Allow blocking of Web SQL databases in third-party documents
https://bugs.webkit.org/show_bug.cgi?id=94057
Reviewed by Adam Barth.
Source/WebCore:
Add a check for pages in third-party pages to allow third-party storage blocking of Web SQL databases.
Tests: http/tests/security/cross-origin-websql-allowed.html
http/tests/security/cross-origin-websql.html
* Modules/webdatabase/DOMWindowWebDatabase.cpp:
(WebCore::DOMWindowWebDatabase::openDatabase): Pass top origin to canAccessDatabase
* page/SecurityOrigin.cpp:
(WebCore::SecurityOrigin::canAccessStorage): Common method for various types of storage that use the same criteria
* page/SecurityOrigin.h:
(WebCore::SecurityOrigin::canAccessDatabase): Use canAccessStorage
(WebCore::SecurityOrigin::canAccessLocalStorage): Change to using canAccessStorage
(SecurityOrigin):
LayoutTests:
Created tests for accessing openDatabase from a third party and first party context when third-party blocking is on and off.
* http/tests/security/cross-origin-websql-allowed-expected.txt: Added.
* http/tests/security/cross-origin-websql-allowed.html: Added.
* http/tests/security/cross-origin-websql-expected.txt: Added.
* http/tests/security/cross-origin-websql.html: Added.
* http/tests/security/resources/cross-origin-iframe-for-websql.html: Added.
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@125736 268f45cc-cd09-0410-ab3c-d52691b4dbfc
10 files changed
