make is_origin_trustworthy a method of ServoUrl + fix localhost handling

components/url/lib.rs

@@ -169,6 +169,32 @@ impl ServoUrl {
     pub fn from_file_path<P: AsRef<Path>>(path: P) -> Result<Self, ()> {
         Ok(Self::from_url(Url::from_file_path(path)?))
     }
+
+    // https://w3c.github.io/webappsec-secure-contexts/#is-origin-trustworthy
+    pub fn is_origin_trustworthy(&self) -> bool {
+        // Step 1
+        if !self.origin().is_tuple() {
+            return false;
+        }
+
+        // Step 3
+        if self.scheme() == "https" || self.scheme() == "wss" {
+            true
+        // Steps 4-5
+        } else if self.host().is_some() {
+            let host = self.host_str().unwrap();
+            // Step 4
+            if let Ok(ip_addr) = host.parse::<IpAddr>() {
+                ip_addr.is_loopback()
+            // Step 5
+            } else {
+                host == "localhost" || host.ends_with(".localhost")
+            }
+        // Step 6
+        } else {
+            self.scheme() == "file"
+        }
+    }
 }
 
 impl fmt::Display for ServoUrl {