2010-03-29 Chris Evans <cevans@chromium.org>
Reviewed by Adam Barth.
* fast/xmlhttprequest/xmlhttprequest-no-file-access.html:
Check that an isolated file:// origin can access about:blank iframes
that it created itself.
2010-03-29 Chris Evans <cevans@chromium.org>
Reviewed by Adam Barth.
Don't use unique domains for file:// separation: it breaks local
databases, and access to your own same-origin iframes. Instead, use
path-based access checks.
https://bugs.webkit.org/show_bug.cgi?id=36692
Test: fast/xmlhttprequest/xmlhttprequest-no-file-access.html
* dom/Document.cpp:
(WebCore::Document::initSecurityContext): renamed API.
* page/SecurityOrigin.h:
* page/SecurityOrigin.cpp:
(WebCore::SecurityOrigin::SecurityOrigin):
Initialize new flag. Take note of file:// path.
Copy new fields in copy constructor.
(WebCore::SecurityOrigin::canAccess):
Take into account path-based origin separation for file://
(WebCore::SecurityOrigin::enforceFilePathSeparation):
New method to enable file:// path origin separation.
(WebCore::SecurityOrigin::toString):
Return a null domain for an isolated file origin.
(WebCore::SecurityOrigin::isSameSchemeHostPort):
Take into account path-based origin separation for file://
(WebCore::SecurityOrigin::passesFileCheck):
Abstraction of common logic for file:// access checks.
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@56757 268f45cc-cd09-0410-ab3c-d52691b4dbfc
6 files changed
