Example #1
0
WorkerThreadStartupData::WorkerThreadStartupData(const KURL& scriptURL, const String& userAgent, const String& sourceCode, WorkerThreadStartMode startMode)
    : m_scriptURL(scriptURL.copy())
    , m_userAgent(userAgent.isolatedCopy())
    , m_sourceCode(sourceCode.isolatedCopy())
    , m_startMode(startMode)
{
}
SharedWorkerProxy::SharedWorkerProxy(const String& name, const KURL& url, PassRefPtr<SecurityOrigin> origin)
    : m_closing(false)
    , m_name(name.crossThreadString())
    , m_url(url.copy())
    , m_origin(origin)
{
    // We should be the sole owner of the SecurityOrigin, as we will free it on another thread.
    ASSERT(m_origin->hasOneRef());
}
WorkerThreadStartupData::WorkerThreadStartupData(const KURL& scriptURL, const String& userAgent, const String& sourceCode)
#endif
    : m_scriptURL(scriptURL.copy())
#if OS(OLYMPIA)
    , m_groupName(groupName.crossThreadString())
#endif
    , m_userAgent(userAgent.crossThreadString())
    , m_sourceCode(sourceCode.crossThreadString())
{
}
WorkerThreadStartupData::WorkerThreadStartupData(const KURL& scriptURL, const String& userAgent, const String& sourceCode, WorkerThreadStartMode startMode, const String& contentSecurityPolicy, ContentSecurityPolicyHeaderType contentSecurityPolicyType, PassOwnPtrWillBeRawPtr<WorkerClients> workerClients)
    : m_scriptURL(scriptURL.copy())
    , m_userAgent(userAgent.isolatedCopy())
    , m_sourceCode(sourceCode.isolatedCopy())
    , m_startMode(startMode)
    , m_contentSecurityPolicy(contentSecurityPolicy.isolatedCopy())
    , m_contentSecurityPolicyType(contentSecurityPolicyType)
    , m_workerClients(workerClients)
{
}
Example #5
0
WorkerThreadStartupData::WorkerThreadStartupData(const KURL& scriptURL, const String& userAgent, const GroupSettings* settings, const String& sourceCode, WorkerThreadStartMode startMode, const String& contentSecurityPolicy, ContentSecurityPolicy::HeaderType contentSecurityPolicyType, const SecurityOrigin* topOrigin)
    : m_scriptURL(scriptURL.copy())
    , m_userAgent(userAgent.isolatedCopy())
    , m_sourceCode(sourceCode.isolatedCopy())
    , m_startMode(startMode)
    , m_contentSecurityPolicy(contentSecurityPolicy.isolatedCopy())
    , m_contentSecurityPolicyType(contentSecurityPolicyType)
    , m_topOrigin(topOrigin ? topOrigin->isolatedCopy() : 0)
{
    if (!settings)
        return;

    m_groupSettings = GroupSettings::create();
    m_groupSettings->setLocalStorageQuotaBytes(settings->localStorageQuotaBytes());
    m_groupSettings->setIndexedDBQuotaBytes(settings->indexedDBQuotaBytes());
    m_groupSettings->setIndexedDBDatabasePath(settings->indexedDBDatabasePath().isolatedCopy());
}
// Creates a new SharedWorkerProxy or returns an existing one from the repository. Must only be called while the repository mutex is held.
PassRefPtr<SharedWorkerProxy> DefaultSharedWorkerRepository::getProxy(const String& name, const KURL& url)
{
    // Look for an existing worker, and create one if it doesn't exist.
    // Items in the cache are freed on another thread, so copy the URL before creating the origin, to make sure no references to external strings linger.
    RefPtr<SecurityOrigin> origin = SecurityOrigin::create(url.copy());
    SharedWorkerNameMap* nameMap = m_cache.get(origin);
    if (!nameMap) {
        nameMap = new SharedWorkerNameMap();
        m_cache.set(origin, nameMap);
    }

    RefPtr<SharedWorkerProxy> proxy = nameMap->get(name);
    if (!proxy.get()) {
        proxy = SharedWorkerProxy::create(name, url);
        nameMap->set(proxy->name(), proxy);
    }
    return proxy;
}
Example #7
0
WorkerThreadStartupData::WorkerThreadStartupData(
    const KURL& scriptURL,
    const String& userAgent,
    const String& sourceCode,
    std::unique_ptr<Vector<char>> cachedMetaData,
    WorkerThreadStartMode startMode,
    const Vector<CSPHeaderAndType>* contentSecurityPolicyHeaders,
    const String& referrerPolicy,
    const SecurityOrigin* starterOrigin,
    WorkerClients* workerClients,
    WebAddressSpace addressSpace,
    const Vector<String>* originTrialTokens,
    std::unique_ptr<WorkerSettings> workerSettings,
    V8CacheOptions v8CacheOptions)
    : m_scriptURL(scriptURL.copy()),
      m_userAgent(userAgent.isolatedCopy()),
      m_sourceCode(sourceCode.isolatedCopy()),
      m_cachedMetaData(std::move(cachedMetaData)),
      m_startMode(startMode),
      m_referrerPolicy(referrerPolicy.isolatedCopy()),
      m_starterOriginPrivilegeData(
          starterOrigin ? starterOrigin->createPrivilegeData() : nullptr),
      m_workerClients(workerClients),
      m_addressSpace(addressSpace),
      m_workerSettings(std::move(workerSettings)),
      m_v8CacheOptions(v8CacheOptions) {
  m_contentSecurityPolicyHeaders = WTF::makeUnique<Vector<CSPHeaderAndType>>();
  if (contentSecurityPolicyHeaders) {
    for (const auto& header : *contentSecurityPolicyHeaders) {
      CSPHeaderAndType copiedHeader(header.first.isolatedCopy(), header.second);
      m_contentSecurityPolicyHeaders->append(copiedHeader);
    }
  }

  m_originTrialTokens = std::unique_ptr<Vector<String>>(new Vector<String>());
  if (originTrialTokens) {
    for (const String& token : *originTrialTokens)
      m_originTrialTokens->append(token.isolatedCopy());
  }
}
WorkerThreadStartupData::WorkerThreadStartupData(const KURL& scriptURL, const String& userAgent, const String& sourceCode)
    : m_scriptURL(scriptURL.copy())
    , m_userAgent(userAgent.crossThreadString())
    , m_sourceCode(sourceCode.crossThreadString())
{
}
Example #9
0
CrossThreadCopier<KURL>::Type CrossThreadCopier<KURL>::copy(const KURL& url) {
  return url.copy();
}
void WebSocketHandshake::setURL(const KURL& url)
{
    m_url = url.copy();
}
Example #11
0
 BlobRegistryContext(const KURL& url)
     : url(url.copy())
 {
 }
Example #12
0
 BlobRegistryContext(const KURL& url, PassRefPtr<RawData> streamData)
     : url(url.copy())
     , streamData(streamData)
 {
 }
Example #13
0
 BlobRegistryContext(const KURL& url, const KURL& srcURL)
     : url(url.copy())
     , srcURL(srcURL.copy())
 {
 }
Example #14
0
 BlobRegistryContext(const KURL& url, const String& type)
     : url(url.copy())
     , type(type.isolatedCopy())
 {
 }
Example #15
0
 BlobRegistryContext(const KURL& url, PassOwnPtr<BlobData> blobData)
     : url(url.copy())
     , blobData(blobData)
 {
     this->blobData->detachFromCurrentThread();
 }
CrossThreadCopierBase<false, false, KURL>::Type CrossThreadCopierBase<false, false, KURL>::copy(const KURL& url)
{
    return url.copy();
}
void XSSAuditor::init(Document* document, XSSAuditorDelegate* auditorDelegate)
{
    ASSERT(isMainThread());
    if (m_state != Uninitialized)
        return;
    m_state = FilteringTokens;

    if (Settings* settings = document->settings())
        m_isEnabled = settings->xssAuditorEnabled();

    if (!m_isEnabled)
        return;

    m_documentURL = document->url().copy();

    // In theory, the Document could have detached from the Frame after the
    // XSSAuditor was constructed.
    if (!document->frame()) {
        m_isEnabled = false;
        return;
    }

    if (m_documentURL.isEmpty()) {
        // The URL can be empty when opening a new browser window or calling window.open("").
        m_isEnabled = false;
        return;
    }

    if (m_documentURL.protocolIsData()) {
        m_isEnabled = false;
        return;
    }

    if (document->encoding().isValid())
        m_encoding = document->encoding();

    if (DocumentLoader* documentLoader = document->frame()->loader().documentLoader()) {
        DEFINE_STATIC_LOCAL(const AtomicString, XSSProtectionHeader, ("X-XSS-Protection", AtomicString::ConstructFromLiteral));
        const AtomicString& headerValue = documentLoader->response().httpHeaderField(XSSProtectionHeader);
        String errorDetails;
        unsigned errorPosition = 0;
        String reportURL;
        KURL xssProtectionReportURL;

        // Process the X-XSS-Protection header, then mix in the CSP header's value.
        ReflectedXSSDisposition xssProtectionHeader = parseXSSProtectionHeader(headerValue, errorDetails, errorPosition, reportURL);
        m_didSendValidXSSProtectionHeader = xssProtectionHeader != ReflectedXSSUnset && xssProtectionHeader != ReflectedXSSInvalid;
        if ((xssProtectionHeader == FilterReflectedXSS || xssProtectionHeader == BlockReflectedXSS) && !reportURL.isEmpty()) {
            xssProtectionReportURL = document->completeURL(reportURL);
            if (MixedContentChecker::isMixedContent(document->securityOrigin(), xssProtectionReportURL)) {
                errorDetails = "insecure reporting URL for secure page";
                xssProtectionHeader = ReflectedXSSInvalid;
                xssProtectionReportURL = KURL();
            }
        }
        if (xssProtectionHeader == ReflectedXSSInvalid)
            document->addConsoleMessage(SecurityMessageSource, ErrorMessageLevel, "Error parsing header X-XSS-Protection: " + headerValue + ": "  + errorDetails + " at character position " + String::format("%u", errorPosition) + ". The default protections will be applied.");

        ReflectedXSSDisposition cspHeader = document->contentSecurityPolicy()->reflectedXSSDisposition();
        m_didSendValidCSPHeader = cspHeader != ReflectedXSSUnset && cspHeader != ReflectedXSSInvalid;

        m_xssProtection = combineXSSProtectionHeaderAndCSP(xssProtectionHeader, cspHeader);
        // FIXME: Combine the two report URLs in some reasonable way.
        if (auditorDelegate)
            auditorDelegate->setReportURL(xssProtectionReportURL.copy());

        FormData* httpBody = documentLoader->request().httpBody();
        if (httpBody && !httpBody->isEmpty())
            m_httpBodyAsString = httpBody->flattenToString();
    }
Example #18
0
void XSSAuditor::init(Document* document, XSSAuditorDelegate* auditorDelegate)
{
    const size_t miniumLengthForSuffixTree = 512; // FIXME: Tune this parameter.
    const int suffixTreeDepth = 5;

    ASSERT(isMainThread());
    if (m_state == Initialized)
        return;
    ASSERT(m_state == Uninitialized);
    m_state = Initialized;

    if (Frame* frame = document->frame())
        if (Settings* settings = frame->settings())
            m_isEnabled = settings->xssAuditorEnabled();

    if (!m_isEnabled)
        return;

    m_documentURL = document->url().copy();

    // In theory, the Document could have detached from the Frame after the
    // XSSAuditor was constructed.
    if (!document->frame()) {
        m_isEnabled = false;
        return;
    }

    if (m_documentURL.isEmpty()) {
        // The URL can be empty when opening a new browser window or calling window.open("").
        m_isEnabled = false;
        return;
    }

    if (m_documentURL.protocolIsData()) {
        m_isEnabled = false;
        return;
    }

    if (document->decoder())
        m_encoding = document->decoder()->encoding();

    m_decodedURL = fullyDecodeString(m_documentURL.string(), m_encoding);
    if (m_decodedURL.find(isRequiredForInjection) == notFound)
        m_decodedURL = String();

    String httpBodyAsString;
    if (DocumentLoader* documentLoader = document->frame()->loader()->documentLoader()) {
        DEFINE_STATIC_LOCAL(String, XSSProtectionHeader, (ASCIILiteral("X-XSS-Protection")));
        String headerValue = documentLoader->response().httpHeaderField(XSSProtectionHeader);
        String errorDetails;
        unsigned errorPosition = 0;
        String reportURL;
        KURL xssProtectionReportURL;

        // Process the X-XSS-Protection header, then mix in the CSP header's value.
        ContentSecurityPolicy::ReflectedXSSDisposition xssProtectionHeader = parseXSSProtectionHeader(headerValue, errorDetails, errorPosition, reportURL);
        m_didSendValidXSSProtectionHeader = xssProtectionHeader != ContentSecurityPolicy::ReflectedXSSUnset && xssProtectionHeader != ContentSecurityPolicy::ReflectedXSSInvalid;
        if ((xssProtectionHeader == ContentSecurityPolicy::FilterReflectedXSS || xssProtectionHeader == ContentSecurityPolicy::BlockReflectedXSS) && !reportURL.isEmpty()) {
            xssProtectionReportURL = document->completeURL(reportURL);
            if (MixedContentChecker::isMixedContent(document->securityOrigin(), xssProtectionReportURL)) {
                errorDetails = "insecure reporting URL for secure page";
                xssProtectionHeader = ContentSecurityPolicy::ReflectedXSSInvalid;
                xssProtectionReportURL = KURL();
            }
        }
        if (xssProtectionHeader == ContentSecurityPolicy::ReflectedXSSInvalid)
            document->addConsoleMessage(SecurityMessageSource, ErrorMessageLevel, "Error parsing header X-XSS-Protection: " + headerValue + ": "  + errorDetails + " at character position " + String::format("%u", errorPosition) + ". The default protections will be applied.");

        ContentSecurityPolicy::ReflectedXSSDisposition cspHeader = document->contentSecurityPolicy()->reflectedXSSDisposition();
        m_didSendValidCSPHeader = cspHeader != ContentSecurityPolicy::ReflectedXSSUnset && cspHeader != ContentSecurityPolicy::ReflectedXSSInvalid;

        m_xssProtection = combineXSSProtectionHeaderAndCSP(xssProtectionHeader, cspHeader);
        // FIXME: Combine the two report URLs in some reasonable way.
        if (auditorDelegate)
            auditorDelegate->setReportURL(xssProtectionReportURL.copy());
        FormData* httpBody = documentLoader->originalRequest().httpBody();
        if (httpBody && !httpBody->isEmpty()) {
            httpBodyAsString = httpBody->flattenToString();
            if (!httpBodyAsString.isEmpty()) {
                m_decodedHTTPBody = fullyDecodeString(httpBodyAsString, m_encoding);
                if (m_decodedHTTPBody.find(isRequiredForInjection) == notFound)
                    m_decodedHTTPBody = String();
                if (m_decodedHTTPBody.length() >= miniumLengthForSuffixTree)
                    m_decodedHTTPBodySuffixTree = adoptPtr(new SuffixTree<ASCIICodebook>(m_decodedHTTPBody, suffixTreeDepth));
            }
        }
    }

    if (m_decodedURL.isEmpty() && m_decodedHTTPBody.isEmpty()) {
        m_isEnabled = false;
        return;
    }
}
Example #19
0
bool WorkerThreadableWebSocketChannel::Bridge::connect(const KURL& url, const String& protocol)
{
    if (hasTerminatedPeer())
        return false;

    RefPtr<Bridge> protect(this);
    if (!waitForMethodCompletion(CallClosureTask::create(bind(&Peer::connect, m_peer, url.copy(), protocol.isolatedCopy()))))
        return false;

    return m_syncHelper->connectRequestResult();
}
SharedWorkerProxy::SharedWorkerProxy(const String& name, const KURL& url)
    : m_closing(false)
    , m_name(name.copy())
    , m_url(url.copy())
{
}
Example #21
0
void PreflightResultCache::appendEntry(const String& origin, const KURL& url, PreflightResultCacheItem* preflightResult)
{
    MutexLocker lock(m_mutex);
    // Note that the entry may already be present in the HashMap if another thread is accessing the same location.
    m_preflightHashMap.set(std::make_pair(origin.copy(), url.copy()), preflightResult);
}