Gitiles
Code Review Sign In
gerrit-public.fairphone.software / fp2-dev / platform / external / chromium_org / third_party / WebKit / 3c9e4aeaee9f9b0a9a814da07bcb33319c7ea363 / . / Source / core / dom / SecurityContext.cpp
blob: f1375e0a2557ac7290d658afd6d31d8c8a66c2aa [file] [log] [blame]
Torne (Richard Coles)53e740f2013-05-09 18:38:43 +0100[diff] [blame]1/*
2 * Copyright (C) 2011 Google Inc. All Rights Reserved.
3 *
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions
6 * are met:
7 * 1. Redistributions of source code must retain the above copyright
8 * notice, this list of conditions and the following disclaimer.
9 * 2. Redistributions in binary form must reproduce the above copyright
10 * notice, this list of conditions and the following disclaimer in the
11 * documentation and/or other materials provided with the distribution.
12 *
13 * THIS SOFTWARE IS PROVIDED BY GOOGLE, INC. ``AS IS'' AND ANY
14 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
15 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
16 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE COMPUTER, INC. OR
17 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
18 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
19 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
20 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
21 * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
22 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
23 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
24 *
25 */
26
27#include "config.h"
28#include "core/dom/SecurityContext.h"
29
Torne (Richard Coles)53e740f2013-05-09 18:38:43 +0100[diff] [blame]30#include "core/html/parser/HTMLParserIdioms.h"
31#include "core/page/ContentSecurityPolicy.h"
Torne (Richard Coles)e5249552013-05-15 11:35:13 +0100[diff] [blame]32#include "weborigin/SecurityOrigin.h"
Ben Murdoche69819b2013-07-17 14:56:49 +0100[diff] [blame]33#include "wtf/text/StringBuilder.h"
Torne (Richard Coles)53e740f2013-05-09 18:38:43 +0100[diff] [blame]34
35namespace WebCore {
36
37SecurityContext::SecurityContext()
38 : m_mayDisplaySeamlesslyWithParent(false)
39 , m_haveInitializedSecurityOrigin(false)
40 , m_sandboxFlags(SandboxNone)
41{
42}
43
44SecurityContext::~SecurityContext()
45{
46}
47
48void SecurityContext::setSecurityOrigin(PassRefPtr<SecurityOrigin> securityOrigin)
49{
50 m_securityOrigin = securityOrigin;
51 m_haveInitializedSecurityOrigin = true;
52}
53
54void SecurityContext::setContentSecurityPolicy(PassOwnPtr<ContentSecurityPolicy> contentSecurityPolicy)
55{
56 m_contentSecurityPolicy = contentSecurityPolicy;
57}
58
59bool SecurityContext::isSecureTransitionTo(const KURL& url) const
60{
61 // If we haven't initialized our security origin by now, this is probably
62 // a new window created via the API (i.e., that lacks an origin and lacks
63 // a place to inherit the origin from).
64 if (!haveInitializedSecurityOrigin())
65 return true;
66
67 RefPtr<SecurityOrigin> other = SecurityOrigin::create(url);
68 return securityOrigin()->canAccess(other.get());
69}
70
71void SecurityContext::enforceSandboxFlags(SandboxFlags mask)
72{
73 m_sandboxFlags |= mask;
74
75 // The SandboxOrigin is stored redundantly in the security origin.
76 if (isSandboxed(SandboxOrigin) && securityOrigin() && !securityOrigin()->isUnique()) {
77 setSecurityOrigin(SecurityOrigin::createUnique());
78 didUpdateSecurityOrigin();
79 }
80}
81
82void SecurityContext::didUpdateSecurityOrigin()
83{
84 // Subclasses can override this function if the need to do extra work when the security origin changes.
85}
86
87SandboxFlags SecurityContext::parseSandboxPolicy(const String& policy, String& invalidTokensErrorMessage)
88{
89 // http://www.w3.org/TR/html5/the-iframe-element.html#attr-iframe-sandbox
90 // Parse the unordered set of unique space-separated tokens.
91 SandboxFlags flags = SandboxAll;
Torne (Richard Coles)53e740f2013-05-09 18:38:43 +0100[diff] [blame]92 unsigned length = policy.length();
93 unsigned start = 0;
94 unsigned numberOfTokenErrors = 0;
95 StringBuilder tokenErrors;
96 while (true) {
Ben Murdoch591b9582013-07-10 11:41:44 +0100[diff] [blame]97 while (start < length && isHTMLSpace(policy[start]))
Torne (Richard Coles)53e740f2013-05-09 18:38:43 +0100[diff] [blame]98 ++start;
99 if (start >= length)
100 break;
101 unsigned end = start + 1;
Ben Murdoch591b9582013-07-10 11:41:44 +0100[diff] [blame]102 while (end < length && !isHTMLSpace(policy[end]))
Torne (Richard Coles)53e740f2013-05-09 18:38:43 +0100[diff] [blame]103 ++end;
104
105 // Turn off the corresponding sandbox flag if it's set as "allowed".
106 String sandboxToken = policy.substring(start, end - start);
107 if (equalIgnoringCase(sandboxToken, "allow-same-origin"))
108 flags &= ~SandboxOrigin;
109 else if (equalIgnoringCase(sandboxToken, "allow-forms"))
110 flags &= ~SandboxForms;
111 else if (equalIgnoringCase(sandboxToken, "allow-scripts")) {
112 flags &= ~SandboxScripts;
113 flags &= ~SandboxAutomaticFeatures;
114 } else if (equalIgnoringCase(sandboxToken, "allow-top-navigation"))
115 flags &= ~SandboxTopNavigation;
116 else if (equalIgnoringCase(sandboxToken, "allow-popups"))
117 flags &= ~SandboxPopups;
118 else if (equalIgnoringCase(sandboxToken, "allow-pointer-lock"))
119 flags &= ~SandboxPointerLock;
120 else {
121 if (numberOfTokenErrors)
122 tokenErrors.appendLiteral(", '");
123 else
124 tokenErrors.append('\'');
125 tokenErrors.append(sandboxToken);
126 tokenErrors.append('\'');
127 numberOfTokenErrors++;
128 }
129
130 start = end + 1;
131 }
132
133 if (numberOfTokenErrors) {
134 if (numberOfTokenErrors > 1)
135 tokenErrors.appendLiteral(" are invalid sandbox flags.");
136 else
137 tokenErrors.appendLiteral(" is an invalid sandbox flag.");
138 invalidTokensErrorMessage = tokenErrors.toString();
139 }
140
141 return flags;
142}
143
Torne (Richard Coles)53e740f2013-05-09 18:38:43 +0100[diff] [blame]144}