructing form submission.
(WebCore::NavigationScheduler::scheduleRedirect): Include the security
origin when creating the scheduled navigation object.
(WebCore::NavigationScheduler::scheduleLocationChange): Ditto.
(WebCore::NavigationScheduler::scheduleRefresh): Ditto.
* loader/NavigationScheduler.h: Added the security origin argument
to scheduleLocationChange.
* loader/SubframeLoader.cpp:
(WebCore::SubframeLoader::loadOrRedirectSubframe): Pass in the security
origin when calling scheduleLocationChange.
* loader/appcache/ApplicationCacheGroup.cpp:
(WebCore::ApplicationCacheGroup::selectCache): Ditto.
* page/ContextMenuController.cpp:
(WebCore::openNewWindow): Pass in the security origin.
(WebCore::ContextMenuController::contextMenuItemSelected): Ditto.
* page/FrameLoadRequest.h: Added a security origin called the requester
to all FrameLoadRequest objects.
* page/XSSAuditor.cpp:
(WebCore::XSSAuditor::findInRequest): Added the security origin.
2010-12-06 Darin Adler <darin at apple.com>
Reviewed by Sam Weinig.
Pass security origin to make local file decision correctly
https://bugs.webkit.org/show_bug.cgi?id=48603
* WebProcess/Plugins/PluginView.cpp:
(WebKit::PluginView::loadURL): Pass security origin.
* WebProcess/WebCoreSupport/WebFrameLoaderClient.cpp:
(WebKit::WebFrameLoaderClient::dispatchCreatePage): Ditto.
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@73444 268f45cc-cd09-0410-ab3c-d52691b4dbfc
diff --git a/WebCore/ChangeLog b/WebCore/ChangeLog
index a52fe1f..3945367 100644
--- a/WebCore/ChangeLog
+++ b/WebCore/ChangeLog
@@ -1,3 +1,85 @@
+2010-12-06 Darin Adler <darin at apple.com>
+
+ Reviewed by Sam Weinig.
+
+ Pass security origin to make local file decision correctly
+ https://bugs.webkit.org/show_bug.cgi?id=48603
+
+ * bindings/generic/BindingDOMWindow.h:
+ (WebCore::BindingDOMWindow::createWindow): Pass security origin.
+ (WebCore::BindingDOMWindow::open): Ditto.
+ * bindings/generic/BindingFrame.h:
+ (WebCore::BindingFrame::navigateIfAllowed): Ditto.
+
+ * bindings/js/JSDOMWindowCustom.cpp:
+ (WebCore::JSDOMWindow::setLocation): Pass security origin.
+ (WebCore::createWindow): Ditto.
+ (WebCore::JSDOMWindow::open): Ditto.
+
+ * bindings/js/JSDocumentCustom.cpp:
+ (WebCore::JSDocument::setLocation): Pass security origin.
+
+ * dom/Document.cpp:
+ (WebCore::Document::processHttpEquiv): Pass security origin.
+
+ * inspector/InspectorController.cpp:
+ (WebCore::InspectorController::openInInspectedWindow):
+ Pass security origin.
+
+ * loader/FrameLoader.cpp:
+ (WebCore::FrameLoader::changeLocation): Added a security origin
+ argument, passed through to urlSelected.
+ (WebCore::FrameLoader::urlSelected): Replaced the resource request
+ and frame name arguments with a frame load request arguments in one
+ overload, and changed the other overload to pass in the current
+ frame's document for the security origin.
+ (WebCore::FrameLoader::loadFrameRequest): Moved the canDisplay
+ check before the referrer computation because it no longer needs
+ to look at the referrer. Replaced the call to canDisplay that
+ used the target frame's security origin and the call to
+ deprecatedCanDisplay with a single call to canDisplay that uses
+ the requester security origin.
+
+ * loader/FrameLoader.h: Updated for argument changes above.
+
+ * loader/NavigationScheduler.cpp:
+ (WebCore::ScheduledURLNavigation::ScheduledURLNavigation): Added
+ a security origin.
+ (WebCore::ScheduledURLNavigation::fire): Pass the security origin
+ in to FrameLoader::changeLocation.
+ (WebCore::ScheduledURLNavigation::securityOrigin): Added.
+ (WebCore::ScheduledRedirect::ScheduledRedirect): Added a security
+ origin argument.
+ (WebCore::ScheduledLocationChange::ScheduledLocationChange): Ditto.
+ (WebCore::ScheduledRefresh::ScheduledRefresh): Ditto.
+ (WebCore::ScheduledRefresh::fire): Pass the security origin in to
+ FrameLoader::changeLocation.
+ (WebCore::ScheduledFormSubmission::fire): Include the security
+ origin when constructing form submission.
+ (WebCore::NavigationScheduler::scheduleRedirect): Include the security
+ origin when creating the scheduled navigation object.
+ (WebCore::NavigationScheduler::scheduleLocationChange): Ditto.
+ (WebCore::NavigationScheduler::scheduleRefresh): Ditto.
+
+ * loader/NavigationScheduler.h: Added the security origin argument
+ to scheduleLocationChange.
+
+ * loader/SubframeLoader.cpp:
+ (WebCore::SubframeLoader::loadOrRedirectSubframe): Pass in the security
+ origin when calling scheduleLocationChange.
+ * loader/appcache/ApplicationCacheGroup.cpp:
+ (WebCore::ApplicationCacheGroup::selectCache): Ditto.
+
+ * page/ContextMenuController.cpp:
+ (WebCore::openNewWindow): Pass in the security origin.
+ (WebCore::ContextMenuController::contextMenuItemSelected): Ditto.
+
+ * page/FrameLoadRequest.h: Added a security origin called the requester
+ to all FrameLoadRequest objects.
+
+ * page/XSSAuditor.cpp:
+ (WebCore::XSSAuditor::findInRequest): Added the security origin.
+
2010-12-07 Yury Semikhatsky <yurys at chromium.org>
Reviewed by Pavel Feldman.
diff --git a/WebCore/bindings/generic/BindingDOMWindow.h b/WebCore/bindings/generic/BindingDOMWindow.h
index 3568e6c..26c2f4d 100644
--- a/WebCore/bindings/generic/BindingDOMWindow.h
+++ b/WebCore/bindings/generic/BindingDOMWindow.h
@@ -117,12 +117,14 @@ Frame* BindingDOMWindow<Binding>::createWindow(State<Binding>* state,
Binding::DOMWindow::storeDialogArgs(state, newFrame, dialogArgs);
if (!protocolIsJavaScript(url) || BindingSecurity<Binding>::canAccessFrame(state, newFrame, true)) {
- KURL completedUrl =
- url.isEmpty() ? KURL(ParsedURLString, "") : completeURL(state, url);
- if (created)
- newFrame->loader()->changeLocation(completedUrl, referrer, false, false);
- else if (!url.isEmpty())
- newFrame->navigationScheduler()->scheduleLocationChange(completedUrl.string(), referrer, false, false);
+ KURL completedUrl = url.isEmpty() ? KURL(ParsedURLString, "") : completeURL(state, url);
+ if (created) {
+ newFrame->loader()->changeLocation(callingFrame->document()->securityOrigin(),
+ completedUrl, referrer, false, false);
+ } else if (!url.isEmpty()) {
+ newFrame->navigationScheduler()->scheduleLocationChange(callingFrame->document()->securityOrigin(),
+ completedUrl.string(), referrer, false, false);
+ }
}
return newFrame;
@@ -189,7 +191,8 @@ WebCore::DOMWindow* BindingDOMWindow<Binding>::open(State<Binding>* state,
// the outgoingReferrer. We replicate that behavior here.
String referrer = firstFrame->loader()->outgoingReferrer();
- frame->navigationScheduler()->scheduleLocationChange(completedUrl, referrer, false, false);
+ frame->navigationScheduler()->scheduleLocationChange(activeFrame->document()->securityOrigin(),
+ completedUrl, referrer, false, false);
}
return frame->domWindow();
}
diff --git a/WebCore/bindings/generic/BindingFrame.h b/WebCore/bindings/generic/BindingFrame.h
index d41206c..c08a4d5 100644
--- a/WebCore/bindings/generic/BindingFrame.h
+++ b/WebCore/bindings/generic/BindingFrame.h
@@ -49,7 +49,8 @@ void BindingFrame<Binding>::navigateIfAllowed(State<Binding>* state, Frame* fram
if (!activeFrame)
return;
if (!protocolIsJavaScript(url) || state->allowsAccessFromFrame(frame))
- frame->navigationScheduler()->scheduleLocationChange(url.string(), activeFrame->loader()->outgoingReferrer(), lockHistory, lockBackForwardList);
+ frame->navigationScheduler()->scheduleLocationChange(activeFrame->document()->securityOrigin(),
+ url.string(), activeFrame->loader()->outgoingReferrer(), lockHistory, lockBackForwardList);
}
} // namespace WebCore
diff --git a/WebCore/bindings/js/JSDOMWindowCustom.cpp b/WebCore/bindings/js/JSDOMWindowCustom.cpp
index dc56feb..9048120 100644
--- a/WebCore/bindings/js/JSDOMWindowCustom.cpp
+++ b/WebCore/bindings/js/JSDOMWindowCustom.cpp
@@ -517,8 +517,9 @@ void JSDOMWindow::setLocation(ExecState* exec, JSValue value)
return;
if (!protocolIsJavaScript(url) || allowsAccessFrom(exec)) {
- // We want a new history item if this JS was called via a user gesture
- frame->navigationScheduler()->scheduleLocationChange(url, lexicalFrame->loader()->outgoingReferrer(), !lexicalFrame->script()->anyPageIsProcessingUserGesture(), false);
+ // We want a new history item if this JS was called via a user gesture.
+ frame->navigationScheduler()->scheduleLocationChange(lexicalFrame->document()->securityOrigin(),
+ url, lexicalFrame->loader()->outgoingReferrer(), !lexicalFrame->script()->anyPageIsProcessingUserGesture(), false);
}
}
@@ -676,9 +677,8 @@ JSValue JSDOMWindow::webSocket(ExecState* exec) const
// Custom functions
// Helper for window.open() and window.showModalDialog()
-static Frame* createWindow(ExecState* exec, Frame* lexicalFrame, Frame* dynamicFrame,
- Frame* openerFrame, const String& url, const String& frameName,
- const WindowFeatures& windowFeatures, JSValue dialogArgs)
+static Frame* createWindow(ExecState* exec, Frame* lexicalFrame, Frame* dynamicFrame, Frame* openerFrame,
+ const String& url, const String& frameName, const WindowFeatures& windowFeatures, JSValue dialogArgs)
{
ASSERT(lexicalFrame);
ASSERT(dynamicFrame);
@@ -686,11 +686,11 @@ static Frame* createWindow(ExecState* exec, Frame* lexicalFrame, Frame* dynamicF
ResourceRequest request;
// For whatever reason, Firefox uses the dynamicGlobalObject to determine
- // the outgoingReferrer. We replicate that behavior here.
+ // the outgoingReferrer. We replicate that behavior here.
String referrer = dynamicFrame->loader()->outgoingReferrer();
request.setHTTPReferrer(referrer);
FrameLoader::addHTTPOriginIfNeeded(request, dynamicFrame->loader()->outgoingOrigin());
- FrameLoadRequest frameRequest(request, frameName);
+ FrameLoadRequest frameRequest(lexicalFrame->document()->securityOrigin(), request, frameName);
// FIXME: It's much better for client API if a new window starts with a URL, here where we
// know what URL we are going to open. Unfortunately, this code passes the empty string
@@ -718,9 +718,9 @@ static Frame* createWindow(ExecState* exec, Frame* lexicalFrame, Frame* dynamicF
if (!protocolIsJavaScript(url) || newWindow->allowsAccessFrom(exec)) {
KURL completedURL = url.isEmpty() ? KURL(ParsedURLString, "") : completeURL(exec, url);
if (created)
- newFrame->loader()->changeLocation(completedURL, referrer, false, false);
+ newFrame->loader()->changeLocation(lexicalFrame->document()->securityOrigin(), completedURL, referrer, false, false);
else if (!url.isEmpty())
- newFrame->navigationScheduler()->scheduleLocationChange(completedURL.string(), referrer, !lexicalFrame->script()->anyPageIsProcessingUserGesture(), false);
+ newFrame->navigationScheduler()->scheduleLocationChange(lexicalFrame->document()->securityOrigin(), completedURL.string(), referrer, !lexicalFrame->script()->anyPageIsProcessingUserGesture(), false);
}
return newFrame;
@@ -779,11 +779,11 @@ JSValue JSDOMWindow::open(ExecState* exec)
const JSDOMWindow* targetedWindow = toJSDOMWindow(frame, currentWorld(exec));
if (!completedURL.isEmpty() && (!protocolIsJavaScript(completedURL) || (targetedWindow && targetedWindow->allowsAccessFrom(exec)))) {
// For whatever reason, Firefox uses the dynamicGlobalObject to
- // determine the outgoingReferrer. We replicate that behavior
- // here.
+ // determine the outgoing referrer. We replicate that behavior here.
String referrer = dynamicFrame->loader()->outgoingReferrer();
- frame->navigationScheduler()->scheduleLocationChange(completedURL, referrer, !lexicalFrame->script()->anyPageIsProcessingUserGesture(), false);
+ frame->navigationScheduler()->scheduleLocationChange(lexicalFrame->document()->securityOrigin(),
+ completedURL, referrer, !lexicalFrame->script()->anyPageIsProcessingUserGesture(), false);
}
return toJS(exec, frame->domWindow());
}
diff --git a/WebCore/bindings/js/JSDocumentCustom.cpp b/WebCore/bindings/js/JSDocumentCustom.cpp
index 8a107e9..5f61e2a 100644
--- a/WebCore/bindings/js/JSDocumentCustom.cpp
+++ b/WebCore/bindings/js/JSDocumentCustom.cpp
@@ -82,13 +82,15 @@ void JSDocument::setLocation(ExecState* exec, JSValue value)
String str = ustringToString(value.toString(exec));
+ Frame* lexicalFrame = asJSDOMWindow(exec->lexicalGlobalObject())->impl()->frame();
+
// IE and Mozilla both resolve the URL relative to the source frame,
// not the target frame.
Frame* activeFrame = asJSDOMWindow(exec->dynamicGlobalObject())->impl()->frame();
- if (activeFrame)
- str = activeFrame->document()->completeURL(str).string();
+ str = activeFrame->document()->completeURL(str).string();
- frame->navigationScheduler()->scheduleLocationChange(str, activeFrame->loader()->outgoingReferrer(), !activeFrame->script()->anyPageIsProcessingUserGesture(), false);
+ frame->navigationScheduler()->scheduleLocationChange(lexicalFrame->document()->securityOrigin(),
+ str, activeFrame->loader()->outgoingReferrer(), !activeFrame->script()->anyPageIsProcessingUserGesture(), false);
}
JSValue toJS(ExecState* exec, JSDOMGlobalObject* globalObject, Document* document)
diff --git a/WebCore/dom/Document.cpp b/WebCore/dom/Document.cpp
index c54f007..00d32a6 100644
--- a/WebCore/dom/Document.cpp
+++ b/WebCore/dom/Document.cpp
@@ -2615,7 +2615,7 @@ void Document::processHttpEquiv(const String& equiv, const String& content)
FrameLoader* frameLoader = frame->loader();
if (frameLoader->shouldInterruptLoadForXFrameOptions(content, url())) {
frameLoader->stopAllLoaders();
- frame->navigationScheduler()->scheduleLocationChange(blankURL(), String());
+ frame->navigationScheduler()->scheduleLocationChange(securityOrigin(), blankURL(), String());
DEFINE_STATIC_LOCAL(String, consoleMessage, ("Refused to display document because display forbidden by X-Frame-Options.\n"));
frame->domWindow()->console()->addMessage(JSMessageSource, LogMessageType, ErrorMessageLevel, consoleMessage, 1, String());
diff --git a/WebCore/inspector/InspectorController.cpp b/WebCore/inspector/InspectorController.cpp
index 9b45bbe..7ef4725 100644
--- a/WebCore/inspector/InspectorController.cpp
+++ b/WebCore/inspector/InspectorController.cpp
@@ -1757,19 +1757,20 @@ void InspectorController::drawElementTitle(GraphicsContext& context, const IntRe
void InspectorController::openInInspectedWindow(const String& url)
{
- ResourceRequest request;
- FrameLoadRequest frameRequest(request, "_blank");
- bool created;
Frame* mainFrame = m_inspectedPage->mainFrame();
+
+ FrameLoadRequest request(mainFrame->document()->securityOrigin(), ResourceRequest(), "_blank");
+
+ bool created;
WindowFeatures windowFeatures;
- Frame* newFrame = WebCore::createWindow(mainFrame, mainFrame, frameRequest, windowFeatures, created);
+ Frame* newFrame = WebCore::createWindow(mainFrame, mainFrame, request, windowFeatures, created);
if (!newFrame)
return;
UserGestureIndicator indicator(DefinitelyProcessingUserGesture);
newFrame->loader()->setOpener(mainFrame);
newFrame->page()->setOpenedByDOM();
- newFrame->loader()->changeLocation(newFrame->loader()->completeURL(url), "", false, false);
+ newFrame->loader()->changeLocation(mainFrame->document()->securityOrigin(), newFrame->loader()->completeURL(url), "", false, false);
}
void InspectorController::count(const String& title, unsigned lineNumber, const String& sourceID)
diff --git a/WebCore/loader/FrameLoader.cpp b/WebCore/loader/FrameLoader.cpp
index 35a492b..0c79e0c 100644
--- a/WebCore/loader/FrameLoader.cpp
+++ b/WebCore/loader/FrameLoader.cpp
@@ -261,38 +261,36 @@ bool FrameLoader::canHandleRequest(const ResourceRequest& request)
return m_client->canHandleRequest(request);
}
-void FrameLoader::changeLocation(const KURL& url, const String& referrer, bool lockHistory, bool lockBackForwardList, bool refresh)
+void FrameLoader::changeLocation(PassRefPtr<SecurityOrigin> securityOrigin, const KURL& url, const String& referrer, bool lockHistory, bool lockBackForwardList, bool refresh)
{
RefPtr<Frame> protect(m_frame);
-
- ResourceRequest request(url, referrer, refresh ? ReloadIgnoringCacheData : UseProtocolCachePolicy);
-
- urlSelected(request, "_self", 0, lockHistory, lockBackForwardList, SendReferrer, ReplaceDocumentIfJavaScriptURL);
+ urlSelected(FrameLoadRequest(securityOrigin, ResourceRequest(url, referrer, refresh ? ReloadIgnoringCacheData : UseProtocolCachePolicy), "_self"),
+ 0, lockHistory, lockBackForwardList, SendReferrer, ReplaceDocumentIfJavaScriptURL);
}
void FrameLoader::urlSelected(const KURL& url, const String& passedTarget, PassRefPtr<Event> triggeringEvent, bool lockHistory, bool lockBackForwardList, ReferrerPolicy referrerPolicy)
{
- urlSelected(ResourceRequest(url), passedTarget, triggeringEvent, lockHistory, lockBackForwardList, referrerPolicy, DoNotReplaceDocumentIfJavaScriptURL);
+ urlSelected(FrameLoadRequest(m_frame->document()->securityOrigin(), ResourceRequest(url), passedTarget),
+ triggeringEvent, lockHistory, lockBackForwardList, referrerPolicy, DoNotReplaceDocumentIfJavaScriptURL);
}
// The shouldReplaceDocumentIfJavaScriptURL parameter will go away when the FIXME to eliminate the
// corresponding parameter from ScriptController::executeIfJavaScriptURL() is addressed.
-void FrameLoader::urlSelected(const ResourceRequest& request, const String& passedTarget, PassRefPtr<Event> triggeringEvent, bool lockHistory, bool lockBackForwardList, ReferrerPolicy referrerPolicy, ShouldReplaceDocumentIfJavaScriptURL shouldReplaceDocumentIfJavaScriptURL)
+void FrameLoader::urlSelected(const FrameLoadRequest& passedRequest, PassRefPtr<Event> triggeringEvent, bool lockHistory, bool lockBackForwardList, ReferrerPolicy referrerPolicy, ShouldReplaceDocumentIfJavaScriptURL shouldReplaceDocumentIfJavaScriptURL)
{
ASSERT(!m_suppressOpenerInNewFrame);
- if (m_frame->script()->executeIfJavaScriptURL(request.url(), shouldReplaceDocumentIfJavaScriptURL))
- return;
+ FrameLoadRequest frameRequest(passedRequest);
- String target = passedTarget;
- if (target.isEmpty())
- target = m_frame->document()->baseTarget();
+ if (m_frame->script()->executeIfJavaScriptURL(frameRequest.resourceRequest().url(), shouldReplaceDocumentIfJavaScriptURL))
+ return;
- FrameLoadRequest frameRequest(request, target);
+ if (frameRequest.frameName().isEmpty())
+ frameRequest.setFrameName(m_frame->document()->baseTarget());
if (referrerPolicy == NoReferrer)
m_suppressOpenerInNewFrame = true;
- else if (frameRequest.resourceRequest().httpReferrer().isEmpty())
+ if (frameRequest.resourceRequest().httpReferrer().isEmpty())
frameRequest.resourceRequest().setHTTPReferrer(m_outgoingReferrer);
addHTTPOriginIfNeeded(frameRequest.resourceRequest(), outgoingOrigin());
@@ -1250,6 +1248,13 @@ void FrameLoader::loadFrameRequest(const FrameLoadRequest& request, bool lockHis
{
KURL url = request.resourceRequest().url();
+ ASSERT(m_frame->document());
+ // FIXME: Should we move the isFeedWithNestedProtocolInHTTPFamily logic inside SecurityOrigin::canDisplay?
+ if (!isFeedWithNestedProtocolInHTTPFamily(url) && !request.requester()->canDisplay(url)) {
+ reportLocalLoadFailed(m_frame, url.string());
+ return;
+ }
+
String referrer;
String argsReferrer = request.resourceRequest().httpReferrer();
if (!argsReferrer.isEmpty())
@@ -1257,15 +1262,6 @@ void FrameLoader::loadFrameRequest(const FrameLoadRequest& request, bool lockHis
else
referrer = m_outgoingReferrer;
- ASSERT(frame()->document());
- // FIXME: Should we move the isFeedWithNestedProtocolInHTTPFamily logic inside SecurityOrigin::canDisplay?
- if (!isFeedWithNestedProtocolInHTTPFamily(url)) {
- if (!frame()->document()->securityOrigin()->canDisplay(url) && !SecurityOrigin::deprecatedCanDisplay(referrer, url)) {
- reportLocalLoadFailed(m_frame, url.string());
- return;
- }
- }
-
if (SecurityOrigin::shouldHideReferrer(url, referrer) || referrerPolicy == NoReferrer)
referrer = String();
diff --git a/WebCore/loader/FrameLoader.h b/WebCore/loader/FrameLoader.h
index 76ad977..483a84d 100644
--- a/WebCore/loader/FrameLoader.h
+++ b/WebCore/loader/FrameLoader.h
@@ -214,7 +214,7 @@ public:
void setDefersLoading(bool);
- void changeLocation(const KURL&, const String& referrer, bool lockHistory = true, bool lockBackForwardList = true, bool refresh = false);
+ void changeLocation(PassRefPtr<SecurityOrigin>, const KURL&, const String& referrer, bool lockHistory = true, bool lockBackForwardList = true, bool refresh = false);
void urlSelected(const KURL&, const String& target, PassRefPtr<Event>, bool lockHistory, bool lockBackForwardList, ReferrerPolicy);
void submitForm(PassRefPtr<FormSubmission>);
@@ -383,7 +383,7 @@ private:
void dispatchDidCommitLoad();
- void urlSelected(const ResourceRequest&, const String& target, PassRefPtr<Event>, bool lockHistory, bool lockBackForwardList, ReferrerPolicy, ShouldReplaceDocumentIfJavaScriptURL);
+ void urlSelected(const FrameLoadRequest&, PassRefPtr<Event>, bool lockHistory, bool lockBackForwardList, ReferrerPolicy, ShouldReplaceDocumentIfJavaScriptURL);
void loadWithDocumentLoader(DocumentLoader*, FrameLoadType, PassRefPtr<FormState>); // Calls continueLoadAfterNavigationPolicy
void load(DocumentLoader*); // Calls loadWithDocumentLoader
diff --git a/WebCore/loader/NavigationScheduler.cpp b/WebCore/loader/NavigationScheduler.cpp
index 7c691ae..d2d0f7f 100644
--- a/WebCore/loader/NavigationScheduler.cpp
+++ b/WebCore/loader/NavigationScheduler.cpp
@@ -90,9 +90,10 @@ private:
};
class ScheduledURLNavigation : public ScheduledNavigation {
-public:
- ScheduledURLNavigation(double delay, const String& url, const String& referrer, bool lockHistory, bool lockBackForwardList, bool duringLoad, bool isLocationChange)
+protected:
+ ScheduledURLNavigation(double delay, PassRefPtr<SecurityOrigin> securityOrigin, const String& url, const String& referrer, bool lockHistory, bool lockBackForwardList, bool duringLoad, bool isLocationChange)
: ScheduledNavigation(delay, lockHistory, lockBackForwardList, duringLoad, isLocationChange)
+ , m_securityOrigin(securityOrigin)
, m_url(url)
, m_referrer(referrer)
, m_haveToldClient(false)
@@ -102,7 +103,7 @@ public:
virtual void fire(Frame* frame)
{
UserGestureIndicator gestureIndicator(wasUserGesture() ? DefinitelyProcessingUserGesture : DefinitelyNotProcessingUserGesture);
- frame->loader()->changeLocation(KURL(ParsedURLString, m_url), m_referrer, lockHistory(), lockBackForwardList(), false);
+ frame->loader()->changeLocation(m_securityOrigin, KURL(ParsedURLString, m_url), m_referrer, lockHistory(), lockBackForwardList(), false);
}
virtual void didStartTimer(Frame* frame, Timer<NavigationScheduler>* timer)
@@ -120,10 +121,12 @@ public:
frame->loader()->clientRedirectCancelledOrFinished(newLoadInProgress);
}
+ SecurityOrigin* securityOrigin() const { return m_securityOrigin.get(); }
String url() const { return m_url; }
String referrer() const { return m_referrer; }
private:
+ RefPtr<SecurityOrigin> m_securityOrigin;
String m_url;
String m_referrer;
bool m_haveToldClient;
@@ -131,8 +134,8 @@ private:
class ScheduledRedirect : public ScheduledURLNavigation {
public:
- ScheduledRedirect(double delay, const String& url, bool lockHistory, bool lockBackForwardList)
- : ScheduledURLNavigation(delay, url, String(), lockHistory, lockBackForwardList, false, false)
+ ScheduledRedirect(double delay, PassRefPtr<SecurityOrigin> securityOrigin, const String& url, bool lockHistory, bool lockBackForwardList)
+ : ScheduledURLNavigation(delay, securityOrigin, url, String(), lockHistory, lockBackForwardList, false, false)
{
clearUserGesture();
}
@@ -142,21 +145,21 @@ public:
class ScheduledLocationChange : public ScheduledURLNavigation {
public:
- ScheduledLocationChange(const String& url, const String& referrer, bool lockHistory, bool lockBackForwardList, bool duringLoad)
- : ScheduledURLNavigation(0.0, url, referrer, lockHistory, lockBackForwardList, duringLoad, true) { }
+ ScheduledLocationChange(PassRefPtr<SecurityOrigin> securityOrigin, const String& url, const String& referrer, bool lockHistory, bool lockBackForwardList, bool duringLoad)
+ : ScheduledURLNavigation(0.0, securityOrigin, url, referrer, lockHistory, lockBackForwardList, duringLoad, true) { }
};
class ScheduledRefresh : public ScheduledURLNavigation {
public:
- ScheduledRefresh(const String& url, const String& referrer)
- : ScheduledURLNavigation(0.0, url, referrer, true, true, false, true)
+ ScheduledRefresh(PassRefPtr<SecurityOrigin> securityOrigin, const String& url, const String& referrer)
+ : ScheduledURLNavigation(0.0, securityOrigin, url, referrer, true, true, false, true)
{
}
virtual void fire(Frame* frame)
{
UserGestureIndicator gestureIndicator(wasUserGesture() ? DefinitelyProcessingUserGesture : DefinitelyNotProcessingUserGesture);
- frame->loader()->changeLocation(KURL(ParsedURLString, url()), referrer(), lockHistory(), lockBackForwardList(), true);
+ frame->loader()->changeLocation(securityOrigin(), KURL(ParsedURLString, url()), referrer(), lockHistory(), lockBackForwardList(), true);
}
};
@@ -206,9 +209,10 @@ public:
// Now that the timer has fired, we need to repeat the security check which normally is done when
// selecting a target, in case conditions have changed. Other code paths avoid this by targeting
// without leaving a time window. If we fail the check just silently drop the form submission.
- if (!m_submission->state()->sourceFrame()->loader()->shouldAllowNavigation(frame))
+ Frame* requestingFrame = m_submission->state()->sourceFrame();
+ if (!requestingFrame->loader()->shouldAllowNavigation(frame))
return;
- FrameLoadRequest frameRequest;
+ FrameLoadRequest frameRequest(requestingFrame->document()->securityOrigin());
m_submission->populateFrameLoadRequest(frameRequest);
frame->loader()->loadFrameRequest(frameRequest, lockHistory(), lockBackForwardList(), m_submission->event(), m_submission->state(), SendReferrer);
}
@@ -270,7 +274,7 @@ void NavigationScheduler::scheduleRedirect(double delay, const String& url)
// We want a new back/forward list item if the refresh timeout is > 1 second.
if (!m_redirect || delay <= m_redirect->delay())
- schedule(adoptPtr(new ScheduledRedirect(delay, url, true, delay <= 1)));
+ schedule(adoptPtr(new ScheduledRedirect(delay, m_frame->document()->securityOrigin(), url, true, delay <= 1)));
}
bool NavigationScheduler::mustLockBackForwardList(Frame* targetFrame)
@@ -291,7 +295,7 @@ bool NavigationScheduler::mustLockBackForwardList(Frame* targetFrame)
return false;
}
-void NavigationScheduler::scheduleLocationChange(const String& url, const String& referrer, bool lockHistory, bool lockBackForwardList)
+void NavigationScheduler::scheduleLocationChange(PassRefPtr<SecurityOrigin> securityOrigin, const String& url, const String& referrer, bool lockHistory, bool lockBackForwardList)
{
if (!m_frame->page())
return;
@@ -306,7 +310,7 @@ void NavigationScheduler::scheduleLocationChange(const String& url, const String
// fragment part, we don't need to schedule the location change.
KURL parsedURL(ParsedURLString, url);
if (parsedURL.hasFragmentIdentifier() && equalIgnoringFragmentIdentifier(loader->url(), parsedURL)) {
- loader->changeLocation(loader->completeURL(url), referrer, lockHistory, lockBackForwardList);
+ loader->changeLocation(securityOrigin, loader->completeURL(url), referrer, lockHistory, lockBackForwardList);
return;
}
@@ -314,7 +318,7 @@ void NavigationScheduler::scheduleLocationChange(const String& url, const String
// This may happen when a frame changes the location of another frame.
bool duringLoad = !loader->stateMachine()->committedFirstRealDocumentLoad();
- schedule(adoptPtr(new ScheduledLocationChange(url, referrer, lockHistory, lockBackForwardList, duringLoad)));
+ schedule(adoptPtr(new ScheduledLocationChange(securityOrigin, url, referrer, lockHistory, lockBackForwardList, duringLoad)));
}
void NavigationScheduler::scheduleFormSubmission(PassRefPtr<FormSubmission> submission)
@@ -346,7 +350,7 @@ void NavigationScheduler::scheduleRefresh()
if (url.isEmpty())
return;
- schedule(adoptPtr(new ScheduledRefresh(url.string(), m_frame->loader()->outgoingReferrer())));
+ schedule(adoptPtr(new ScheduledRefresh(m_frame->document()->securityOrigin(), url.string(), m_frame->loader()->outgoingReferrer())));
}
void NavigationScheduler::scheduleHistoryNavigation(int steps)
diff --git a/WebCore/loader/NavigationScheduler.h b/WebCore/loader/NavigationScheduler.h
index 1400c25..4f3bebc 100644
--- a/WebCore/loader/NavigationScheduler.h
+++ b/WebCore/loader/NavigationScheduler.h
@@ -43,9 +43,10 @@ namespace WebCore {
class FormState;
class FormSubmission;
class Frame;
+class ScheduledNavigation;
+class SecurityOrigin;
struct FrameLoadRequest;
-class ScheduledNavigation;
class NavigationScheduler : public Noncopyable {
public:
@@ -56,7 +57,7 @@ public:
bool locationChangePending();
void scheduleRedirect(double delay, const String& url);
- void scheduleLocationChange(const String& url, const String& referrer, bool lockHistory = true, bool lockBackForwardList = true);
+ void scheduleLocationChange(PassRefPtr<SecurityOrigin>, const String& url, const String& referrer, bool lockHistory = true, bool lockBackForwardList = true);
void scheduleFormSubmission(PassRefPtr<FormSubmission>);
void scheduleRefresh();
void scheduleHistoryNavigation(int steps);
diff --git a/WebCore/loader/SubframeLoader.cpp b/WebCore/loader/SubframeLoader.cpp
index d486de0..dd2b8de 100644
--- a/WebCore/loader/SubframeLoader.cpp
+++ b/WebCore/loader/SubframeLoader.cpp
@@ -239,7 +239,7 @@ Frame* SubframeLoader::loadOrRedirectSubframe(HTMLFrameOwnerElement* ownerElemen
{
Frame* frame = ownerElement->contentFrame();
if (frame)
- frame->navigationScheduler()->scheduleLocationChange(url.string(), m_frame->loader()->outgoingReferrer(), lockHistory, lockBackForwardList);
+ frame->navigationScheduler()->scheduleLocationChange(m_frame->document()->securityOrigin(), url.string(), m_frame->loader()->outgoingReferrer(), lockHistory, lockBackForwardList);
else
frame = loadSubframe(ownerElement, url, frameName, m_frame->loader()->outgoingReferrer());
return frame;
diff --git a/WebCore/loader/appcache/ApplicationCacheGroup.cpp b/WebCore/loader/appcache/ApplicationCacheGroup.cpp
index 8d5d5c0..6454b90 100644
--- a/WebCore/loader/appcache/ApplicationCacheGroup.cpp
+++ b/WebCore/loader/appcache/ApplicationCacheGroup.cpp
@@ -178,7 +178,7 @@ void ApplicationCacheGroup::selectCache(Frame* frame, const KURL& passedManifest
// Restart the current navigation from the top of the navigation algorithm, undoing any changes that were made
// as part of the initial load.
// The navigation will not result in the same resource being loaded, because "foreign" entries are never picked during navigation.
- frame->navigationScheduler()->scheduleLocationChange(documentLoader->url(), frame->loader()->referrer(), true);
+ frame->navigationScheduler()->scheduleLocationChange(frame->document()->securityOrigin(), documentLoader->url(), frame->loader()->referrer(), true);
}
return;
diff --git a/WebCore/page/ContextMenuController.cpp b/WebCore/page/ContextMenuController.cpp
index 1f71d09..8f2f7ce 100644
--- a/WebCore/page/ContextMenuController.cpp
+++ b/WebCore/page/ContextMenuController.cpp
@@ -140,8 +140,9 @@ void ContextMenuController::showContextMenu(Event* event)
static void openNewWindow(const KURL& urlToLoad, Frame* frame)
{
if (Page* oldPage = frame->page()) {
+ FrameLoadRequest request(frame->document()->securityOrigin(), ResourceRequest(urlToLoad, frame->loader()->outgoingReferrer()));
WindowFeatures features;
- if (Page* newPage = oldPage->chrome()->createWindow(frame, FrameLoadRequest(ResourceRequest(urlToLoad, frame->loader()->outgoingReferrer())), features, NavigationAction()))
+ if (Page* newPage = oldPage->chrome()->createWindow(frame, request, features, NavigationAction()))
newPage->chrome()->show();
}
}
@@ -273,7 +274,7 @@ void ContextMenuController::contextMenuItemSelected(ContextMenuItem* item)
break;
case ContextMenuItemTagOpenLink:
if (Frame* targetFrame = result.targetFrame())
- targetFrame->loader()->loadFrameRequest(FrameLoadRequest(ResourceRequest(result.absoluteLinkURL(), frame->loader()->outgoingReferrer())), false, false, 0, 0, SendReferrer);
+ targetFrame->loader()->loadFrameRequest(FrameLoadRequest(frame->document()->securityOrigin(), ResourceRequest(result.absoluteLinkURL(), frame->loader()->outgoingReferrer())), false, false, 0, 0, SendReferrer);
else
openNewWindow(result.absoluteLinkURL(), frame);
break;
diff --git a/WebCore/page/FrameLoadRequest.h b/WebCore/page/FrameLoadRequest.h
index b84a1ec..aa7e4a8 100644
--- a/WebCore/page/FrameLoadRequest.h
+++ b/WebCore/page/FrameLoadRequest.h
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2003, 2006 Apple Computer, Inc. All rights reserved.
+ * Copyright (C) 2003, 2006, 2010 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -27,28 +27,34 @@
#define FrameLoadRequest_h
#include "ResourceRequest.h"
+#include "SecurityOrigin.h"
namespace WebCore {
struct FrameLoadRequest {
public:
- FrameLoadRequest()
+ explicit FrameLoadRequest(PassRefPtr<SecurityOrigin> requester)
+ : m_requester(requester)
{
}
- FrameLoadRequest(const ResourceRequest& resourceRequest)
- : m_resourceRequest(resourceRequest)
+ FrameLoadRequest(PassRefPtr<SecurityOrigin> requester, const ResourceRequest& resourceRequest)
+ : m_requester(requester)
+ , m_resourceRequest(resourceRequest)
{
}
- FrameLoadRequest(const ResourceRequest& resourceRequest, const String& frameName)
- : m_resourceRequest(resourceRequest)
+ FrameLoadRequest(PassRefPtr<SecurityOrigin> requester, const ResourceRequest& resourceRequest, const String& frameName)
+ : m_requester(requester)
+ , m_resourceRequest(resourceRequest)
, m_frameName(frameName)
{
}
bool isEmpty() const { return m_resourceRequest.isEmpty(); }
+ const SecurityOrigin* requester() const { return m_requester.get(); }
+
ResourceRequest& resourceRequest() { return m_resourceRequest; }
const ResourceRequest& resourceRequest() const { return m_resourceRequest; }
@@ -56,6 +62,7 @@ namespace WebCore {
void setFrameName(const String& frameName) { m_frameName = frameName; }
private:
+ RefPtr<SecurityOrigin> m_requester;
ResourceRequest m_resourceRequest;
String m_frameName;
};
diff --git a/WebCore/page/XSSAuditor.cpp b/WebCore/page/XSSAuditor.cpp
index 1940d52..1b0e83f 100644
--- a/WebCore/page/XSSAuditor.cpp
+++ b/WebCore/page/XSSAuditor.cpp
@@ -339,7 +339,7 @@ bool XSSAuditor::findInRequest(const FindTask& task) const
case XSSProtectionBlockEnabled:
if (blockFrame) {
blockFrame->loader()->stopAllLoaders();
- blockFrame->navigationScheduler()->scheduleLocationChange(blankURL(), String());
+ blockFrame->navigationScheduler()->scheduleLocationChange(blockFrame->document()->securityOrigin(), blankURL(), String());
}
break;
default:
diff --git a/WebKit/chromium/ChangeLog b/WebKit/chromium/ChangeLog
index 7d95846..56b9bce 100644
--- a/WebKit/chromium/ChangeLog
+++ b/WebKit/chromium/ChangeLog
@@ -1,3 +1,18 @@
+2010-12-06 Darin Adler <darin at apple.com>
+
+ Reviewed by Sam Weinig.
+
+ Pass security origin to make local file decision correctly
+ https://bugs.webkit.org/show_bug.cgi?id=48603
+
+ * src/ApplicationCacheHost.cpp:
+ (WebCore::ApplicationCacheHost::selectCacheWithManifest): Pass security origin.
+ * src/FrameLoaderClientImpl.cpp:
+ (WebKit::FrameLoaderClientImpl::dispatchCreatePage): Ditto.
+ (WebKit::FrameLoaderClientImpl::createFrame): Ditto.
+ * src/WebPluginContainerImpl.cpp:
+ (WebKit::WebPluginContainerImpl::loadFrameRequest): Ditto.
+
2010-12-07 Martin Robinson <mrobinson at igalia.com>
Unreviewed, rolling out r73392.
diff --git a/WebKit/chromium/src/ApplicationCacheHost.cpp b/WebKit/chromium/src/ApplicationCacheHost.cpp
index a6e66c6..85dfd20 100644
--- a/WebKit/chromium/src/ApplicationCacheHost.cpp
+++ b/WebKit/chromium/src/ApplicationCacheHost.cpp
@@ -106,9 +106,9 @@ void ApplicationCacheHost::selectCacheWithManifest(const KURL& manifestURL)
// same resource being loaded, because "foreign" entries are never picked
// during navigation.
// see WebCore::ApplicationCacheGroup::selectCache()
- const KURL& docURL = m_documentLoader->frame()->document()->url();
- String referrer = m_documentLoader->frameLoader()->referrer();
- m_documentLoader->frame()->navigationScheduler()->scheduleLocationChange(docURL, referrer);
+ Frame* frame = m_documentLoader->frame();
+ frame->navigationScheduler()->scheduleLocationChange(frame->document()->securityOrigin(),
+ frame->document()->url(), frame->loader()->referrer());
}
}
}
diff --git a/WebKit/chromium/src/FrameLoaderClientImpl.cpp b/WebKit/chromium/src/FrameLoaderClientImpl.cpp
index 9d79599..9beef26 100644
--- a/WebKit/chromium/src/FrameLoaderClientImpl.cpp
+++ b/WebKit/chromium/src/FrameLoaderClientImpl.cpp
@@ -817,7 +817,8 @@ Frame* FrameLoaderClientImpl::dispatchCreatePage(const NavigationAction& action)
{
struct WindowFeatures features;
Page* newPage = m_webFrame->frame()->page()->chrome()->createWindow(
- m_webFrame->frame(), FrameLoadRequest(), features, action);
+ m_webFrame->frame(), FrameLoadRequest(m_webFrame->frame()->document()->securityOrigin()),
+ features, action);
// Make sure that we have a valid disposition. This should have been set in
// the preceeding call to dispatchDecidePolicyForNewWindowAction.
@@ -1378,7 +1379,8 @@ PassRefPtr<Frame> FrameLoaderClientImpl::createFrame(
int marginWidth,
int marginHeight)
{
- FrameLoadRequest frameRequest(ResourceRequest(url, referrer), name);
+ FrameLoadRequest frameRequest(m_webFrame->frame()->document()->securityOrigin(),
+ ResourceRequest(url, referrer), name);
return m_webFrame->createChildFrame(frameRequest, ownerElement);
}
diff --git a/WebKit/chromium/src/WebPluginContainerImpl.cpp b/WebKit/chromium/src/WebPluginContainerImpl.cpp
index 43d9757..90c7f65 100644
--- a/WebKit/chromium/src/WebPluginContainerImpl.cpp
+++ b/WebKit/chromium/src/WebPluginContainerImpl.cpp
@@ -365,8 +365,8 @@ void WebPluginContainerImpl::loadFrameRequest(
WebDataSourceImpl::setNextPluginLoadObserver(observer);
}
- FrameLoadRequest frameRequest(request.toResourceRequest());
- frameRequest.setFrameName(target);
+ FrameLoadRequest frameRequest(frame->document()->securityOrigin(),
+ request.toResourceRequest(), target);
frame->loader()->loadFrameRequest(
frameRequest,
diff --git a/WebKit/mac/ChangeLog b/WebKit/mac/ChangeLog
index bc4bb8a..ee78843 100644
--- a/WebKit/mac/ChangeLog
+++ b/WebKit/mac/ChangeLog
@@ -1,3 +1,13 @@
+2010-12-06 Darin Adler <darin at apple.com>
+
+ Reviewed by Sam Weinig.
+
+ Pass security origin to make local file decision correctly
+ https://bugs.webkit.org/show_bug.cgi?id=48603
+
+ * WebView/WebPDFView.mm:
+ (-[WebPDFView PDFViewWillClickOnLink:withURL:]): Pass security origin.
+
2010-12-07 Martin Robinson <mrobinson at igalia.com>
Unreviewed, rolling out r73392.
diff --git a/WebKit/mac/WebView/WebPDFView.mm b/WebKit/mac/WebView/WebPDFView.mm
index 032a112..0f54980 100644
--- a/WebKit/mac/WebView/WebPDFView.mm
+++ b/WebKit/mac/WebView/WebPDFView.mm
@@ -976,7 +976,8 @@ static BOOL isFrameInRange(WebFrame *frame, DOMRange *range)
}
// Call to the frame loader because this is where our security checks are made.
- core([dataSource webFrame])->loader()->loadFrameRequest(ResourceRequest(URL), false, false, event.get(), 0, SendReferrer);
+ Frame* frame = core([dataSource webFrame]);
+ frame->loader()->loadFrameRequest(FrameLoadRequest(frame->document()->securityOrigin(), ResourceRequest(URL)), false, false, event.get(), 0, SendReferrer);
}
- (void)PDFViewOpenPDFInNativeApplication:(PDFView *)sender
diff --git a/WebKit/qt/Api/qwebpage.cpp b/WebKit/qt/Api/qwebpage.cpp
index 030923f..fdb2de0 100644
--- a/WebKit/qt/Api/qwebpage.cpp
+++ b/WebKit/qt/Api/qwebpage.cpp
@@ -2244,8 +2244,8 @@ bool QWebPage::supportsContentType(const QString& mimeType) const
static WebCore::FrameLoadRequest frameLoadRequest(const QUrl &url, WebCore::Frame *frame)
{
- WebCore::ResourceRequest rr(url, frame->loader()->outgoingReferrer());
- return WebCore::FrameLoadRequest(rr);
+ return WebCore::FrameLoadRequest(frame->document()->securityOrigin,
+ WebCore::ResourceRequest(url, frame->loader()->outgoingReferrer()));
}
static void openNewWindow(const QUrl& url, WebCore::Frame* frame)
diff --git a/WebKit/qt/ChangeLog b/WebKit/qt/ChangeLog
index 9d73ff9..99642ef 100644
--- a/WebKit/qt/ChangeLog
+++ b/WebKit/qt/ChangeLog
@@ -1,3 +1,13 @@
+2010-12-06 Darin Adler <darin at apple.com>
+
+ Reviewed by Sam Weinig.
+
+ Pass security origin to make local file decision correctly
+ https://bugs.webkit.org/show_bug.cgi?id=48603
+
+ * Api/qwebpage.cpp:
+ (frameLoadRequest): Pass security origin.
+
2010-12-07 Martin Robinson <mrobinson at igalia.com>
Unreviewed, rolling out r73392.
diff --git a/WebKit/win/ChangeLog b/WebKit/win/ChangeLog
index c0e22d0..f43aede 100644
--- a/WebKit/win/ChangeLog
+++ b/WebKit/win/ChangeLog
@@ -1,3 +1,13 @@
+2010-12-06 Darin Adler <darin at apple.com>
+
+ Reviewed by Sam Weinig.
+
+ Pass security origin to make local file decision correctly
+ https://bugs.webkit.org/show_bug.cgi?id=48603
+
+ * WebCoreSupport/WebContextMenuClient.cpp:
+ (WebContextMenuClient::searchWithGoogle): Pass security origin.
+
2010-12-07 Kenichi Ishibashi <bashi at google.com>
Reviewed by Kent Tamura.
diff --git a/WebKit/win/WebCoreSupport/WebContextMenuClient.cpp b/WebKit/win/WebCoreSupport/WebContextMenuClient.cpp
index ede44e2..25403ab 100644
--- a/WebKit/win/WebCoreSupport/WebContextMenuClient.cpp
+++ b/WebKit/win/WebCoreSupport/WebContextMenuClient.cpp
@@ -105,7 +105,8 @@ void WebContextMenuClient::searchWithGoogle(const Frame* frame)
if (Page* page = frame->page()) {
UserGestureIndicator indicator(DefinitelyProcessingUserGesture);
- page->mainFrame()->loader()->urlSelected(KURL(ParsedURLString, url), String(), 0, false, false, SendReferrer);
+ page->mainFrame()->loader()->urlSelected(page->mainFrame()->document()->securityOrigin(),
+ KURL(ParsedURLString, url), String(), 0, false, false, SendReferrer);
}
}
diff --git a/WebKit2/ChangeLog b/WebKit2/ChangeLog
index 735c6a0..43101ca 100644
--- a/WebKit2/ChangeLog
+++ b/WebKit2/ChangeLog
@@ -1,3 +1,15 @@
+2010-12-06 Darin Adler <darin at apple.com>
+
+ Reviewed by Sam Weinig.
+
+ Pass security origin to make local file decision correctly
+ https://bugs.webkit.org/show_bug.cgi?id=48603
+
+ * WebProcess/Plugins/PluginView.cpp:
+ (WebKit::PluginView::loadURL): Pass security origin.
+ * WebProcess/WebCoreSupport/WebFrameLoaderClient.cpp:
+ (WebKit::WebFrameLoaderClient::dispatchCreatePage): Ditto.
+
2010-12-06 Simon Fraser <simon.fraser at apple.com>
Reviewed by Sam Weinig.
diff --git a/WebKit2/WebProcess/Plugins/PluginView.cpp b/WebKit2/WebProcess/Plugins/PluginView.cpp
index 8d9b9b2..f6e4925 100644
--- a/WebKit2/WebProcess/Plugins/PluginView.cpp
+++ b/WebKit2/WebProcess/Plugins/PluginView.cpp
@@ -749,12 +749,12 @@ String PluginView::userAgent()
void PluginView::loadURL(uint64_t requestID, const String& method, const String& urlString, const String& target,
const HTTPHeaderMap& headerFields, const Vector<uint8_t>& httpBody, bool allowPopups)
{
- FrameLoadRequest frameLoadRequest;
- frameLoadRequest.setFrameName(target);
+ FrameLoadRequest frameLoadRequest(m_pluginElement->document()->securityOrigin());
frameLoadRequest.resourceRequest().setHTTPMethod(method);
frameLoadRequest.resourceRequest().setURL(m_pluginElement->document()->completeURL(urlString));
frameLoadRequest.resourceRequest().addHTTPHeaderFields(headerFields);
frameLoadRequest.resourceRequest().setHTTPBody(FormData::create(httpBody.data(), httpBody.size()));
+ frameLoadRequest.setFrameName(target);
m_pendingURLRequests.append(URLRequest::create(requestID, frameLoadRequest, allowPopups));
m_pendingURLRequestsTimer.startOneShot(0);
diff --git a/WebKit2/WebProcess/WebCoreSupport/WebFrameLoaderClient.cpp b/WebKit2/WebProcess/WebCoreSupport/WebFrameLoaderClient.cpp
index 1cd04f1..b882d0e 100644
--- a/WebKit2/WebProcess/WebCoreSupport/WebFrameLoaderClient.cpp
+++ b/WebKit2/WebProcess/WebCoreSupport/WebFrameLoaderClient.cpp
@@ -510,7 +510,7 @@ Frame* WebFrameLoaderClient::dispatchCreatePage(const NavigationAction& navigati
return 0;
// Just call through to the chrome client.
- Page* newPage = webPage->corePage()->chrome()->createWindow(m_frame->coreFrame(), FrameLoadRequest(), WindowFeatures(), navigationAction);
+ Page* newPage = webPage->corePage()->chrome()->createWindow(m_frame->coreFrame(), FrameLoadRequest(m_frame->coreFrame()->document()->securityOrigin()), WindowFeatures(), navigationAction);
if (!newPage)
return 0;
--
WebKit Debian packaging
More information about the Pkg-webkit-commits
mailing list