Skip to site navigation (Press enter)

[webkit-changes] [87459] trunk

koz Thu, 26 May 2011 18:17:05 -0700

Title: [87459] trunk

Revision: 87459
Author: [email protected]
Date: 2011-05-26 18:16:57 -0700 (Thu, 26 May 2011)

Log Message

2011-05-26  James Kozianski  <[email protected]>

        Reviewed by Eric Seidel.


        Implement a whitelist for registerProtocolHandler.

        Described in the thread here
        http://lists.whatwg.org/htdig.cgi/whatwg-whatwg.org/2011-April/031220.html

        https://bugs.webkit.org/show_bug.cgi?id=60322

        * fast/dom/register-protocol-handler.html:
2011-05-26  James Kozianski  <[email protected]>

        Reviewed by Eric Seidel.

        Implement a whitelist for registerProtocolHandler
        https://bugs.webkit.org/show_bug.cgi?id=60322

        * page/Navigator.cpp:
        (WebCore::initProtocolHandlerWhitelist):
        (WebCore::isProtocolWhitelisted):
        (WebCore::verifyProtocolHandlerScheme):

Modified Paths

trunk/LayoutTests/ChangeLog
trunk/LayoutTests/fast/dom/register-protocol-handler.html
trunk/Source/WebCore/ChangeLog
trunk/Source/WebCore/page/Navigator.cpp

Diff

Modified: trunk/LayoutTests/ChangeLog (87458 => 87459)


--- trunk/LayoutTests/ChangeLog	2011-05-27 01:12:21 UTC (rev 87458)
+++ trunk/LayoutTests/ChangeLog	2011-05-27 01:16:57 UTC (rev 87459)
@@ -1,3 +1,16 @@
+2011-05-26  James Kozianski  <[email protected]>
+
+        Reviewed by Eric Seidel.
+
+        Implement a whitelist for registerProtocolHandler.
+
+        Described in the thread here
+        http://lists.whatwg.org/htdig.cgi/whatwg-whatwg.org/2011-April/031220.html
+
+        https://bugs.webkit.org/show_bug.cgi?id=60322
+
+        * fast/dom/register-protocol-handler.html:
+
 2011-05-26  Adam Klein  <[email protected]>
 
         Unreviewed. Remove some passing tests from the test expectations.

Modified: trunk/LayoutTests/fast/dom/register-protocol-handler.html (87458 => 87459)


--- trunk/LayoutTests/fast/dom/register-protocol-handler.html	2011-05-27 01:12:21 UTC (rev 87458)
+++ trunk/LayoutTests/fast/dom/register-protocol-handler.html	2011-05-27 01:16:57 UTC (rev 87459)
@@ -36,7 +36,7 @@
 invalid_urls.forEach(function (url) {
    var succeeded = false;
    try {
-        window.navigator.registerProtocolHandler('myprotocol', url, 'title');
+        window.navigator.registerProtocolHandler('web+myprotocol', url, 'title');
     } catch (e) {
         succeeded = 'SYNTAX_ERR' == e.name;
     }
@@ -50,7 +50,7 @@
 // Test that the API has default no-op implementation.
 var succeeded = true;
 try {
-    window.navigator.registerProtocolHandler('myprotocol', "%s", "title");
+    window.navigator.registerProtocolHandler('web+myprotocol', "%s", "title");
 } catch (e) {
     succeeded = false;
 }

Modified: trunk/Source/WebCore/ChangeLog (87458 => 87459)


--- trunk/Source/WebCore/ChangeLog	2011-05-27 01:12:21 UTC (rev 87458)
+++ trunk/Source/WebCore/ChangeLog	2011-05-27 01:16:57 UTC (rev 87459)
@@ -1,3 +1,15 @@
+2011-05-26  James Kozianski  <[email protected]>
+
+        Reviewed by Eric Seidel.
+
+        Implement a whitelist for registerProtocolHandler
+        https://bugs.webkit.org/show_bug.cgi?id=60322
+
+        * page/Navigator.cpp:
+        (WebCore::initProtocolHandlerWhitelist):
+        (WebCore::isProtocolWhitelisted):
+        (WebCore::verifyProtocolHandlerScheme):
+
 2011-05-26  Annie Sullivan  <[email protected]>
 
         Reviewed by Ryosuke Niwa.

Modified: trunk/Source/WebCore/page/Navigator.cpp (87458 => 87459)


--- trunk/Source/WebCore/page/Navigator.cpp	2011-05-27 01:12:21 UTC (rev 87458)
+++ trunk/Source/WebCore/page/Navigator.cpp	2011-05-27 01:16:57 UTC (rev 87459)
@@ -44,6 +44,7 @@
 #include "PluginData.h"
 #include "Settings.h"
 #include "StorageNamespace.h"
+#include <wtf/HashSet.h>
 #include <wtf/StdLibExtras.h>
 
 namespace WebCore {
@@ -183,6 +184,22 @@
 #endif
 
 #if ENABLE(REGISTER_PROTOCOL_HANDLER)
+static HashSet<String>* protocolWhitelist;
+
+static void initProtocolHandlerWhitelist()
+{
+    protocolWhitelist = new HashSet<String>;
+    static const char* protocols[] = {
+        "mailto",
+        "mms",
+        "nntp",
+        "rtsp",
+        "webcal",
+    };
+    for (size_t i = 0; i < WTF_ARRAY_LENGTH(protocols); ++i)
+        protocolWhitelist->add(protocols[i]);
+}
+
 static bool verifyCustomHandlerURL(const String& baseURL, const String& url, ExceptionCode& ec)
 {
     // The specification requires that it is a SYNTAX_ERR if the "%s" token is
@@ -210,14 +227,26 @@
     return true;
 }
 
+static bool isProtocolWhitelisted(const String& scheme)
+{
+    if (!protocolWhitelist)
+        initProtocolHandlerWhitelist();
+    return protocolWhitelist->contains(scheme);
+}
+
 static bool verifyProtocolHandlerScheme(const String& scheme, ExceptionCode& ec)
 {
-    // It is a SECURITY_ERR for these schemes to be handled by a custom handler.
-    if (equalIgnoringCase(scheme, "http") || equalIgnoringCase(scheme, "https") || equalIgnoringCase(scheme, "file")) {
+    if (scheme.startsWith("web+")) {
+        if (isValidProtocol(scheme))
+            return true;
         ec = SECURITY_ERR;
         return false;
     }
-    return true;
+
+    if (isProtocolWhitelisted(scheme))
+        return true;
+    ec = SECURITY_ERR;
+    return false;
 }
 
 void Navigator::registerProtocolHandler(const String& scheme, const String& url, const String& title, ExceptionCode& ec)

_______________________________________________
webkit-changes mailing list
[email protected]
http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes