[SCM] WebKit Debian packaging branch, webkit-1.1, updated. upstream/1.1.22-985-g3c00f00

eric at webkit.org eric at webkit.org
Wed Mar 17 18:04:34 UTC 2010 

The following commit has been merged in the webkit-1.1 branch:
commit 99a12ff447793ca01732c94c97c8af25405dc4e5
Author: eric at webkit.org <eric at webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date:   Sat Feb 27 03:20:22 2010 +0000

    2010-02-26  Adam Barth  <abarth at webkit.org>
    
            Reviewed by Darin Fisher.
    
            Expose an API for ports to add schemes to the mixed content whitelist
            https://bugs.webkit.org/show_bug.cgi?id=35438
    
            Add a notion of a "secure" scheme that doesn't trigger mixed content
            warnings.  Let folks register new secure schemes in the same way they
            can register "local" schemes.
    
            * loader/FrameLoader.cpp:
            (WebCore::FrameLoader::isMixedContent):
            * page/SecurityOrigin.cpp:
            (WebCore::secureSchemes):
            (WebCore::SecurityOrigin::registerURLSchemeAsSecure):
            (WebCore::SecurityOrigin::shouldTreatURLSchemeAsSecure):
            * page/SecurityOrigin.h:
    2010-02-26  Adam Barth  <abarth at webkit.org>
    
            Reviewed by Darin Fisher.
    
            Expose an API for ports to add schemes to the mixed content whitelist
            https://bugs.webkit.org/show_bug.cgi?id=35438
    
            Expose registerURLSchemeAsSecure via the WebKit API.
    
            * public/WebSecurityPolicy.h:
            * src/WebSecurityPolicy.cpp:
            (WebKit::WebSecurityPolicy::registerURLSchemeAsSecure):
    
    git-svn-id: http://svn.webkit.org/repository/webkit/trunk@55335 268f45cc-cd09-0410-ab3c-d52691b4dbfc

diff --git a/WebCore/ChangeLog b/WebCore/ChangeLog
index f73a912..e58173c 100644
--- a/WebCore/ChangeLog
+++ b/WebCore/ChangeLog
@@ -1,3 +1,22 @@
+2010-02-26  Adam Barth  <abarth at webkit.org>
+
+        Reviewed by Darin Fisher.
+
+        Expose an API for ports to add schemes to the mixed content whitelist
+        https://bugs.webkit.org/show_bug.cgi?id=35438
+
+        Add a notion of a "secure" scheme that doesn't trigger mixed content
+        warnings.  Let folks register new secure schemes in the same way they
+        can register "local" schemes.
+
+        * loader/FrameLoader.cpp:
+        (WebCore::FrameLoader::isMixedContent):
+        * page/SecurityOrigin.cpp:
+        (WebCore::secureSchemes):
+        (WebCore::SecurityOrigin::registerURLSchemeAsSecure):
+        (WebCore::SecurityOrigin::shouldTreatURLSchemeAsSecure):
+        * page/SecurityOrigin.h:
+
 2010-02-26  Noam Rosenthal  <noam.rosenthal at nokia.com>
 
         Reviewed by Kenneth Rohde Christiansen.
diff --git a/WebCore/loader/FrameLoader.cpp b/WebCore/loader/FrameLoader.cpp
index ebca1cb..13396ec 100644
--- a/WebCore/loader/FrameLoader.cpp
+++ b/WebCore/loader/FrameLoader.cpp
@@ -1400,7 +1400,7 @@ bool FrameLoader::isMixedContent(SecurityOrigin* context, const KURL& url)
     if (context->protocol() != "https")
         return false;  // We only care about HTTPS security origins.
 
-    if (!url.isValid() || url.protocolIs("https") || url.protocolIs("about") || url.protocolIs("data"))
+    if (!url.isValid() || SecurityOrigin::shouldTreatURLSchemeAsSecure(url.protocol()))
         return false;  // Loading these protocols is secure.
 
     return true;
diff --git a/WebCore/page/SecurityOrigin.cpp b/WebCore/page/SecurityOrigin.cpp
index fe6efbd..63e4898 100644
--- a/WebCore/page/SecurityOrigin.cpp
+++ b/WebCore/page/SecurityOrigin.cpp
@@ -65,6 +65,19 @@ static URLSchemesMap& localSchemes()
     return localSchemes;
 }
 
+static URLSchemesMap& secureSchemes()
+{
+    DEFINE_STATIC_LOCAL(URLSchemesMap, secureSchemes, ());
+
+    if (secureSchemes.isEmpty()) {
+        secureSchemes.add("https");
+        secureSchemes.add("about");
+        secureSchemes.add("data");
+    }
+
+    return secureSchemes;
+}
+
 static URLSchemesMap& schemesWithUniqueOrigins()
 {
     DEFINE_STATIC_LOCAL(URLSchemesMap, schemesWithUniqueOrigins, ());
@@ -477,6 +490,16 @@ bool SecurityOrigin::shouldTreatURLSchemeAsNoAccess(const String& scheme)
     return schemesWithUniqueOrigins().contains(scheme);
 }
 
+void SecurityOrigin::registerURLSchemeAsSecure(const String& scheme)
+{
+    secureSchemes().add(scheme);
+}
+
+bool SecurityOrigin::shouldTreatURLSchemeAsSecure(const String& scheme)
+{
+    return secureSchemes().contains(scheme);
+}
+
 bool SecurityOrigin::shouldHideReferrer(const KURL& url, const String& referrer)
 {
     bool referrerIsSecureURL = protocolIs(referrer, "https");
diff --git a/WebCore/page/SecurityOrigin.h b/WebCore/page/SecurityOrigin.h
index c96bb83..2f39aee 100644
--- a/WebCore/page/SecurityOrigin.h
+++ b/WebCore/page/SecurityOrigin.h
@@ -174,6 +174,12 @@ public:
     static bool shouldTreatURLAsLocal(const String&);
     static bool shouldTreatURLSchemeAsLocal(const String&);
 
+    // Secure schemes do not trigger mixed content warnings. For example,
+    // https and data are secure schemes because they cannot be corrupted by
+    // active network attackers.
+    static void registerURLSchemeAsSecure(const String&);
+    static bool shouldTreatURLSchemeAsSecure(const String&);
+
     static bool shouldHideReferrer(const KURL&, const String& referrer);
 
     enum LocalLoadPolicy {
diff --git a/WebKit/chromium/ChangeLog b/WebKit/chromium/ChangeLog
index ed3368e..a7ccbe5 100644
--- a/WebKit/chromium/ChangeLog
+++ b/WebKit/chromium/ChangeLog
@@ -1,3 +1,16 @@
+2010-02-26  Adam Barth  <abarth at webkit.org>
+
+        Reviewed by Darin Fisher.
+
+        Expose an API for ports to add schemes to the mixed content whitelist
+        https://bugs.webkit.org/show_bug.cgi?id=35438
+
+        Expose registerURLSchemeAsSecure via the WebKit API.
+
+        * public/WebSecurityPolicy.h:
+        * src/WebSecurityPolicy.cpp:
+        (WebKit::WebSecurityPolicy::registerURLSchemeAsSecure):
+
 2010-02-26  Brett Wilson  <brettw at chromium.org>
 
         Fix chromium build. This test's expectation became obsolete with
diff --git a/WebKit/chromium/public/WebSecurityPolicy.h b/WebKit/chromium/public/WebSecurityPolicy.h
index 8e1ee52..815f471 100644
--- a/WebKit/chromium/public/WebSecurityPolicy.h
+++ b/WebKit/chromium/public/WebSecurityPolicy.h
@@ -50,6 +50,10 @@ public:
     // any other URL scheme.
     WEBKIT_API static void registerURLSchemeAsNoAccess(const WebString&);
 
+    // Registers a URL scheme to not generate mixed content warnings when
+    // included by an HTTPS page.
+    WEBKIT_API static void registerURLSchemeAsSecure(const WebString&);
+
     // Support for whitelisting access to origins beyond the same-origin policy.
     WEBKIT_API static void whiteListAccessFromOrigin(
         const WebURL& sourceOrigin, const WebString& destinationProtocol,
diff --git a/WebKit/chromium/src/WebSecurityPolicy.cpp b/WebKit/chromium/src/WebSecurityPolicy.cpp
index 48b445c..5d4674e 100644
--- a/WebKit/chromium/src/WebSecurityPolicy.cpp
+++ b/WebKit/chromium/src/WebSecurityPolicy.cpp
@@ -51,6 +51,11 @@ void WebSecurityPolicy::registerURLSchemeAsNoAccess(const WebString& scheme)
     SecurityOrigin::registerURLSchemeAsNoAccess(scheme);
 }
 
+void WebSecurityPolicy::registerURLSchemeAsSecure(const WebString& scheme)
+{
+    SecurityOrigin::registerURLSchemeAsSecure(scheme);
+}
+
 void WebSecurityPolicy::whiteListAccessFromOrigin(const WebURL& sourceOrigin,
     const WebString& destinationProtocol,
     const WebString& destinationHost,

-- 
WebKit Debian packaging

More information about the Pkg-webkit-commits mailing list