SecurityContext.cpp [plain text]
#include "config.h"
#include "SecurityContext.h"
#include "ContentSecurityPolicy.h"
#include "HTMLParserIdioms.h"
#include "SecurityOrigin.h"
#include <wtf/text/StringBuilder.h>
namespace WebCore {
SecurityContext::SecurityContext()
: m_mayDisplaySeamlesslyWithParent(false)
, m_haveInitializedSecurityOrigin(false)
, m_sandboxFlags(SandboxNone)
{
}
SecurityContext::~SecurityContext()
{
}
void SecurityContext::setSecurityOrigin(PassRefPtr<SecurityOrigin> securityOrigin)
{
m_securityOrigin = securityOrigin;
m_haveInitializedSecurityOrigin = true;
}
void SecurityContext::setContentSecurityPolicy(PassOwnPtr<ContentSecurityPolicy> contentSecurityPolicy)
{
m_contentSecurityPolicy = contentSecurityPolicy;
}
bool SecurityContext::isSecureTransitionTo(const KURL& url) const
{
if (!haveInitializedSecurityOrigin())
return true;
RefPtr<SecurityOrigin> other = SecurityOrigin::create(url);
return securityOrigin()->canAccess(other.get());
}
void SecurityContext::enforceSandboxFlags(SandboxFlags mask)
{
m_sandboxFlags |= mask;
if (isSandboxed(SandboxOrigin) && securityOrigin() && !securityOrigin()->isUnique())
setSecurityOrigin(SecurityOrigin::createUnique());
}
SandboxFlags SecurityContext::parseSandboxPolicy(const String& policy, String& invalidTokensErrorMessage)
{
SandboxFlags flags = SandboxAll;
const UChar* characters = policy.characters();
unsigned length = policy.length();
unsigned start = 0;
unsigned numberOfTokenErrors = 0;
StringBuilder tokenErrors;
while (true) {
while (start < length && isHTMLSpace(characters[start]))
++start;
if (start >= length)
break;
unsigned end = start + 1;
while (end < length && !isHTMLSpace(characters[end]))
++end;
String sandboxToken = policy.substring(start, end - start);
if (equalIgnoringCase(sandboxToken, "allow-same-origin"))
flags &= ~SandboxOrigin;
else if (equalIgnoringCase(sandboxToken, "allow-forms"))
flags &= ~SandboxForms;
else if (equalIgnoringCase(sandboxToken, "allow-scripts")) {
flags &= ~SandboxScripts;
flags &= ~SandboxAutomaticFeatures;
} else if (equalIgnoringCase(sandboxToken, "allow-top-navigation"))
flags &= ~SandboxTopNavigation;
else if (equalIgnoringCase(sandboxToken, "allow-popups"))
flags &= ~SandboxPopups;
else if (equalIgnoringCase(sandboxToken, "allow-pointer-lock"))
flags &= ~SandboxPointerLock;
else {
if (numberOfTokenErrors)
tokenErrors.appendLiteral(", '");
else
tokenErrors.append('\'');
tokenErrors.append(sandboxToken);
tokenErrors.append('\'');
numberOfTokenErrors++;
}
start = end + 1;
}
if (numberOfTokenErrors) {
if (numberOfTokenErrors > 1)
tokenErrors.appendLiteral(" are invalid sandbox flags.");
else
tokenErrors.appendLiteral(" is an invalid sandbox flag.");
invalidTokensErrorMessage = tokenErrors.toString();
}
return flags;
}
}