Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(109)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: Source/core/dom/Document.cpp

Issue 23321002: Convert 'document.domain' exceptions to 'es.throwSecurityError()'. (Closed) Base URL: svn://svn.chromium.org/blink/trunk
Patch Set: Created 7 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « LayoutTests/http/tests/security/setDomainRelaxationForbiddenForURLScheme-expected.txt ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * Copyright (C) 1999 Lars Knoll (knoll@kde.org) 2 * Copyright (C) 1999 Lars Knoll (knoll@kde.org)
3 * (C) 1999 Antti Koivisto (koivisto@kde.org) 3 * (C) 1999 Antti Koivisto (koivisto@kde.org)
4 * (C) 2001 Dirk Mueller (mueller@kde.org) 4 * (C) 2001 Dirk Mueller (mueller@kde.org)
5 * (C) 2006 Alexey Proskuryakov (ap@webkit.org) 5 * (C) 2006 Alexey Proskuryakov (ap@webkit.org)
6 * Copyright (C) 2004, 2005, 2006, 2007, 2008, 2009, 2011, 2012 Apple Inc. All r ights reserved. 6 * Copyright (C) 2004, 2005, 2006, 2007, 2008, 2009, 2011, 2012 Apple Inc. All r ights reserved.
7 * Copyright (C) 2008, 2009 Torch Mobile Inc. All rights reserved. (http://www.t orchmobile.com/) 7 * Copyright (C) 2008, 2009 Torch Mobile Inc. All rights reserved. (http://www.t orchmobile.com/)
8 * Copyright (C) 2008, 2009, 2011, 2012 Google Inc. All rights reserved. 8 * Copyright (C) 2008, 2009, 2011, 2012 Google Inc. All rights reserved.
9 * Copyright (C) 2010 Nokia Corporation and/or its subsidiary(-ies) 9 * Copyright (C) 2010 Nokia Corporation and/or its subsidiary(-ies)
10 * Copyright (C) Research In Motion Limited 2010-2011. All rights reserved. 10 * Copyright (C) Research In Motion Limited 2010-2011. All rights reserved.
(...skipping 19 matching lines...) Expand all
30 30
31 #include "HTMLElementFactory.h" 31 #include "HTMLElementFactory.h"
32 #include "HTMLNames.h" 32 #include "HTMLNames.h"
33 #include "RuntimeEnabledFeatures.h" 33 #include "RuntimeEnabledFeatures.h"
34 #include "SVGElementFactory.h" 34 #include "SVGElementFactory.h"
35 #include "SVGNames.h" 35 #include "SVGNames.h"
36 #include "XMLNSNames.h" 36 #include "XMLNSNames.h"
37 #include "XMLNames.h" 37 #include "XMLNames.h"
38 #include "bindings/v8/CustomElementConstructorBuilder.h" 38 #include "bindings/v8/CustomElementConstructorBuilder.h"
39 #include "bindings/v8/Dictionary.h" 39 #include "bindings/v8/Dictionary.h"
40 #include "bindings/v8/ExceptionMessages.h"
40 #include "bindings/v8/ExceptionState.h" 41 #include "bindings/v8/ExceptionState.h"
41 #include "bindings/v8/ExceptionStatePlaceholder.h" 42 #include "bindings/v8/ExceptionStatePlaceholder.h"
42 #include "bindings/v8/ScriptController.h" 43 #include "bindings/v8/ScriptController.h"
43 #include "core/accessibility/AXObjectCache.h" 44 #include "core/accessibility/AXObjectCache.h"
44 #include "core/animation/DocumentTimeline.h" 45 #include "core/animation/DocumentTimeline.h"
45 #include "core/css/CSSStyleDeclaration.h" 46 #include "core/css/CSSStyleDeclaration.h"
46 #include "core/css/CSSStyleSheet.h" 47 #include "core/css/CSSStyleSheet.h"
47 #include "core/css/FontLoader.h" 48 #include "core/css/FontLoader.h"
48 #include "core/css/MediaQueryMatcher.h" 49 #include "core/css/MediaQueryMatcher.h"
49 #include "core/css/StylePropertySet.h" 50 #include "core/css/StylePropertySet.h"
(...skipping 3634 matching lines...) Expand 10 before | Expand all | Expand 10 after
3684 } 3685 }
3685 3686
3686 String Document::domain() const 3687 String Document::domain() const
3687 { 3688 {
3688 return securityOrigin()->domain(); 3689 return securityOrigin()->domain();
3689 } 3690 }
3690 3691
3691 void Document::setDomain(const String& newDomain, ExceptionState& es) 3692 void Document::setDomain(const String& newDomain, ExceptionState& es)
3692 { 3693 {
3693 if (SchemeRegistry::isDomainRelaxationForbiddenForURLScheme(securityOrigin() ->protocol())) { 3694 if (SchemeRegistry::isDomainRelaxationForbiddenForURLScheme(securityOrigin() ->protocol())) {
3694 es.throwDOMException(SecurityError, "'document.domain' assignment is for bidden for the '" + securityOrigin()->protocol() + "' scheme."); 3695 es.throwSecurityError(ExceptionMessages::failedToSet("domain", "Document ", "assignment is forbidden for the '" + securityOrigin()->protocol() + "' schem e."));
3695 return; 3696 return;
3696 } 3697 }
3697 3698
3698 // Both NS and IE specify that changing the domain is only allowed when 3699 // Both NS and IE specify that changing the domain is only allowed when
3699 // the new domain is a suffix of the old domain. 3700 // the new domain is a suffix of the old domain.
3700 3701
3701 // If the new domain is the same as the old domain, still call 3702 // If the new domain is the same as the old domain, still call
3702 // securityOrigin()->setDomainForDOM. This will change the 3703 // securityOrigin()->setDomainForDOM. This will change the
3703 // security check behavior. For example, if a page loaded on port 8000 3704 // security check behavior. For example, if a page loaded on port 8000
3704 // assigns its current domain using document.domain, the page will 3705 // assigns its current domain using document.domain, the page will
3705 // allow other pages loaded on different ports in the same domain that 3706 // allow other pages loaded on different ports in the same domain that
3706 // have also assigned to access this page. 3707 // have also assigned to access this page.
3707 if (equalIgnoringCase(domain(), newDomain)) { 3708 if (equalIgnoringCase(domain(), newDomain)) {
3708 securityOrigin()->setDomainFromDOM(newDomain); 3709 securityOrigin()->setDomainFromDOM(newDomain);
3709 if (m_frame) 3710 if (m_frame)
3710 m_frame->script()->updateSecurityOrigin(); 3711 m_frame->script()->updateSecurityOrigin();
3711 return; 3712 return;
3712 } 3713 }
3713 3714
3714 int oldLength = domain().length(); 3715 int oldLength = domain().length();
3715 int newLength = newDomain.length(); 3716 int newLength = newDomain.length();
3716 String exceptionMessage = "'document.domain' assignment failed: '" + newDom ain + "' is not a suffix of '" + domain() + "'."; 3717 String exceptionMessage = ExceptionMessages::failedToSet("domain", "Documen t", "'" + newDomain + "' is not a suffix of '" + domain() + "'.");
3717 // e.g. newDomain = subdomain.www.example.com (25) and domain() = www.exampl e.com (15) 3718 // e.g. newDomain = subdomain.www.example.com (25) and domain() = www.exampl e.com (15)
3718 if (newLength >= oldLength) { 3719 if (newLength >= oldLength) {
3719 es.throwDOMException(SecurityError, exceptionMessage); 3720 es.throwSecurityError(exceptionMessage);
3720 return; 3721 return;
3721 } 3722 }
3722 3723
3723 String test = domain(); 3724 String test = domain();
3724 // Check that it's a complete suffix, not e.g. "ample.com" 3725 // Check that it's a complete suffix, not e.g. "ample.com"
3725 if (test[oldLength - newLength - 1] != '.') { 3726 if (test[oldLength - newLength - 1] != '.') {
3726 es.throwDOMException(SecurityError, exceptionMessage); 3727 es.throwSecurityError(exceptionMessage);
3727 return; 3728 return;
3728 } 3729 }
3729 3730
3730 // Now test is "example.com" from domain() 3731 // Now test is "example.com" from domain()
3731 // and we check that it's the same thing as newDomain 3732 // and we check that it's the same thing as newDomain
3732 test.remove(0, oldLength - newLength); 3733 test.remove(0, oldLength - newLength);
3733 if (test != newDomain) { 3734 if (test != newDomain) {
3734 es.throwDOMException(SecurityError, exceptionMessage); 3735 es.throwSecurityError(exceptionMessage);
3735 return; 3736 return;
3736 } 3737 }
3737 3738
3738 securityOrigin()->setDomainFromDOM(newDomain); 3739 securityOrigin()->setDomainFromDOM(newDomain);
3739 if (m_frame) 3740 if (m_frame)
3740 m_frame->script()->updateSecurityOrigin(); 3741 m_frame->script()->updateSecurityOrigin();
3741 } 3742 }
3742 3743
3743 // http://www.whatwg.org/specs/web-apps/current-work/#dom-document-lastmodified 3744 // http://www.whatwg.org/specs/web-apps/current-work/#dom-document-lastmodified
3744 String Document::lastModified() const 3745 String Document::lastModified() const
(...skipping 1446 matching lines...) Expand 10 before | Expand all | Expand 10 after
5191 { 5192 {
5192 return DocumentLifecycleNotifier::create(this); 5193 return DocumentLifecycleNotifier::create(this);
5193 } 5194 }
5194 5195
5195 DocumentLifecycleNotifier* Document::lifecycleNotifier() 5196 DocumentLifecycleNotifier* Document::lifecycleNotifier()
5196 { 5197 {
5197 return static_cast<DocumentLifecycleNotifier*>(ScriptExecutionContext::lifec ycleNotifier()); 5198 return static_cast<DocumentLifecycleNotifier*>(ScriptExecutionContext::lifec ycleNotifier());
5198 } 5199 }
5199 5200
5200 } // namespace WebCore 5201 } // namespace WebCore
OLDNEW
« no previous file with comments | « LayoutTests/http/tests/security/setDomainRelaxationForbiddenForURLScheme-expected.txt ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698