SecurityContext.cpp [plain text]
#include "config.h"
#include "SecurityContext.h"
#include "ContentSecurityPolicy.h"
#include "HTMLParserIdioms.h"
#include "SecurityOrigin.h"
namespace WebCore {
SecurityContext::SecurityContext()
: m_mayDisplaySeamlessWithParent(false)
, m_haveInitializedSecurityOrigin(false)
, m_sandboxFlags(SandboxNone)
{
}
SecurityContext::~SecurityContext()
{
}
void SecurityContext::setSecurityOrigin(PassRefPtr<SecurityOrigin> securityOrigin)
{
m_securityOrigin = securityOrigin;
m_haveInitializedSecurityOrigin = true;
}
void SecurityContext::setContentSecurityPolicy(PassOwnPtr<ContentSecurityPolicy> contentSecurityPolicy)
{
m_contentSecurityPolicy = contentSecurityPolicy;
}
bool SecurityContext::isSecureTransitionTo(const KURL& url) const
{
if (!haveInitializedSecurityOrigin())
return true;
RefPtr<SecurityOrigin> other = SecurityOrigin::create(url);
return securityOrigin()->canAccess(other.get());
}
SandboxFlags SecurityContext::parseSandboxPolicy(const String& policy)
{
SandboxFlags flags = SandboxAll;
const UChar* characters = policy.characters();
unsigned length = policy.length();
unsigned start = 0;
while (true) {
while (start < length && isHTMLSpace(characters[start]))
++start;
if (start >= length)
break;
unsigned end = start + 1;
while (end < length && !isHTMLSpace(characters[end]))
++end;
String sandboxToken = policy.substring(start, end - start);
if (equalIgnoringCase(sandboxToken, "allow-same-origin"))
flags &= ~SandboxOrigin;
else if (equalIgnoringCase(sandboxToken, "allow-forms"))
flags &= ~SandboxForms;
else if (equalIgnoringCase(sandboxToken, "allow-scripts"))
flags &= ~SandboxScripts;
else if (equalIgnoringCase(sandboxToken, "allow-top-navigation"))
flags &= ~SandboxTopNavigation;
else if (equalIgnoringCase(sandboxToken, "allow-popups"))
flags &= ~SandboxPopups;
start = end + 1;
}
return flags;
}
}