2010-07-21 Brady Eidson <beidson@apple.com>
authorbeidson@apple.com <beidson@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 21 Jul 2010 23:19:55 +0000 (23:19 +0000)
committerbeidson@apple.com <beidson@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 21 Jul 2010 23:19:55 +0000 (23:19 +0000)
        Reviewed by Geoffrey Garen.

        Break out "scheme registration" functionality from SecurityOrigin to a SchemeRegistry
        https://bugs.webkit.org/show_bug.cgi?id=42783

        * src/WebSecurityPolicy.cpp:
        (WebKit::WebSecurityPolicy::registerURLSchemeAsLocal):
        (WebKit::WebSecurityPolicy::registerURLSchemeAsNoAccess):
        (WebKit::WebSecurityPolicy::registerURLSchemeAsSecure):
2010-07-21  Brady Eidson  <beidson@apple.com>

        Reviewed by Geoffrey Garen.

        Break out "scheme registration" functionality from SecurityOrigin to a SchemeRegistry
        https://bugs.webkit.org/show_bug.cgi?id=42783

        * Api/qwebpage.cpp:
        (QWebPage::acceptNavigationRequest):
        * Api/qwebsecurityorigin.cpp:
        (QWebSecurityOrigin::addLocalScheme):
        (QWebSecurityOrigin::removeLocalScheme):
        (QWebSecurityOrigin::localSchemes):
2010-07-21  Brady Eidson  <beidson@apple.com>

        Reviewed by Geoffrey Garen.

        Break out "scheme registration" functionality from SecurityOrigin to a SchemeRegistry
        https://bugs.webkit.org/show_bug.cgi?id=42783

        * WebView.cpp:
        (WebView::registerURLSchemeAsLocal):
        (WebView::registerURLSchemeAsSecure):
2010-07-21  Brady Eidson  <beidson@apple.com>

        Reviewed by Geoffrey Garen.

        Break out "scheme registration" functionality from SecurityOrigin to a SchemeRegistry
        https://bugs.webkit.org/show_bug.cgi?id=42783

        * WebView/WebView.mm:
        (+[WebView _registerURLSchemeAsSecure:]):
        (+[WebView registerURLSchemeAsLocal:]):
2010-07-21  Brady Eidson  <beidson@apple.com>

        Reviewed by Geoffrey Garen.

        Break out "scheme registration" functionality from SecurityOrigin to a SchemeRegistry
        https://bugs.webkit.org/show_bug.cgi?id=42783

        No new tests. (No change in behavior)

        * GNUmakefile.am:
        * WebCore.exp.in:
        * WebCore.gypi:
        * WebCore.pro:
        * WebCore.vcproj/WebCore.vcproj:
        * WebCore.xcodeproj/project.pbxproj:

        * loader/FrameLoader.cpp:
        (WebCore::FrameLoader::isMixedContent):
        (WebCore::FrameLoader::loadFrameRequest):

        * page/SecurityOrigin.cpp:
        (WebCore::SecurityOrigin::SecurityOrigin):
        (WebCore::SecurityOrigin::canLoad):
        (WebCore::SecurityOrigin::isLocal):
        * page/SecurityOrigin.h:

        * platform/SchemeRegistry.cpp: Added.
        (WebCore::localSchemes):
        (WebCore::secureSchemes):
        (WebCore::schemesWithUniqueOrigins):
        (WebCore::SchemeRegistry::registerURLSchemeAsLocal):
        (WebCore::SchemeRegistry::removeURLSchemeRegisteredAsLocal):
        (WebCore::SchemeRegistry::localURLSchemes):
        (WebCore::SchemeRegistry::shouldTreatURLAsLocal):
        (WebCore::SchemeRegistry::shouldTreatURLSchemeAsLocal):
        (WebCore::SchemeRegistry::registerURLSchemeAsNoAccess):
        (WebCore::SchemeRegistry::shouldTreatURLSchemeAsNoAccess):
        (WebCore::SchemeRegistry::registerURLSchemeAsSecure):
        (WebCore::SchemeRegistry::shouldTreatURLSchemeAsSecure):
        * platform/SchemeRegistry.h: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@63863 268f45cc-cd09-0410-ab3c-d52691b4dbfc

21 files changed:
WebCore/ChangeLog
WebCore/GNUmakefile.am
WebCore/WebCore.exp.in
WebCore/WebCore.gypi
WebCore/WebCore.pro
WebCore/WebCore.vcproj/WebCore.vcproj
WebCore/WebCore.xcodeproj/project.pbxproj
WebCore/loader/FrameLoader.cpp
WebCore/page/SecurityOrigin.cpp
WebCore/page/SecurityOrigin.h
WebCore/platform/SchemeRegistry.cpp [new file with mode: 0644]
WebCore/platform/SchemeRegistry.h [new file with mode: 0644]
WebKit/chromium/ChangeLog
WebKit/chromium/src/WebSecurityPolicy.cpp
WebKit/mac/ChangeLog
WebKit/mac/WebView/WebView.mm
WebKit/qt/Api/qwebpage.cpp
WebKit/qt/Api/qwebsecurityorigin.cpp
WebKit/qt/ChangeLog
WebKit/win/ChangeLog
WebKit/win/WebView.cpp

index bf9f06c..c968618 100644 (file)
@@ -1,3 +1,44 @@
+2010-07-21  Brady Eidson  <beidson@apple.com>
+
+        Reviewed by Geoffrey Garen.
+
+        Break out "scheme registration" functionality from SecurityOrigin to a SchemeRegistry
+        https://bugs.webkit.org/show_bug.cgi?id=42783
+
+        No new tests. (No change in behavior)
+
+        * GNUmakefile.am:
+        * WebCore.exp.in:
+        * WebCore.gypi:
+        * WebCore.pro:
+        * WebCore.vcproj/WebCore.vcproj:
+        * WebCore.xcodeproj/project.pbxproj:
+        
+        * loader/FrameLoader.cpp:
+        (WebCore::FrameLoader::isMixedContent):
+        (WebCore::FrameLoader::loadFrameRequest):
+        
+        * page/SecurityOrigin.cpp:
+        (WebCore::SecurityOrigin::SecurityOrigin):
+        (WebCore::SecurityOrigin::canLoad):
+        (WebCore::SecurityOrigin::isLocal):
+        * page/SecurityOrigin.h:
+        
+        * platform/SchemeRegistry.cpp: Added.
+        (WebCore::localSchemes):
+        (WebCore::secureSchemes):
+        (WebCore::schemesWithUniqueOrigins):
+        (WebCore::SchemeRegistry::registerURLSchemeAsLocal):
+        (WebCore::SchemeRegistry::removeURLSchemeRegisteredAsLocal):
+        (WebCore::SchemeRegistry::localURLSchemes):
+        (WebCore::SchemeRegistry::shouldTreatURLAsLocal):
+        (WebCore::SchemeRegistry::shouldTreatURLSchemeAsLocal):
+        (WebCore::SchemeRegistry::registerURLSchemeAsNoAccess):
+        (WebCore::SchemeRegistry::shouldTreatURLSchemeAsNoAccess):
+        (WebCore::SchemeRegistry::registerURLSchemeAsSecure):
+        (WebCore::SchemeRegistry::shouldTreatURLSchemeAsSecure):
+        * platform/SchemeRegistry.h: Added.
+
 2010-07-21  Chris Marrin  <cmarrin@apple.com>
 
         Reviewed by Simon Fraser.
index 2aac9a1..f47c3e6 100644 (file)
@@ -1915,6 +1915,8 @@ webcore_sources += \
        WebCore/platform/ScrollTypes.h \
        WebCore/platform/ScrollView.cpp \
        WebCore/platform/ScrollView.h \
+       WebCore/platform/SchemeRegistry.cpp \
+       WebCore/platform/SchemeRegistry.h \
        WebCore/platform/Scrollbar.cpp \
        WebCore/platform/Scrollbar.h \
        WebCore/platform/ScrollbarClient.h \
index cf66285..a8c0a49 100644 (file)
@@ -310,11 +310,11 @@ __ZN7WebCore14ResourceHandle20forceContentSniffingEv
 __ZN7WebCore14ResourceLoader14cancelledErrorEv
 __ZN7WebCore14ResourceLoader19setShouldBufferDataEb
 __ZN7WebCore14SVGSMILElement13isSMILElementEPNS_4NodeE
+__ZN7WebCore14SchemeRegistry25registerURLSchemeAsSecureERKNS_6StringE
+__ZN7WebCore14SchemeRegistry24registerURLSchemeAsLocalERKNS_6StringE
 __ZN7WebCore14SecurityOrigin16createFromStringERKNS_6StringE
 __ZN7WebCore14SecurityOrigin18setLocalLoadPolicyENS0_15LocalLoadPolicyE
 __ZN7WebCore14SecurityOrigin18shouldHideReferrerERKNS_4KURLERKNS_6StringE
-__ZN7WebCore14SecurityOrigin24registerURLSchemeAsLocalERKNS_6StringE
-__ZN7WebCore14SecurityOrigin25registerURLSchemeAsSecureERKNS_6StringE
 __ZN7WebCore14SecurityOrigin27resetOriginAccessWhitelistsEv
 __ZN7WebCore14SecurityOrigin29addOriginAccessWhitelistEntryERKS0_RKNS_6StringES5_b
 __ZN7WebCore14SecurityOrigin32removeOriginAccessWhitelistEntryERKS0_RKNS_6StringES5_b
index 7aa5d60..04b37f4 100644 (file)
             'platform/ScrollTypes.h',
             'platform/ScrollView.cpp',
             'platform/ScrollView.h',
+            'platform/SchemeRegistry.cpp',
+            'platform/SchemeRegistry.h',
             'platform/Scrollbar.cpp',
             'platform/Scrollbar.h',
             'platform/ScrollbarClient.h',
index 8ed7157..49c67b9 100644 (file)
@@ -925,6 +925,7 @@ SOURCES += \
     platform/network/ResourceRequestBase.cpp \
     platform/network/ResourceResponseBase.cpp \
     platform/text/RegularExpression.cpp \
+    platform/SchemeRegistry.cpp \
     platform/Scrollbar.cpp \
     platform/ScrollbarThemeComposite.cpp \
     platform/ScrollView.cpp \
index 00c718f..e96b7be 100644 (file)
                                >\r
                        </File>\r
                        <File\r
+                               RelativePath="..\platform\SchemeRegistry.cpp"\r
+                               >\r
+                       </File>\r
+                       <File\r
+                               RelativePath="..\platform\SchemeRegistry.h"\r
+                               >\r
+                       </File>\r
+                       <File\r
                                RelativePath="..\platform\Scrollbar.cpp"\r
                                >\r
                        </File>\r
index af1949f..3110d76 100644 (file)
                5160300B0CC4251200C8AC25 /* FileSystemPOSIX.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 5160300A0CC4251200C8AC25 /* FileSystemPOSIX.cpp */; };
                5160306C0CC4362300C8AC25 /* FileSystemCF.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 5160306B0CC4362300C8AC25 /* FileSystemCF.cpp */; };
                5160F4980B0AA75F00C1D2AF /* HistoryItemMac.mm in Sources */ = {isa = PBXBuildFile; fileRef = 5160F4970B0AA75F00C1D2AF /* HistoryItemMac.mm */; };
+               5162C7F411F77EFB00612EFE /* SchemeRegistry.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 5162C7F211F77EFA00612EFE /* SchemeRegistry.cpp */; };
+               5162C7F511F77EFB00612EFE /* SchemeRegistry.h in Headers */ = {isa = PBXBuildFile; fileRef = 5162C7F311F77EFB00612EFE /* SchemeRegistry.h */; settings = {ATTRIBUTES = (Private, ); }; };
                516BB7940CE91E6800512F79 /* JSTreeWalkerCustom.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 516BB7920CE91E6800512F79 /* JSTreeWalkerCustom.cpp */; };
                51721FBB11D2790700638B42 /* BeforeProcessEvent.h in Headers */ = {isa = PBXBuildFile; fileRef = 51721FB911D2790700638B42 /* BeforeProcessEvent.h */; };
                51721FD211D27EF200638B42 /* JSBeforeProcessEvent.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 51721FD011D27EF200638B42 /* JSBeforeProcessEvent.cpp */; };
                5160300A0CC4251200C8AC25 /* FileSystemPOSIX.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = FileSystemPOSIX.cpp; sourceTree = "<group>"; };
                5160306B0CC4362300C8AC25 /* FileSystemCF.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = FileSystemCF.cpp; sourceTree = "<group>"; };
                5160F4970B0AA75F00C1D2AF /* HistoryItemMac.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; name = HistoryItemMac.mm; path = mac/HistoryItemMac.mm; sourceTree = "<group>"; };
+               5162C7F211F77EFA00612EFE /* SchemeRegistry.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = SchemeRegistry.cpp; sourceTree = "<group>"; };
+               5162C7F311F77EFB00612EFE /* SchemeRegistry.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SchemeRegistry.h; sourceTree = "<group>"; };
                516BB7920CE91E6800512F79 /* JSTreeWalkerCustom.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = JSTreeWalkerCustom.cpp; sourceTree = "<group>"; };
                51721FB911D2790700638B42 /* BeforeProcessEvent.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = BeforeProcessEvent.h; sourceTree = "<group>"; };
                51721FBA11D2790700638B42 /* BeforeProcessEvent.idl */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text; path = BeforeProcessEvent.idl; sourceTree = "<group>"; };
                                BC3BE12A0E98092F00835588 /* PopupMenuStyle.h */,
                                E4D687780ED7AE4F006EA978 /* PurgeableBuffer.h */,
                                1C63A2460F71646600C09D5A /* RunLoopTimer.h */,
+                               5162C7F211F77EFA00612EFE /* SchemeRegistry.cpp */,
+                               5162C7F311F77EFB00612EFE /* SchemeRegistry.h */,
                                BC7B2AF80450824100A8000F /* Scrollbar.h */,
                                BC9BC64D0E7C4889008B9849 /* ScrollbarClient.h */,
                                BC8B854A0E7C7F5600AB6984 /* ScrollbarTheme.h */,
                                97DD4D870FDF4D6E00ECF9A4 /* XSSAuditor.h in Headers */,
                                CE172E011136E8CE0062A533 /* ZoomMode.h in Headers */,
                                8C6EA61A11EF7E0400FD8EE3 /* RuntimeEnabledFeatures.h in Headers */,
+                               5162C7F511F77EFB00612EFE /* SchemeRegistry.h in Headers */,
                        );
                        runOnlyForDeploymentPostprocessing = 0;
                };
                                E1BE512D0CF6C512002EA959 /* XSLTUnicodeSort.cpp in Sources */,
                                97DD4D860FDF4D6E00ECF9A4 /* XSSAuditor.cpp in Sources */,
                                8C6EA61911EF7E0400FD8EE3 /* RuntimeEnabledFeatures.cpp in Sources */,
+                               5162C7F411F77EFB00612EFE /* SchemeRegistry.cpp in Sources */,
                        );
                        runOnlyForDeploymentPostprocessing = 0;
                };
index 4d50ec0..efda6af 100644 (file)
@@ -85,6 +85,7 @@
 #include "ProgressTracker.h"
 #include "ResourceHandle.h"
 #include "ResourceRequest.h"
+#include "SchemeRegistry.h"
 #include "ScriptController.h"
 #include "ScriptSourceCode.h"
 #include "ScriptString.h"
@@ -1058,7 +1059,7 @@ bool FrameLoader::isMixedContent(SecurityOrigin* context, const KURL& url)
     if (context->protocol() != "https")
         return false;  // We only care about HTTPS security origins.
 
-    if (!url.isValid() || SecurityOrigin::shouldTreatURLSchemeAsSecure(url.protocol()))
+    if (!url.isValid() || SchemeRegistry::shouldTreatURLSchemeAsSecure(url.protocol()))
         return false;  // Loading these protocols is secure.
 
     return true;
@@ -1320,7 +1321,7 @@ void FrameLoader::loadFrameRequest(const FrameLoadRequest& request, bool lockHis
         referrer = m_outgoingReferrer;
 
     ASSERT(frame()->document());
-    if (SecurityOrigin::shouldTreatURLAsLocal(url.string()) && !isFeedWithNestedProtocolInHTTPFamily(url)) {
+    if (SchemeRegistry::shouldTreatURLAsLocal(url.string()) && !isFeedWithNestedProtocolInHTTPFamily(url)) {
         if (!SecurityOrigin::canLoad(url, String(), frame()->document()) && !SecurityOrigin::canLoad(url, referrer, 0)) {
             FrameLoader::reportLocalLoadFailed(m_frame, url.string());
             return;
index aab8866..87b3ed2 100644 (file)
@@ -32,6 +32,7 @@
 #include "Document.h"
 #include "KURL.h"
 #include "OriginAccessEntry.h"
+#include "SchemeRegistry.h"
 #include <wtf/StdLibExtras.h>
 
 namespace WebCore {
@@ -47,48 +48,6 @@ static OriginAccessMap& originAccessMap()
     return originAccessMap;
 }
 
-static URLSchemesMap& localSchemes()
-{
-    DEFINE_STATIC_LOCAL(URLSchemesMap, localSchemes, ());
-
-    if (localSchemes.isEmpty()) {
-        localSchemes.add("file");
-#if PLATFORM(MAC)
-        localSchemes.add("applewebdata");
-#endif
-#if PLATFORM(QT)
-        localSchemes.add("qrc");
-#endif
-    }
-
-    return localSchemes;
-}
-
-static URLSchemesMap& secureSchemes()
-{
-    DEFINE_STATIC_LOCAL(URLSchemesMap, secureSchemes, ());
-
-    if (secureSchemes.isEmpty()) {
-        secureSchemes.add("https");
-        secureSchemes.add("about");
-        secureSchemes.add("data");
-    }
-
-    return secureSchemes;
-}
-
-static URLSchemesMap& schemesWithUniqueOrigins()
-{
-    DEFINE_STATIC_LOCAL(URLSchemesMap, schemesWithUniqueOrigins, ());
-
-    // This is a willful violation of HTML5.
-    // See https://bugs.webkit.org/show_bug.cgi?id=11885
-    if (schemesWithUniqueOrigins.isEmpty())
-        schemesWithUniqueOrigins.add("data");
-
-    return schemesWithUniqueOrigins;
-}
-
 static bool schemeRequiresAuthority(const String& scheme)
 {
     DEFINE_STATIC_LOCAL(URLSchemesMap, schemes, ());
@@ -108,7 +67,7 @@ SecurityOrigin::SecurityOrigin(const KURL& url, SandboxFlags sandboxFlags)
     , m_protocol(url.protocol().isNull() ? "" : url.protocol().lower())
     , m_host(url.host().isNull() ? "" : url.host().lower())
     , m_port(url.port())
-    , m_isUnique(isSandboxed(SandboxOrigin) || shouldTreatURLSchemeAsNoAccess(m_protocol))
+    , m_isUnique(isSandboxed(SandboxOrigin) || SchemeRegistry::shouldTreatURLSchemeAsNoAccess(m_protocol))
     , m_universalAccess(false)
     , m_domainWasSetInDOM(false)
     , m_enforceFilePathSeparation(false)
@@ -315,7 +274,7 @@ bool SecurityOrigin::isAccessWhiteListed(const SecurityOrigin* targetOrigin) con
   
 bool SecurityOrigin::canLoad(const KURL& url, const String& referrer, Document* document)
 {
-    if (!shouldTreatURLAsLocal(url.string()))
+    if (!SchemeRegistry::shouldTreatURLAsLocal(url.string()))
         return true;
 
     // If we were provided a document, we first check if the access has been white listed.
@@ -329,7 +288,7 @@ bool SecurityOrigin::canLoad(const KURL& url, const String& referrer, Document*
         return documentOrigin->canLoadLocalResources();
     }
     if (!referrer.isEmpty())
-        return shouldTreatURLAsLocal(referrer);
+        return SchemeRegistry::shouldTreatURLAsLocal(referrer);
     return false;
 }
 
@@ -357,7 +316,7 @@ void SecurityOrigin::enforceFilePathSeparation()
 
 bool SecurityOrigin::isLocal() const
 {
-    return shouldTreatURLSchemeAsLocal(m_protocol);
+    return SchemeRegistry::shouldTreatURLSchemeAsLocal(m_protocol);
 }
 
 bool SecurityOrigin::isSecureTransitionTo(const KURL& url) const
@@ -557,85 +516,6 @@ bool SecurityOrigin::isSameSchemeHostPort(const SecurityOrigin* other) const
     return true;
 }
 
-void SecurityOrigin::registerURLSchemeAsLocal(const String& scheme)
-{
-    localSchemes().add(scheme);
-}
-
-void SecurityOrigin::removeURLSchemeRegisteredAsLocal(const String& scheme)
-{
-    if (scheme == "file")
-        return;
-#if PLATFORM(MAC)
-    if (scheme == "applewebdata")
-        return;
-#endif
-    localSchemes().remove(scheme);
-}
-
-const URLSchemesMap& SecurityOrigin::localURLSchemes()
-{
-    return localSchemes();
-}
-
-bool SecurityOrigin::shouldTreatURLAsLocal(const String& url)
-{
-    // This avoids an allocation of another String and the HashSet contains()
-    // call for the file: and http: schemes.
-    if (url.length() >= 5) {
-        const UChar* s = url.characters();
-        if (s[0] == 'h' && s[1] == 't' && s[2] == 't' && s[3] == 'p' && s[4] == ':')
-            return false;
-        if (s[0] == 'f' && s[1] == 'i' && s[2] == 'l' && s[3] == 'e' && s[4] == ':')
-            return true;
-    }
-
-    int loc = url.find(':');
-    if (loc == -1)
-        return false;
-
-    String scheme = url.left(loc);
-    return localSchemes().contains(scheme);
-}
-
-bool SecurityOrigin::shouldTreatURLSchemeAsLocal(const String& scheme)
-{
-    // This avoids an allocation of another String and the HashSet contains()
-    // call for the file: and http: schemes.
-    if (scheme.length() == 4) {
-        const UChar* s = scheme.characters();
-        if (s[0] == 'h' && s[1] == 't' && s[2] == 't' && s[3] == 'p')
-            return false;
-        if (s[0] == 'f' && s[1] == 'i' && s[2] == 'l' && s[3] == 'e')
-            return true;
-    }
-
-    if (scheme.isEmpty())
-        return false;
-
-    return localSchemes().contains(scheme);
-}
-
-void SecurityOrigin::registerURLSchemeAsNoAccess(const String& scheme)
-{
-    schemesWithUniqueOrigins().add(scheme);
-}
-
-bool SecurityOrigin::shouldTreatURLSchemeAsNoAccess(const String& scheme)
-{
-    return schemesWithUniqueOrigins().contains(scheme);
-}
-
-void SecurityOrigin::registerURLSchemeAsSecure(const String& scheme)
-{
-    secureSchemes().add(scheme);
-}
-
-bool SecurityOrigin::shouldTreatURLSchemeAsSecure(const String& scheme)
-{
-    return secureSchemes().contains(scheme);
-}
-
 bool SecurityOrigin::shouldHideReferrer(const KURL& url, const String& referrer)
 {
     bool referrerIsSecureURL = protocolIs(referrer, "https");
index 2254096..fa5b1e4 100644 (file)
@@ -40,8 +40,6 @@
 
 namespace WebCore {
 
-typedef HashSet<String, CaseFoldingHash> URLSchemesMap;
-
 class Document;
 class KURL;
 
@@ -174,18 +172,6 @@ public:
     // (and whether it was set) but considering the host. It is used for postMessage.
     bool isSameSchemeHostPort(const SecurityOrigin*) const;
 
-    static void registerURLSchemeAsLocal(const String&);
-    static void removeURLSchemeRegisteredAsLocal(const String&);
-    static const URLSchemesMap& localURLSchemes();
-    static bool shouldTreatURLAsLocal(const String&);
-    static bool shouldTreatURLSchemeAsLocal(const String&);
-
-    // Secure schemes do not trigger mixed content warnings. For example,
-    // https and data are secure schemes because they cannot be corrupted by
-    // active network attackers.
-    static void registerURLSchemeAsSecure(const String&);
-    static bool shouldTreatURLSchemeAsSecure(const String&);
-
     static bool shouldHideReferrer(const KURL&, const String& referrer);
 
     enum LocalLoadPolicy {
@@ -197,9 +183,6 @@ public:
     static bool restrictAccessToLocal();
     static bool allowSubstituteDataAccessToLocal();
 
-    static void registerURLSchemeAsNoAccess(const String&);
-    static bool shouldTreatURLSchemeAsNoAccess(const String&);
-
     static void addOriginAccessWhitelistEntry(const SecurityOrigin& sourceOrigin, const String& destinationProtocol, const String& destinationDomains, bool allowDestinationSubdomains);
     static void removeOriginAccessWhitelistEntry(const SecurityOrigin& sourceOrigin, const String& destinationProtocol, const String& destinationDomains, bool allowDestinationSubdomains);
     static void resetOriginAccessWhitelists();
diff --git a/WebCore/platform/SchemeRegistry.cpp b/WebCore/platform/SchemeRegistry.cpp
new file mode 100644 (file)
index 0000000..0498462
--- /dev/null
@@ -0,0 +1,152 @@
+/*
+ * Copyright (C) 2010 Apple Inc. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE, INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE COMPUTER, INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
+ *
+ */
+#include "config.h"
+#include "SchemeRegistry.h"
+
+namespace WebCore {
+
+static URLSchemesMap& localURLSchemes()
+{
+    DEFINE_STATIC_LOCAL(URLSchemesMap, localSchemes, ());
+
+    if (localSchemes.isEmpty()) {
+        localSchemes.add("file");
+#if PLATFORM(MAC)
+        localSchemes.add("applewebdata");
+#endif
+#if PLATFORM(QT)
+        localSchemes.add("qrc");
+#endif
+    }
+
+    return localSchemes;
+}
+
+static URLSchemesMap& secureSchemes()
+{
+    DEFINE_STATIC_LOCAL(URLSchemesMap, secureSchemes, ());
+
+    if (secureSchemes.isEmpty()) {
+        secureSchemes.add("https");
+        secureSchemes.add("about");
+        secureSchemes.add("data");
+    }
+
+    return secureSchemes;
+}
+
+static URLSchemesMap& schemesWithUniqueOrigins()
+{
+    DEFINE_STATIC_LOCAL(URLSchemesMap, schemesWithUniqueOrigins, ());
+
+    // This is a willful violation of HTML5.
+    // See https://bugs.webkit.org/show_bug.cgi?id=11885
+    if (schemesWithUniqueOrigins.isEmpty())
+        schemesWithUniqueOrigins.add("data");
+
+    return schemesWithUniqueOrigins;
+}
+
+void SchemeRegistry::registerURLSchemeAsLocal(const String& scheme)
+{
+    WebCore::localURLSchemes().add(scheme);
+}
+
+void SchemeRegistry::removeURLSchemeRegisteredAsLocal(const String& scheme)
+{
+    if (scheme == "file")
+        return;
+#if PLATFORM(MAC)
+    if (scheme == "applewebdata")
+        return;
+#endif
+    WebCore::localURLSchemes().remove(scheme);
+}
+
+const URLSchemesMap& SchemeRegistry::localURLSchemes()
+{
+    return WebCore::localURLSchemes();
+}
+
+bool SchemeRegistry::shouldTreatURLAsLocal(const String& url)
+{
+    // This avoids an allocation of another String and the HashSet contains()
+    // call for the file: and http: schemes.
+    if (url.length() >= 5) {
+        const UChar* s = url.characters();
+        if (s[0] == 'h' && s[1] == 't' && s[2] == 't' && s[3] == 'p' && s[4] == ':')
+            return false;
+        if (s[0] == 'f' && s[1] == 'i' && s[2] == 'l' && s[3] == 'e' && s[4] == ':')
+            return true;
+    }
+
+    int loc = url.find(':');
+    if (loc == -1)
+        return false;
+
+    String scheme = url.left(loc);
+    return WebCore::localURLSchemes().contains(scheme);
+}
+
+bool SchemeRegistry::shouldTreatURLSchemeAsLocal(const String& scheme)
+{
+    // This avoids an allocation of another String and the HashSet contains()
+    // call for the file: and http: schemes.
+    if (scheme.length() == 4) {
+        const UChar* s = scheme.characters();
+        if (s[0] == 'h' && s[1] == 't' && s[2] == 't' && s[3] == 'p')
+            return false;
+        if (s[0] == 'f' && s[1] == 'i' && s[2] == 'l' && s[3] == 'e')
+            return true;
+    }
+
+    if (scheme.isEmpty())
+        return false;
+
+    return WebCore::localURLSchemes().contains(scheme);
+}
+
+void SchemeRegistry::registerURLSchemeAsNoAccess(const String& scheme)
+{
+    schemesWithUniqueOrigins().add(scheme);
+}
+
+bool SchemeRegistry::shouldTreatURLSchemeAsNoAccess(const String& scheme)
+{
+    return schemesWithUniqueOrigins().contains(scheme);
+}
+
+void SchemeRegistry::registerURLSchemeAsSecure(const String& scheme)
+{
+    secureSchemes().add(scheme);
+}
+
+bool SchemeRegistry::shouldTreatURLSchemeAsSecure(const String& scheme)
+{
+    return secureSchemes().contains(scheme);
+}
+
+} // namespace WebCore
diff --git a/WebCore/platform/SchemeRegistry.h b/WebCore/platform/SchemeRegistry.h
new file mode 100644 (file)
index 0000000..48b4255
--- /dev/null
@@ -0,0 +1,58 @@
+/*
+ * Copyright (C) 2010 Apple Inc. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE, INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE COMPUTER, INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
+ *
+ */
+#ifndef SchemeRegistry_h
+#define SchemeRegistry_h
+
+#include "PlatformString.h"
+#include "StringHash.h"
+#include <wtf/HashSet.h>
+
+namespace WebCore {
+
+typedef HashSet<String, CaseFoldingHash> URLSchemesMap;
+
+class SchemeRegistry {
+public:
+    static void registerURLSchemeAsLocal(const String&);
+    static void removeURLSchemeRegisteredAsLocal(const String&);
+    static const URLSchemesMap& localURLSchemes();
+
+    static bool shouldTreatURLAsLocal(const String&);
+    static bool shouldTreatURLSchemeAsLocal(const String&);
+
+    // Secure schemes do not trigger mixed content warnings. For example,
+    // https and data are secure schemes because they cannot be corrupted by
+    // active network attackers.
+    static void registerURLSchemeAsSecure(const String&);
+    static bool shouldTreatURLSchemeAsSecure(const String&);
+
+    static void registerURLSchemeAsNoAccess(const String&);
+    static bool shouldTreatURLSchemeAsNoAccess(const String&);
+};
+
+} // namespace WebCore
+
+#endif // SchemeRegistry_h
index 009dc60..ba6de88 100644 (file)
@@ -1,3 +1,15 @@
+2010-07-21  Brady Eidson  <beidson@apple.com>
+
+        Reviewed by Geoffrey Garen.
+
+        Break out "scheme registration" functionality from SecurityOrigin to a SchemeRegistry
+        https://bugs.webkit.org/show_bug.cgi?id=42783
+
+        * src/WebSecurityPolicy.cpp:
+        (WebKit::WebSecurityPolicy::registerURLSchemeAsLocal):
+        (WebKit::WebSecurityPolicy::registerURLSchemeAsNoAccess):
+        (WebKit::WebSecurityPolicy::registerURLSchemeAsSecure):
+
 2010-07-21  Bo Liu  <boliu@chromium.org>
 
         Reviewed by Darin Fisher.
index 4b2b557..58d0893 100644 (file)
@@ -32,6 +32,7 @@
 #include "WebSecurityPolicy.h"
 
 #include "FrameLoader.h"
+#include "SchemeRegistry.h"
 #include "SecurityOrigin.h"
 
 #include "WebString.h"
@@ -43,17 +44,17 @@ namespace WebKit {
 
 void WebSecurityPolicy::registerURLSchemeAsLocal(const WebString& scheme)
 {
-    SecurityOrigin::registerURLSchemeAsLocal(scheme);
+    SchemeRegistry::registerURLSchemeAsLocal(scheme);
 }
 
 void WebSecurityPolicy::registerURLSchemeAsNoAccess(const WebString& scheme)
 {
-    SecurityOrigin::registerURLSchemeAsNoAccess(scheme);
+    SchemeRegistry::registerURLSchemeAsNoAccess(scheme);
 }
 
 void WebSecurityPolicy::registerURLSchemeAsSecure(const WebString& scheme)
 {
-    SecurityOrigin::registerURLSchemeAsSecure(scheme);
+    SchemeRegistry::registerURLSchemeAsSecure(scheme);
 }
 
 void WebSecurityPolicy::addOriginAccessWhitelistEntry(
index 95c460b..4241a2e 100644 (file)
@@ -1,3 +1,14 @@
+2010-07-21  Brady Eidson  <beidson@apple.com>
+
+        Reviewed by Geoffrey Garen.
+
+        Break out "scheme registration" functionality from SecurityOrigin to a SchemeRegistry
+        https://bugs.webkit.org/show_bug.cgi?id=42783
+
+        * WebView/WebView.mm:
+        (+[WebView _registerURLSchemeAsSecure:]):
+        (+[WebView registerURLSchemeAsLocal:]):
+
 2010-07-21  Simon Fraser  <simon.fraser@apple.com>
 
         Reviewed by Anders Carlsson.
index f7b83ea..236a079 100644 (file)
 #import <WebCore/RenderWidget.h>
 #import <WebCore/ResourceHandle.h>
 #import <WebCore/RuntimeApplicationChecks.h>
+#import <WebCore/SchemeRegistry.h>
 #import <WebCore/ScriptController.h>
 #import <WebCore/ScriptValue.h>
 #import <WebCore/SecurityOrigin.h>
@@ -2500,7 +2501,7 @@ static PassOwnPtr<Vector<String> > toStringVector(NSArray* patterns)
 
 + (void)_registerURLSchemeAsSecure:(NSString *)scheme
 {
-    SecurityOrigin::registerURLSchemeAsSecure(scheme);
+    SchemeRegistry::registerURLSchemeAsSecure(scheme);
 }
 
 @end
@@ -2734,7 +2735,7 @@ static PassOwnPtr<Vector<String> > toStringVector(NSArray* patterns)
 
 + (void)registerURLSchemeAsLocal:(NSString *)protocol
 {
-    SecurityOrigin::registerURLSchemeAsLocal(protocol);
+    SchemeRegistry::registerURLSchemeAsLocal(protocol);
 }
 
 - (id)_initWithArguments:(NSDictionary *) arguments
index 35219a9..45d6bc0 100644 (file)
@@ -49,6 +49,7 @@
 #include "DragController.h"
 #include "DragData.h"
 #include "EditorClientQt.h"
+#include "SchemeRegistry.h"
 #include "SecurityOrigin.h"
 #include "Settings.h"
 #include "Page.h"
@@ -2393,7 +2394,7 @@ bool QWebPage::acceptNavigationRequest(QWebFrame *frame, const QNetworkRequest &
                 return true;
 
             case DelegateExternalLinks:
-                if (WebCore::SecurityOrigin::shouldTreatURLSchemeAsLocal(request.url().scheme()))
+                if (WebCore::SchemeRegistry::shouldTreatURLSchemeAsLocal(request.url().scheme()))
                     return true;
                 emit linkClicked(request.url());
                 return false;
index fe25d2d..e8c8f33 100644 (file)
@@ -25,6 +25,7 @@
 
 #include "DatabaseTracker.h"
 #include "KURL.h"
+#include "SchemeRegistry.h"
 #include "SecurityOrigin.h"
 #include <QStringList>
 
@@ -222,7 +223,7 @@ QList<QWebDatabase> QWebSecurityOrigin::databases() const
 */
 void QWebSecurityOrigin::addLocalScheme(const QString& scheme)
 {
-    SecurityOrigin::registerURLSchemeAsLocal(scheme);
+    SchemeRegistry::registerURLSchemeAsLocal(scheme);
 }
 
 /*!
@@ -237,7 +238,7 @@ void QWebSecurityOrigin::addLocalScheme(const QString& scheme)
 */
 void QWebSecurityOrigin::removeLocalScheme(const QString& scheme)
 {
-    SecurityOrigin::removeURLSchemeRegisteredAsLocal(scheme);
+    SchemeRegistry::removeURLSchemeRegisteredAsLocal(scheme);
 }
 
 /*!
@@ -251,7 +252,7 @@ void QWebSecurityOrigin::removeLocalScheme(const QString& scheme)
 QStringList QWebSecurityOrigin::localSchemes()
 {
     QStringList list;
-    const URLSchemesMap& map = SecurityOrigin::localURLSchemes();
+    const URLSchemesMap& map = SchemeRegistry::localURLSchemes();
     URLSchemesMap::const_iterator end = map.end();
     for (URLSchemesMap::const_iterator i = map.begin(); i != end; ++i) {
         const QString scheme = *i;
index edc8f52..654e544 100644 (file)
@@ -1,3 +1,17 @@
+2010-07-21  Brady Eidson  <beidson@apple.com>
+
+        Reviewed by Geoffrey Garen.
+
+        Break out "scheme registration" functionality from SecurityOrigin to a SchemeRegistry
+        https://bugs.webkit.org/show_bug.cgi?id=42783
+
+        * Api/qwebpage.cpp:
+        (QWebPage::acceptNavigationRequest):
+        * Api/qwebsecurityorigin.cpp:
+        (QWebSecurityOrigin::addLocalScheme):
+        (QWebSecurityOrigin::removeLocalScheme):
+        (QWebSecurityOrigin::localSchemes):
+
 2010-07-20  Kenneth Rohde Christiansen  <kenneth.christiansen@openbossa.org>
 
         [Qt] Add API to define device-width and height for use with the viewport meta tag
index 44869dc..1e7f405 100644 (file)
@@ -1,3 +1,14 @@
+2010-07-21  Brady Eidson  <beidson@apple.com>
+
+        Reviewed by Geoffrey Garen.
+
+        Break out "scheme registration" functionality from SecurityOrigin to a SchemeRegistry
+        https://bugs.webkit.org/show_bug.cgi?id=42783
+
+        * WebView.cpp:
+        (WebView::registerURLSchemeAsLocal):
+        (WebView::registerURLSchemeAsSecure):
+
 2010-07-20  Steve Falkenburg  <sfalken@apple.com>
 
         Reviewed by Adam Roben.
index fb0aad5..0aa6382 100644 (file)
 #include <WebCore/RenderWidget.h>
 #include <WebCore/ResourceHandle.h>
 #include <WebCore/ResourceHandleClient.h>
+#include <WebCore/SchemeRegistry.h>
 #include <WebCore/ScriptValue.h>
 #include <WebCore/Scrollbar.h>
 #include <WebCore/ScrollbarTheme.h>
@@ -3652,7 +3653,7 @@ HRESULT STDMETHODCALLTYPE WebView::registerURLSchemeAsLocal(
     if (!scheme)
         return E_POINTER;
 
-    SecurityOrigin::registerURLSchemeAsLocal(String(scheme, ::SysStringLen(scheme)));
+    SchemeRegistry::registerURLSchemeAsLocal(String(scheme, ::SysStringLen(scheme)));
 
     return S_OK;
 }
@@ -6412,7 +6413,7 @@ HRESULT WebView::setDomainRelaxationForbiddenForURLScheme(BOOL forbidden, BSTR s
 
 HRESULT WebView::registerURLSchemeAsSecure(BSTR scheme)
 {
-    SecurityOrigin::registerURLSchemeAsSecure(toString(scheme));
+    SchemeRegistry::registerURLSchemeAsSecure(toString(scheme));
     return S_OK;
 }