Implement setter for document.domain

This commit is contained in:
Alan Jeffrey 2017-02-10 17:24:44 -06:00
parent 1f61a549a3
commit 5348b63e38
68 changed files with 217 additions and 736 deletions

View file

@ -103,6 +103,7 @@ use msg::constellation_msg::{FrameId, Key, KeyModifiers, KeyState};
use net_traits::{FetchResponseMsg, IpcSend, ReferrerPolicy};
use net_traits::CookieSource::NonHTTP;
use net_traits::CoreResourceMsg::{GetCookiesForUrl, SetCookiesForUrl};
use net_traits::pub_domains::is_pub_domain;
use net_traits::request::RequestInit;
use net_traits::response::HttpsState;
use num_traits::ToPrimitive;
@ -1988,6 +1989,55 @@ impl LayoutDocumentHelpers for LayoutJS<Document> {
}
}
// https://html.spec.whatwg.org/multipage/#is-a-registrable-domain-suffix-of-or-is-equal-to
// The spec says to return a bool, we actually return an Option<Host> containing
// the parsed host in the successful case, to avoid having to re-parse the host.
fn get_registrable_domain_suffix_of_or_is_equal_to(host_suffix_string: &str, original_host: Host) -> Option<Host> {
// Step 1
if host_suffix_string.is_empty() {
return None;
}
// Step 2-3.
let host = match Host::parse(host_suffix_string) {
Ok(host) => host,
Err(_) => return None,
};
// Step 4.
if host != original_host {
// Step 4.1
let host = match host {
Host::Domain(ref host) => host,
_ => return None,
};
let original_host = match original_host {
Host::Domain(ref original_host) => original_host,
_ => return None,
};
// Step 4.2
let (prefix, suffix) = match original_host.len().checked_sub(host.len()) {
Some(index) => original_host.split_at(index),
None => return None,
};
if !prefix.ends_with(".") {
return None;
}
if suffix != host {
return None;
}
// Step 4.3
if is_pub_domain(host) {
return None;
}
}
// Step 5
Some(host)
}
/// https://url.spec.whatwg.org/#network-scheme
fn url_has_network_scheme(url: &ServoUrl) -> bool {
match url.scheme() {
@ -2472,7 +2522,7 @@ impl DocumentMethods for Document {
false
}
// https://html.spec.whatwg.org/multipage/#relaxing-the-same-origin-restriction
// https://html.spec.whatwg.org/multipage/#dom-document-domain
fn Domain(&self) -> DOMString {
// Step 1.
if !self.has_browsing_context {
@ -2489,6 +2539,35 @@ impl DocumentMethods for Document {
}
}
// https://html.spec.whatwg.org/multipage/#dom-document-domain
fn SetDomain(&self, value: DOMString) -> ErrorResult {
// Step 1.
if !self.has_browsing_context {
return Err(Error::Security);
}
// TODO: Step 2. "If this Document object's active sandboxing
// flag set has its sandboxed document.domain browsing context
// flag set, then throw a "SecurityError" DOMException."
// Steps 3-4.
let effective_domain = match self.origin.effective_domain() {
Some(effective_domain) => effective_domain,
None => return Err(Error::Security),
};
// Step 5
let host = match get_registrable_domain_suffix_of_or_is_equal_to(&*value, effective_domain) {
None => return Err(Error::Security),
Some(host) => host,
};
// Step 6
self.origin.set_domain(host);
Ok(())
}
// https://html.spec.whatwg.org/multipage/#dom-document-referrer
fn Referrer(&self) -> DOMString {
match self.referrer {
@ -3396,10 +3475,10 @@ impl DocumentMethods for Document {
let entry_responsible_document = GlobalScope::entry().as_window().Document();
// This check should probably be same-origin-domain
// This check is same-origin not same-origin-domain.
// https://github.com/whatwg/html/issues/2282
// https://github.com/whatwg/html/pull/2288
if !self.origin.same_origin_domain(&entry_responsible_document.origin) {
if !self.origin.same_origin(&entry_responsible_document.origin) {
// Step 4.
return Err(Error::Security);
}

View file

@ -4,7 +4,9 @@
use dom::bindings::codegen::Bindings::HistoryBinding;
use dom::bindings::codegen::Bindings::HistoryBinding::HistoryMethods;
use dom::bindings::codegen::Bindings::LocationBinding::LocationBinding::LocationMethods;
use dom::bindings::codegen::Bindings::WindowBinding::WindowMethods;
use dom::bindings::error::Fallible;
use dom::bindings::inheritance::Castable;
use dom::bindings::js::{JS, Root};
use dom::bindings::reflector::{Reflector, reflect_dom_object};
@ -58,17 +60,17 @@ impl HistoryMethods for History {
}
// https://html.spec.whatwg.org/multipage/#dom-history-go
fn Go(&self, delta: i32) {
fn Go(&self, delta: i32) -> Fallible<()> {
let direction = if delta > 0 {
TraversalDirection::Forward(delta as usize)
} else if delta < 0 {
TraversalDirection::Back(-delta as usize)
} else {
self.window.Location().reload_without_origin_check();
return;
return self.window.Location().Reload();
};
self.traverse_history(direction);
Ok(())
}
// https://html.spec.whatwg.org/multipage/#dom-history-back

View file

@ -498,11 +498,7 @@ impl HTMLIFrameElementMethods for HTMLIFrameElement {
// https://html.spec.whatwg.org/multipage/#dom-iframe-contentwindow
fn GetContentWindow(&self) -> Option<Root<BrowsingContext>> {
if self.pipeline_id.get().is_some() {
ScriptThread::find_browsing_context(self.frame_id)
} else {
None
}
self.pipeline_id.get().and_then(|_| ScriptThread::find_browsing_context(self.frame_id))
}
// https://html.spec.whatwg.org/multipage/#dom-iframe-contentdocument
@ -514,6 +510,8 @@ impl HTMLIFrameElementMethods for HTMLIFrameElement {
Some(pipeline_id) => pipeline_id,
};
// Step 2-3.
// Note that this lookup will fail if the document is dissimilar-origin,
// so we should return None in that case.
let document = match ScriptThread::find_document(pipeline_id) {
None => return None,
Some(document) => document,

View file

@ -65,7 +65,7 @@ impl Location {
impl LocationMethods for Location {
// https://html.spec.whatwg.org/multipage/#dom-location-assign
fn Assign(&self, url: USVString) -> ErrorResult {
// Note: no call to self.check_same_origin_domain()
try!(self.check_same_origin_domain());
// TODO: per spec, we should use the _API base URL_ specified by the
// _entry settings object_.
let base_url = self.window.get_url();

View file

@ -81,7 +81,7 @@ partial /*sealed*/ interface Document {
// resource metadata management
[/*PutForwards=href, */Unforgeable]
readonly attribute Location? location;
readonly attribute DOMString domain;
[SetterThrows] attribute DOMString domain;
readonly attribute DOMString referrer;
[Throws]
attribute DOMString cookie;

View file

@ -10,7 +10,7 @@ interface History {
readonly attribute unsigned long length;
// attribute ScrollRestoration scrollRestoration;
// readonly attribute any state;
void go(optional long delta = 0);
[Throws] void go(optional long delta = 0);
void back();
void forward();
// void pushState(any data, DOMString title, optional USVString? url = null);

View file

@ -42,7 +42,7 @@ use dom::location::Location;
use dom::mediaquerylist::{MediaQueryList, WeakMediaQueryListVec};
use dom::messageevent::MessageEvent;
use dom::navigator::Navigator;
use dom::node::{Node, from_untrusted_node_address, document_from_node, window_from_node, NodeDamage};
use dom::node::{Node, NodeDamage, document_from_node, from_untrusted_node_address, window_from_node};
use dom::performance::Performance;
use dom::promise::Promise;
use dom::screen::Screen;
@ -529,19 +529,23 @@ impl WindowMethods for Window {
// https://html.spec.whatwg.org/multipage/#dom-frameelement
fn GetFrameElement(&self) -> Option<Root<Element>> {
// Steps 1-3.
if let Some(context) = self.browsing_context.get() {
// Step 4-5.
if let Some(container) = context.frame_element() {
// Step 6.
let container_doc = document_from_node(container);
let current_doc = GlobalScope::current().as_window().Document();
if current_doc.origin().same_origin_domain(container_doc.origin()) {
// Step 7.
return Some(Root::from_ref(container));
}
}
let context = match self.browsing_context.get() {
None => return None,
Some(context) => context,
};
// Step 4-5.
let container = match context.frame_element() {
None => return None,
Some(container) => container,
};
// Step 6.
let container_doc = document_from_node(container);
let current_doc = GlobalScope::current().as_window().Document();
if !current_doc.origin().same_origin_domain(container_doc.origin()) {
return None;
}
None
// Step 7.
Some(Root::from_ref(container))
}
// https://html.spec.whatwg.org/multipage/#dom-navigator