clean-up navigation

security: check target and source origin before executing JS url

implement replacement-enabled flag as a HistoryEntryReplacement enum

add source origin string on loaddata

add LoadOrigin

iframe: remove optional load-data

auxiliaries: add load-data into info

constellation: remove url from Pipeline::new

check load origin: link to whatwg issue

switch loadorigin toplevel to constellation
This commit is contained in:
Gregory Terzian 2019-05-12 17:37:19 +08:00
parent 973a3448a4
commit 571beec179
14 changed files with 402 additions and 220 deletions

View file

@ -62,7 +62,8 @@ use webrender_api::{
use webvr_traits::{WebVREvent, WebVRMsg};
pub use crate::script_msg::{
DOMMessage, SWManagerMsg, SWManagerSenders, ScopeThings, ServiceWorkerMsg,
DOMMessage, HistoryEntryReplacement, SWManagerMsg, SWManagerSenders, ScopeThings,
ServiceWorkerMsg,
};
pub use crate::script_msg::{
EventResult, IFrameSize, IFrameSizeMsg, LayoutMsg, LogEntry, ScriptMsg,
@ -117,10 +118,24 @@ pub enum LayoutControlMsg {
PaintMetric(Epoch, u64),
}
/// The origin where a given load was initiated.
/// Useful for origin checks, for example before evaluation a JS URL.
#[derive(Clone, Debug, Deserialize, Serialize)]
pub enum LoadOrigin {
/// A load originating in the constellation.
Constellation,
/// A load originating in webdriver.
WebDriver,
/// A load originating in script.
Script(ImmutableOrigin),
}
/// can be passed to `LoadUrl` to load a page with GET/POST
/// parameters or headers
#[derive(Clone, Debug, Deserialize, Serialize)]
pub struct LoadData {
/// The origin where the load started.
pub load_origin: LoadOrigin,
/// The URL.
pub url: ServoUrl,
/// The creator pipeline id if this is an about:blank load.
@ -160,12 +175,14 @@ pub enum JsEvalResult {
impl LoadData {
/// Create a new `LoadData` object.
pub fn new(
load_origin: LoadOrigin,
url: ServoUrl,
creator_pipeline_id: Option<PipelineId>,
referrer: Option<Referrer>,
referrer_policy: Option<ReferrerPolicy>,
) -> LoadData {
LoadData {
load_origin,
url: url,
creator_pipeline_id: creator_pipeline_id,
method: Method::GET,
@ -289,7 +306,12 @@ pub enum ConstellationControlMsg {
NotifyVisibilityChange(PipelineId, BrowsingContextId, bool),
/// Notifies script thread that a url should be loaded in this iframe.
/// PipelineId is for the parent, BrowsingContextId is for the nested browsing context
Navigate(PipelineId, BrowsingContextId, LoadData, bool),
NavigateIframe(
PipelineId,
BrowsingContextId,
LoadData,
HistoryEntryReplacement,
),
/// Post a message to a given window.
PostMessage {
/// The target of the message.
@ -376,7 +398,7 @@ impl fmt::Debug for ConstellationControlMsg {
SetDocumentActivity(..) => "SetDocumentActivity",
ChangeFrameVisibilityStatus(..) => "ChangeFrameVisibilityStatus",
NotifyVisibilityChange(..) => "NotifyVisibilityChange",
Navigate(..) => "Navigate",
NavigateIframe(..) => "NavigateIframe",
PostMessage { .. } => "PostMessage",
UpdatePipelineId(..) => "UpdatePipelineId",
UpdateHistoryState(..) => "UpdateHistoryState",
@ -659,6 +681,8 @@ pub enum IFrameSandboxState {
/// Specifies the information required to load an auxiliary browsing context.
#[derive(Debug, Deserialize, Serialize)]
pub struct AuxiliaryBrowsingContextLoadInfo {
/// Load data containing the url to load
pub load_data: LoadData,
/// The pipeline opener browsing context.
pub opener_pipeline_id: PipelineId,
/// The new top-level ID for the auxiliary.
@ -684,7 +708,7 @@ pub struct IFrameLoadInfo {
pub is_private: bool,
/// Wether this load should replace the current entry (reload). If true, the current
/// entry will be replaced instead of a new entry being added.
pub replace: bool,
pub replace: HistoryEntryReplacement,
}
/// Specifies the information required to load a URL in an iframe.
@ -693,7 +717,7 @@ pub struct IFrameLoadInfoWithData {
/// The information required to load an iframe.
pub info: IFrameLoadInfo,
/// Load data containing the url to load
pub load_data: Option<LoadData>,
pub load_data: LoadData,
/// The old pipeline ID for this iframe, if a page was previously loaded.
pub old_pipeline_id: Option<PipelineId>,
/// Sandbox type of this iframe