author | eckhart.koppen@nokia.com |
Wed, 31 Mar 2010 11:06:36 +0300 | |
changeset 7 | f7bc934e204c |
parent 3 | 41300fa6a67c |
child 30 | 5dc02b23752f |
permissions | -rw-r--r-- |
0 | 1 |
/* |
2 |
* Copyright (C) 2007,2008 Apple Inc. All rights reserved. |
|
3 |
* |
|
4 |
* Redistribution and use in source and binary forms, with or without |
|
5 |
* modification, are permitted provided that the following conditions |
|
6 |
* are met: |
|
7 |
* |
|
8 |
* 1. Redistributions of source code must retain the above copyright |
|
9 |
* notice, this list of conditions and the following disclaimer. |
|
10 |
* 2. Redistributions in binary form must reproduce the above copyright |
|
11 |
* notice, this list of conditions and the following disclaimer in the |
|
12 |
* documentation and/or other materials provided with the distribution. |
|
13 |
* 3. Neither the name of Apple Computer, Inc. ("Apple") nor the names of |
|
14 |
* its contributors may be used to endorse or promote products derived |
|
15 |
* from this software without specific prior written permission. |
|
16 |
* |
|
17 |
* THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY |
|
18 |
* EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED |
|
19 |
* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE |
|
20 |
* DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY |
|
21 |
* DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES |
|
22 |
* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; |
|
23 |
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND |
|
24 |
* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT |
|
25 |
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
|
26 |
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
|
27 |
*/ |
|
28 |
||
29 |
#ifndef SecurityOrigin_h |
|
30 |
#define SecurityOrigin_h |
|
31 |
||
32 |
#include <wtf/HashSet.h> |
|
33 |
#include <wtf/RefCounted.h> |
|
34 |
#include <wtf/PassRefPtr.h> |
|
35 |
#include <wtf/Threading.h> |
|
36 |
||
37 |
#include "PlatformString.h" |
|
38 |
#include "StringHash.h" |
|
39 |
||
40 |
namespace WebCore { |
|
41 |
||
42 |
typedef HashSet<String, CaseFoldingHash> URLSchemesMap; |
|
43 |
||
44 |
class Document; |
|
45 |
class KURL; |
|
46 |
||
47 |
class SecurityOrigin : public ThreadSafeShared<SecurityOrigin> { |
|
48 |
public: |
|
49 |
static PassRefPtr<SecurityOrigin> createFromDatabaseIdentifier(const String&); |
|
50 |
static PassRefPtr<SecurityOrigin> createFromString(const String&); |
|
51 |
static PassRefPtr<SecurityOrigin> create(const KURL&); |
|
52 |
static PassRefPtr<SecurityOrigin> createEmpty(); |
|
53 |
||
54 |
// Create a deep copy of this SecurityOrigin. This method is useful |
|
55 |
// when marshalling a SecurityOrigin to another thread. |
|
56 |
PassRefPtr<SecurityOrigin> threadsafeCopy(); |
|
57 |
||
58 |
// Set the domain property of this security origin to newDomain. This |
|
59 |
// function does not check whether newDomain is a suffix of the current |
|
60 |
// domain. The caller is responsible for validating newDomain. |
|
61 |
void setDomainFromDOM(const String& newDomain); |
|
62 |
bool domainWasSetInDOM() const { return m_domainWasSetInDOM; } |
|
63 |
||
64 |
String protocol() const { return m_protocol; } |
|
65 |
String host() const { return m_host; } |
|
66 |
String domain() const { return m_domain; } |
|
67 |
unsigned short port() const { return m_port; } |
|
68 |
||
69 |
// Returns true if this SecurityOrigin can script objects in the given |
|
70 |
// SecurityOrigin. For example, call this function before allowing |
|
71 |
// script from one security origin to read or write objects from |
|
72 |
// another SecurityOrigin. |
|
73 |
bool canAccess(const SecurityOrigin*) const; |
|
74 |
||
75 |
// Returns true if this SecurityOrigin can read content retrieved from |
|
76 |
// the given URL. For example, call this function before issuing |
|
77 |
// XMLHttpRequests. |
|
78 |
bool canRequest(const KURL&) const; |
|
79 |
||
80 |
// Returns true if drawing an image from this URL taints a canvas from |
|
81 |
// this security origin. For example, call this function before |
|
82 |
// drawing an image onto an HTML canvas element with the drawImage API. |
|
83 |
bool taintsCanvas(const KURL&) const; |
|
84 |
||
85 |
// Returns true for any non-local URL. If document parameter is supplied, |
|
86 |
// its local load policy dictates, otherwise if referrer is non-empty and |
|
87 |
// represents a local file, then the local load is allowed. |
|
88 |
static bool canLoad(const KURL&, const String& referrer, Document* document); |
|
89 |
||
90 |
// Returns true if this SecurityOrigin can load local resources, such |
|
91 |
// as images, iframes, and style sheets, and can link to local URLs. |
|
92 |
// For example, call this function before creating an iframe to a |
|
93 |
// file:// URL. |
|
94 |
// |
|
95 |
// Note: A SecurityOrigin might be allowed to load local resources |
|
96 |
// without being able to issue an XMLHttpRequest for a local URL. |
|
97 |
// To determine whether the SecurityOrigin can issue an |
|
98 |
// XMLHttpRequest for a URL, call canRequest(url). |
|
99 |
bool canLoadLocalResources() const { return m_canLoadLocalResources; } |
|
100 |
||
101 |
// Explicitly grant the ability to load local resources to this |
|
102 |
// SecurityOrigin. |
|
103 |
// |
|
104 |
// Note: This method exists only to support backwards compatibility |
|
105 |
// with older versions of WebKit. |
|
106 |
void grantLoadLocalResources(); |
|
107 |
||
108 |
// Explicitly grant the ability to access very other SecurityOrigin. |
|
109 |
// |
|
110 |
// WARNING: This is an extremely powerful ability. Use with caution! |
|
111 |
void grantUniversalAccess(); |
|
112 |
||
113 |
bool isSecureTransitionTo(const KURL&) const; |
|
114 |
||
115 |
// The local SecurityOrigin is the most privileged SecurityOrigin. |
|
116 |
// The local SecurityOrigin can script any document, navigate to local |
|
117 |
// resources, and can set arbitrary headers on XMLHttpRequests. |
|
118 |
bool isLocal() const; |
|
119 |
||
120 |
// The empty SecurityOrigin is the least privileged SecurityOrigin. |
|
121 |
bool isEmpty() const; |
|
122 |
||
123 |
// Convert this SecurityOrigin into a string. The string |
|
124 |
// representation of a SecurityOrigin is similar to a URL, except it |
|
125 |
// lacks a path component. The string representation does not encode |
|
126 |
// the value of the SecurityOrigin's domain property. The empty |
|
127 |
// SecurityOrigin is represented with the string "null". |
|
128 |
String toString() const; |
|
129 |
||
3
41300fa6a67c
Revision: 201003
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
0
diff
changeset
|
130 |
// Serialize the security origin to a string that could be used as part of |
41300fa6a67c
Revision: 201003
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
0
diff
changeset
|
131 |
// file names. This format should be used in storage APIs only. |
0 | 132 |
String databaseIdentifier() const; |
133 |
||
134 |
// This method checks for equality between SecurityOrigins, not whether |
|
135 |
// one origin can access another. It is used for hash table keys. |
|
136 |
// For access checks, use canAccess(). |
|
137 |
// FIXME: If this method is really only useful for hash table keys, it |
|
138 |
// should be refactored into SecurityOriginHash. |
|
139 |
bool equal(const SecurityOrigin*) const; |
|
140 |
||
141 |
// This method checks for equality, ignoring the value of document.domain |
|
142 |
// (and whether it was set) but considering the host. It is used for postMessage. |
|
143 |
bool isSameSchemeHostPort(const SecurityOrigin*) const; |
|
144 |
||
145 |
static void registerURLSchemeAsLocal(const String&); |
|
146 |
static void removeURLSchemeRegisteredAsLocal(const String&); |
|
147 |
static const URLSchemesMap& localURLSchemes(); |
|
148 |
static bool shouldTreatURLAsLocal(const String&); |
|
149 |
static bool shouldTreatURLSchemeAsLocal(const String&); |
|
150 |
||
151 |
static bool shouldHideReferrer(const KURL&, const String& referrer); |
|
152 |
||
153 |
enum LocalLoadPolicy { |
|
154 |
AllowLocalLoadsForAll, // No restriction on local loads. |
|
155 |
AllowLocalLoadsForLocalAndSubstituteData, |
|
156 |
AllowLocalLoadsForLocalOnly, |
|
157 |
}; |
|
158 |
static void setLocalLoadPolicy(LocalLoadPolicy); |
|
159 |
static bool restrictAccessToLocal(); |
|
160 |
static bool allowSubstituteDataAccessToLocal(); |
|
161 |
||
162 |
static void registerURLSchemeAsNoAccess(const String&); |
|
163 |
static bool shouldTreatURLSchemeAsNoAccess(const String&); |
|
164 |
||
165 |
static void whiteListAccessFromOrigin(const SecurityOrigin& sourceOrigin, const String& destinationProtocol, const String& destinationDomains, bool allowDestinationSubdomains); |
|
166 |
static void resetOriginAccessWhiteLists(); |
|
167 |
||
168 |
static bool isDefaultPortForProtocol(unsigned short port, const String& protocol); |
|
169 |
||
170 |
private: |
|
171 |
explicit SecurityOrigin(const KURL&); |
|
172 |
explicit SecurityOrigin(const SecurityOrigin*); |
|
173 |
||
174 |
String m_protocol; |
|
175 |
String m_host; |
|
176 |
String m_domain; |
|
177 |
unsigned short m_port; |
|
178 |
bool m_noAccess; |
|
179 |
bool m_universalAccess; |
|
180 |
bool m_domainWasSetInDOM; |
|
181 |
bool m_canLoadLocalResources; |
|
182 |
}; |
|
183 |
||
184 |
} // namespace WebCore |
|
185 |
||
186 |
#endif // SecurityOrigin_h |