Implement setter for document.domain

components/script/dom/document.rs

@@ -103,6 +103,7 @@ use msg::constellation_msg::{FrameId, Key, KeyModifiers, KeyState};
 use net_traits::{FetchResponseMsg, IpcSend, ReferrerPolicy};
 use net_traits::CookieSource::NonHTTP;
 use net_traits::CoreResourceMsg::{GetCookiesForUrl, SetCookiesForUrl};
+use net_traits::pub_domains::is_pub_domain;
 use net_traits::request::RequestInit;
 use net_traits::response::HttpsState;
 use num_traits::ToPrimitive;
@@ -1988,6 +1989,55 @@ impl LayoutDocumentHelpers for LayoutJS<Document> {
     }
 }
 
+// https://html.spec.whatwg.org/multipage/#is-a-registrable-domain-suffix-of-or-is-equal-to
+// The spec says to return a bool, we actually return an Option<Host> containing
+// the parsed host in the successful case, to avoid having to re-parse the host.
+fn get_registrable_domain_suffix_of_or_is_equal_to(host_suffix_string: &str, original_host: Host) -> Option<Host> {
+    // Step 1
+    if host_suffix_string.is_empty() {
+        return None;
+    }
+
+    // Step 2-3.
+    let host = match Host::parse(host_suffix_string) {
+        Ok(host) => host,
+        Err(_) => return None,
+    };
+
+    // Step 4.
+    if host != original_host {
+        // Step 4.1
+        let host = match host {
+            Host::Domain(ref host) => host,
+            _ => return None,
+        };
+        let original_host = match original_host {
+            Host::Domain(ref original_host) => original_host,
+            _ => return None,
+        };
+
+        // Step 4.2
+        let (prefix, suffix) = match original_host.len().checked_sub(host.len()) {
+            Some(index) => original_host.split_at(index),
+            None => return None,
+        };
+        if !prefix.ends_with(".") {
+            return None;
+        }
+        if suffix != host {
+            return None;
+        }
+
+        // Step 4.3
+        if is_pub_domain(host) {
+            return None;
+        }
+    }
+
+    // Step 5
+    Some(host)
+}
+
 /// https://url.spec.whatwg.org/#network-scheme
 fn url_has_network_scheme(url: &ServoUrl) -> bool {
     match url.scheme() {
@@ -2472,7 +2522,7 @@ impl DocumentMethods for Document {
         false
     }
 
-    // https://html.spec.whatwg.org/multipage/#relaxing-the-same-origin-restriction
+    // https://html.spec.whatwg.org/multipage/#dom-document-domain
     fn Domain(&self) -> DOMString {
         // Step 1.
         if !self.has_browsing_context {
@@ -2489,6 +2539,35 @@ impl DocumentMethods for Document {
         }
     }
 
+    // https://html.spec.whatwg.org/multipage/#dom-document-domain
+    fn SetDomain(&self, value: DOMString) -> ErrorResult {
+        // Step 1.
+        if !self.has_browsing_context {
+            return Err(Error::Security);
+        }
+
+        // TODO: Step 2. "If this Document object's active sandboxing
+        // flag set has its sandboxed document.domain browsing context
+        // flag set, then throw a "SecurityError" DOMException."
+
+        // Steps 3-4.
+        let effective_domain = match self.origin.effective_domain() {
+            Some(effective_domain) => effective_domain,
+            None => return Err(Error::Security),
+        };
+
+        // Step 5
+        let host = match get_registrable_domain_suffix_of_or_is_equal_to(&*value, effective_domain) {
+            None => return Err(Error::Security),
+            Some(host) => host,
+        };
+
+        // Step 6
+        self.origin.set_domain(host);
+
+        Ok(())
+    }
+
     // https://html.spec.whatwg.org/multipage/#dom-document-referrer
     fn Referrer(&self) -> DOMString {
         match self.referrer {
@@ -3396,10 +3475,10 @@ impl DocumentMethods for Document {
 
         let entry_responsible_document = GlobalScope::entry().as_window().Document();
 
-        // This check should probably be same-origin-domain
+        // This check is same-origin not same-origin-domain.
         // https://github.com/whatwg/html/issues/2282
         // https://github.com/whatwg/html/pull/2288
-        if !self.origin.same_origin_domain(&entry_responsible_document.origin) {
+        if !self.origin.same_origin(&entry_responsible_document.origin) {
             // Step 4.
             return Err(Error::Security);
         }

components/script/dom/history.rs

@@ -4,7 +4,9 @@
 
 use dom::bindings::codegen::Bindings::HistoryBinding;
 use dom::bindings::codegen::Bindings::HistoryBinding::HistoryMethods;
+use dom::bindings::codegen::Bindings::LocationBinding::LocationBinding::LocationMethods;
 use dom::bindings::codegen::Bindings::WindowBinding::WindowMethods;
+use dom::bindings::error::Fallible;
 use dom::bindings::inheritance::Castable;
 use dom::bindings::js::{JS, Root};
 use dom::bindings::reflector::{Reflector, reflect_dom_object};
@@ -58,17 +60,17 @@ impl HistoryMethods for History {
     }
 
     // https://html.spec.whatwg.org/multipage/#dom-history-go
-    fn Go(&self, delta: i32) {
+    fn Go(&self, delta: i32) -> Fallible<()> {
         let direction = if delta > 0 {
             TraversalDirection::Forward(delta as usize)
         } else if delta < 0 {
             TraversalDirection::Back(-delta as usize)
         } else {
-            self.window.Location().reload_without_origin_check();
-            return;
+            return self.window.Location().Reload();
         };
 
         self.traverse_history(direction);
+        Ok(())
     }
 
     // https://html.spec.whatwg.org/multipage/#dom-history-back

components/script/dom/htmliframeelement.rs

@@ -498,11 +498,7 @@ impl HTMLIFrameElementMethods for HTMLIFrameElement {
 
     // https://html.spec.whatwg.org/multipage/#dom-iframe-contentwindow
     fn GetContentWindow(&self) -> Option<Root<BrowsingContext>> {
-        if self.pipeline_id.get().is_some() {
-            ScriptThread::find_browsing_context(self.frame_id)
-        } else {
-            None
-        }
+        self.pipeline_id.get().and_then(|_| ScriptThread::find_browsing_context(self.frame_id))
     }
 
     // https://html.spec.whatwg.org/multipage/#dom-iframe-contentdocument
@@ -514,6 +510,8 @@ impl HTMLIFrameElementMethods for HTMLIFrameElement {
             Some(pipeline_id) => pipeline_id,
         };
         // Step 2-3.
+        // Note that this lookup will fail if the document is dissimilar-origin,
+        // so we should return None in that case.
         let document = match ScriptThread::find_document(pipeline_id) {
             None => return None,
             Some(document) => document,

components/script/dom/location.rs

@@ -65,7 +65,7 @@ impl Location {
 impl LocationMethods for Location {
     // https://html.spec.whatwg.org/multipage/#dom-location-assign
     fn Assign(&self, url: USVString) -> ErrorResult {
-        // Note: no call to self.check_same_origin_domain()
+        try!(self.check_same_origin_domain());
         // TODO: per spec, we should use the _API base URL_ specified by the
         //       _entry settings object_.
         let base_url = self.window.get_url();

components/script/dom/webidls/Document.webidl

@@ -81,7 +81,7 @@ partial /*sealed*/ interface Document {
   // resource metadata management
   [/*PutForwards=href, */Unforgeable]
   readonly attribute Location? location;
-  readonly attribute DOMString domain;
+  [SetterThrows] attribute DOMString domain;
   readonly attribute DOMString referrer;
   [Throws]
   attribute DOMString cookie;

components/script/dom/webidls/History.webidl

@@ -10,7 +10,7 @@ interface History {
   readonly attribute unsigned long length;
   // attribute ScrollRestoration scrollRestoration;
   // readonly attribute any state;
-  void go(optional long delta = 0);
+  [Throws] void go(optional long delta = 0);
   void back();
   void forward();
   // void pushState(any data, DOMString title, optional USVString? url = null);

components/script/dom/window.rs

@@ -42,7 +42,7 @@ use dom::location::Location;
 use dom::mediaquerylist::{MediaQueryList, WeakMediaQueryListVec};
 use dom::messageevent::MessageEvent;
 use dom::navigator::Navigator;
-use dom::node::{Node, from_untrusted_node_address, document_from_node, window_from_node, NodeDamage};
+use dom::node::{Node, NodeDamage, document_from_node, from_untrusted_node_address, window_from_node};
 use dom::performance::Performance;
 use dom::promise::Promise;
 use dom::screen::Screen;
@@ -529,19 +529,23 @@ impl WindowMethods for Window {
     // https://html.spec.whatwg.org/multipage/#dom-frameelement
     fn GetFrameElement(&self) -> Option<Root<Element>> {
         // Steps 1-3.
-        if let Some(context) = self.browsing_context.get() {
-            // Step 4-5.
-            if let Some(container) = context.frame_element() {
-                // Step 6.
-                let container_doc = document_from_node(container);
-                let current_doc = GlobalScope::current().as_window().Document();
-                if current_doc.origin().same_origin_domain(container_doc.origin()) {
-                    // Step 7.
-                    return Some(Root::from_ref(container));
-                }
-            }
+        let context = match self.browsing_context.get() {
+            None => return None,
+            Some(context) => context,
+        };
+        // Step 4-5.
+        let container = match context.frame_element() {
+            None => return None,
+            Some(container) => container,
+        };
+        // Step 6.
+        let container_doc = document_from_node(container);
+        let current_doc = GlobalScope::current().as_window().Document();
+        if !current_doc.origin().same_origin_domain(container_doc.origin()) {
+            return None;
         }
-        None
+        // Step 7.
+        Some(Root::from_ref(container))
     }
 
     // https://html.spec.whatwg.org/multipage/#dom-navigator