Title: [147526] trunk/Source/WebCore
- Revision
- 147526
- Author
- [email protected]
- Date
- 2013-04-03 01:31:07 -0700 (Wed, 03 Apr 2013)
Log Message
Extract URL that doesn't inherit a parent's SecurityOrigin out into a constant.
https://bugs.webkit.org/show_bug.cgi?id=113780
Reviewed by Jochen Eisinger.
We're scheduling navigations to 'data:text/html,' in XSSAuditor in
order to end up on a page that doesn't inherit its parent's
SecurityOrigin. We'll be reusing this mechainsm to solve
http://wkbug.com/112903
This patch makes us more explicit about what we're doing and why.
It doesn't change any behavior: XSSAuditor tests should still pass.
* html/parser/XSSAuditorDelegate.cpp:
(WebCore::XSSAuditorDelegate::didBlockScript):
Use SecurityOrigin::urlWithUniqueSecurityOrigin rather than a
literal string to make our intentions clear.
* page/SecurityOrigin.cpp:
(WebCore::SecurityOrigin::urlWithUniqueSecurityOrigin):
* page/SecurityOrigin.h:
Add the new static method.
Modified Paths
Diff
Modified: trunk/Source/WebCore/ChangeLog (147525 => 147526)
--- trunk/Source/WebCore/ChangeLog 2013-04-03 08:21:49 UTC (rev 147525)
+++ trunk/Source/WebCore/ChangeLog 2013-04-03 08:31:07 UTC (rev 147526)
@@ -1,3 +1,27 @@
+2013-04-03 Mike West <[email protected]>
+
+ Extract URL that doesn't inherit a parent's SecurityOrigin out into a constant.
+ https://bugs.webkit.org/show_bug.cgi?id=113780
+
+ Reviewed by Jochen Eisinger.
+
+ We're scheduling navigations to 'data:text/html,' in XSSAuditor in
+ order to end up on a page that doesn't inherit its parent's
+ SecurityOrigin. We'll be reusing this mechainsm to solve
+ http://wkbug.com/112903
+
+ This patch makes us more explicit about what we're doing and why.
+ It doesn't change any behavior: XSSAuditor tests should still pass.
+
+ * html/parser/XSSAuditorDelegate.cpp:
+ (WebCore::XSSAuditorDelegate::didBlockScript):
+ Use SecurityOrigin::urlWithUniqueSecurityOrigin rather than a
+ literal string to make our intentions clear.
+ * page/SecurityOrigin.cpp:
+ (WebCore::SecurityOrigin::urlWithUniqueSecurityOrigin):
+ * page/SecurityOrigin.h:
+ Add the new static method.
+
2013-04-02 Chris Fleizach <[email protected]>
clean up static casts in WebAccessibilityObjectWrapperMac.mm to methods like toAccessibilityList()
Modified: trunk/Source/WebCore/html/parser/XSSAuditorDelegate.cpp (147525 => 147526)
--- trunk/Source/WebCore/html/parser/XSSAuditorDelegate.cpp 2013-04-03 08:21:49 UTC (rev 147525)
+++ trunk/Source/WebCore/html/parser/XSSAuditorDelegate.cpp 2013-04-03 08:31:07 UTC (rev 147526)
@@ -111,7 +111,7 @@
}
if (xssInfo.m_didBlockEntirePage)
- m_document->frame()->navigationScheduler()->scheduleLocationChange(m_document->securityOrigin(), String("data:text/html,<p></p>"), blankURL());
+ m_document->frame()->navigationScheduler()->scheduleLocationChange(m_document->securityOrigin(), SecurityOrigin::urlWithUniqueSecurityOrigin(), String());
}
} // namespace WebCore
Modified: trunk/Source/WebCore/page/SecurityOrigin.cpp (147525 => 147526)
--- trunk/Source/WebCore/page/SecurityOrigin.cpp 2013-04-03 08:21:49 UTC (rev 147525)
+++ trunk/Source/WebCore/page/SecurityOrigin.cpp 2013-04-03 08:31:07 UTC (rev 147526)
@@ -592,4 +592,11 @@
return true;
}
+String SecurityOrigin::urlWithUniqueSecurityOrigin()
+{
+ ASSERT(isMainThread());
+ DEFINE_STATIC_LOCAL(const String, uniqueSecurityOriginURL, (ASCIILiteral("data:,")));
+ return uniqueSecurityOriginURL;
+}
+
} // namespace WebCore
Modified: trunk/Source/WebCore/page/SecurityOrigin.h (147525 => 147526)
--- trunk/Source/WebCore/page/SecurityOrigin.h 2013-04-03 08:21:49 UTC (rev 147525)
+++ trunk/Source/WebCore/page/SecurityOrigin.h 2013-04-03 08:31:07 UTC (rev 147526)
@@ -210,6 +210,8 @@
// (and whether it was set) but considering the host. It is used for postMessage.
bool isSameSchemeHostPort(const SecurityOrigin*) const;
+ static String urlWithUniqueSecurityOrigin();
+
private:
SecurityOrigin();
explicit SecurityOrigin(const KURL&);
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
