KHtml

security_origin.cpp
1 /*
2  * Copyright (C) 2007 Apple Inc. All rights reserved.
3  *
4  * Redistribution and use in source and binary forms, with or without
5  * modification, are permitted provided that the following conditions
6  * are met:
7  *
8  * 1. Redistributions of source code must retain the above copyright
9  * notice, this list of conditions and the following disclaimer.
10  * 2. Redistributions in binary form must reproduce the above copyright
11  * notice, this list of conditions and the following disclaimer in the
12  * documentation and/or other materials provided with the distribution.
13  * 3. Neither the name of Apple Computer, Inc. ("Apple") nor the names of
14  * its contributors may be used to endorse or promote products derived
15  * from this software without specific prior written permission.
16  *
17  * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY
18  * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
19  * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
20  * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY
21  * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
22  * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
23  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
24  * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
25  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
26  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
27  */
28 
29 #include "security_origin.h"
30 
31 #include <wtf/RefPtr.h>
32 
33 #include <kprotocolinfo.h>
34 
35 namespace khtml
36 {
37 
38 static bool isDefaultPortForProtocol(unsigned short port, const QString &proto)
39 {
40  return (port == 80 && proto == QLatin1String("http")) ||
41  (port == 443 && proto == QLatin1String("https"));
42 }
43 
44 SecurityOrigin::SecurityOrigin(const QUrl &url) :
45  m_protocol(url.scheme())
46  , m_host(url.host().toLower())
47  , m_port(url.port())
48  , m_domainWasSetInDOM(false)
49  , m_isUnique(false)
50 {
51  // These protocols do not create security origins; the owner frame provides the origin
52  if (m_protocol == "about" || m_protocol == "javascript") {
53  m_protocol = "";
54  }
55 
56  // For edge case URLs that were probably misparsed, make sure that the origin is unique.
57  if (m_host.isEmpty() && !m_protocol.isEmpty() && KProtocolInfo::protocolClass(m_protocol) == QLatin1String(":internet")) {
58  m_isUnique = true;
59  }
60 
61  // document.domain starts as m_host, but can be set by the DOM.
62  m_domain = m_host;
63 
64  if (url.port() == -1 || isDefaultPortForProtocol(m_port, m_protocol)) {
65  m_port = 0;
66  }
67 }
68 
69 SecurityOrigin::SecurityOrigin(const SecurityOrigin *other) :
70  m_protocol(other->m_protocol)
71  , m_host(other->m_host)
72  , m_domain(other->m_domain)
73  , m_port(other->m_port)
74  , m_domainWasSetInDOM(other->m_domainWasSetInDOM)
75  , m_isUnique(other->m_isUnique)
76 {
77 }
78 
79 bool SecurityOrigin::isEmpty() const
80 {
81  return m_protocol.isEmpty();
82 }
83 
84 SecurityOrigin *SecurityOrigin::create(const QUrl &url)
85 {
86  if (!url.isValid()) {
87  return new SecurityOrigin(QUrl());
88  }
89  return new SecurityOrigin(url);
90 }
91 
92 SecurityOrigin *SecurityOrigin::createEmpty()
93 {
94  return create(QUrl());
95 }
96 
97 void SecurityOrigin::setDomainFromDOM(const QString &newDomain)
98 {
99  m_domainWasSetInDOM = true;
100  m_domain = newDomain.toLower();
101 }
102 
103 bool SecurityOrigin::canAccess(const SecurityOrigin *other) const
104 {
105  if (isUnique() || other->isUnique()) {
106  return false;
107  }
108 
109  // Here are two cases where we should permit access:
110  //
111  // 1) Neither document has set document.domain. In this case, we insist
112  // that the scheme, host, and port of the URLs match.
113  //
114  // 2) Both documents have set document.domain. In this case, we insist
115  // that the documents have set document.domain to the same value and
116  // that the scheme of the URLs match.
117  //
118  // This matches the behavior of Firefox 2 and Internet Explorer 6.
119  //
120  // Internet Explorer 7 and Opera 9 are more strict in that they require
121  // the port numbers to match when both pages have document.domain set.
122  //
123  // FIXME: Evaluate whether we can tighten this policy to require matched
124  // port numbers.
125  //
126  // Opera 9 allows access when only one page has set document.domain, but
127  // this is a security vulnerability.
128 
129  if (m_protocol == other->m_protocol) {
130  if (!m_domainWasSetInDOM && !other->m_domainWasSetInDOM) {
131  if (m_host == other->m_host && m_port == other->m_port) {
132  return true;
133  }
134  } else if (m_domainWasSetInDOM && other->m_domainWasSetInDOM) {
135  if (m_domain == other->m_domain) {
136  return true;
137  }
138  }
139  }
140 
141  return false;
142 }
143 
144 bool SecurityOrigin::canRequest(const QUrl &url) const
145 {
146  if (isUnique()) {
147  return false;
148  }
149 
150  WTF::RefPtr<SecurityOrigin> targetOrigin = SecurityOrigin::create(url);
151  if (targetOrigin->isUnique()) {
152  return false;
153  }
154 
155  // We call isSameSchemeHostPort here instead of canAccess because we want
156  // to ignore document.domain effects.
157  if (isSameSchemeHostPort(targetOrigin.get())) {
158  return true;
159  }
160 
161  return false;
162 }
163 
164 bool SecurityOrigin::taintsCanvas(const QUrl &url) const
165 {
166  if (canRequest(url)) {
167  return false;
168  }
169 
170  // This function exists because we treat data URLs as having a unique origin,
171  // contrary to the current (9/19/2009) draft of the HTML5 specification.
172  // We still want to let folks paint data URLs onto untainted canvases, so
173  // we special case data URLs below. If we change to match HTML5 w.r.t.
174  // data URL security, then we can remove this function in favor of
175  // !canRequest.
176  if (url.scheme() == QLatin1String("data")) {
177  return false;
178  }
179 
180  return true;
181 }
182 
183 void SecurityOrigin::makeUnique()
184 {
185  m_isUnique = true;
186 }
187 
188 QString SecurityOrigin::toString() const
189 {
190  if (isEmpty()) {
191  return "null";
192  }
193 
194  if (isUnique()) {
195  return "null";
196  }
197 
198  if (m_protocol == "file") {
199  return QString("file://");
200  }
201 
202  QString result;
203  result += m_protocol;
204  result += "://";
205  result += m_host;
206 
207  if (m_port) {
208  result += ":";
209  result += QString::number(m_port);
210  }
211 
212  return result;
213 }
214 
215 SecurityOrigin *SecurityOrigin::createFromString(const QString &originString)
216 {
217  return SecurityOrigin::create(QUrl(originString));
218 }
219 
220 bool SecurityOrigin::isSameSchemeHostPort(const SecurityOrigin *other) const
221 {
222  if (m_host != other->m_host) {
223  return false;
224  }
225 
226  if (m_protocol != other->m_protocol) {
227  return false;
228  }
229 
230  if (m_port != other->m_port) {
231  return false;
232  }
233 
234  return true;
235 }
236 
237 } // namespace khtml
QAction * create(StandardAction id, const QObject *recvr, Func slot, QObject *parent)
This file is part of the HTML rendering engine for KDE.
int port(int defaultPort) const const
QString number(int n, int base)
static QString protocolClass(const QString &protocol)
QString scheme() const const
QString toLower() const const
bool isValid() const const
This file is part of the KDE documentation.
Documentation copyright © 1996-2021 The KDE developers.
Generated on Tue Oct 26 2021 22:48:09 by doxygen 1.8.11 written by Dimitri van Heesch, © 1997-2006

KDE's Doxygen guidelines are available online.