From a8233a135ec37bca77c238f78eea0c454af4c175 Mon Sep 17 00:00:00 2001 From: Josh Matthews Date: Fri, 11 Sep 2015 12:24:25 -0400 Subject: Implement origin concept. --- components/script/dom/document.rs | 29 +++++++++++++++++++++-------- 1 file changed, 21 insertions(+), 8 deletions(-) (limited to 'components/script/dom/document.rs') diff --git a/components/script/dom/document.rs b/components/script/dom/document.rs index e38ab86bf29..9bb9a656719 100644 --- a/components/script/dom/document.rs +++ b/components/script/dom/document.rs @@ -94,6 +94,7 @@ use net_traits::CookieSource::NonHTTP; use net_traits::response::HttpsState; use net_traits::{AsyncResponseTarget, PendingAsyncLoad}; use num::ToPrimitive; +use origin::Origin; use script_runtime::ScriptChan; use script_thread::{MainThreadScriptChan, MainThreadScriptMsg, Runnable}; use script_traits::UntrustedNodeAddress; @@ -223,6 +224,8 @@ pub struct Document { /// https://html.spec.whatwg.org/multipage/#concept-document-https-state https_state: Cell, touchpad_pressure_phase: Cell, + /// The document's origin. + origin: Origin, } #[derive(JSTraceable, HeapSizeOf)] @@ -1544,14 +1547,6 @@ impl Document { /// https://html.spec.whatwg.org/multipage/#cookie-averse-document-object fn is_cookie_averse(&self) -> bool { - /// https://url.spec.whatwg.org/#network-scheme - fn url_has_network_scheme(url: &Url) -> bool { - match &*url.scheme { - "ftp" | "http" | "https" => true, - _ => false, - } - } - self.browsing_context.is_none() || !url_has_network_scheme(&self.url) } @@ -1590,6 +1585,14 @@ impl LayoutDocumentHelpers for LayoutJS { } } +/// https://url.spec.whatwg.org/#network-scheme +fn url_has_network_scheme(url: &Url) -> bool { + match &*url.scheme { + "ftp" | "http" | "https" => true, + _ => false, + } +} + impl Document { pub fn new_inherited(window: &Window, browsing_context: Option<&BrowsingContext>, @@ -1608,6 +1611,15 @@ impl Document { (DocumentReadyState::Complete, true) }; + // Incomplete implementation of Document origin specification at + // https://html.spec.whatwg.org/multipage/#origin:document + let origin = if url_has_network_scheme(&url) { + Origin::new(&url) + } else { + // Default to DOM standard behaviour + Origin::opaque_identifier() + }; + Document { node: Node::new_document_node(), window: JS::from_ref(window), @@ -1673,6 +1685,7 @@ impl Document { css_errors_store: DOMRefCell::new(vec![]), https_state: Cell::new(HttpsState::None), touchpad_pressure_phase: Cell::new(TouchpadPressurePhase::BeforeClick), + origin: origin, } } -- cgit v1.2.3 From fa42b452a0287fbdbec8cb709c08a9becfbe37eb Mon Sep 17 00:00:00 2001 From: Josh Matthews Date: Wed, 13 Apr 2016 10:38:53 +0200 Subject: Use origin for document.domain. --- components/script/dom/document.rs | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) (limited to 'components/script/dom/document.rs') diff --git a/components/script/dom/document.rs b/components/script/dom/document.rs index 9bb9a656719..76e33565e63 100644 --- a/components/script/dom/document.rs +++ b/components/script/dom/document.rs @@ -1881,9 +1881,18 @@ impl DocumentMethods for Document { // https://html.spec.whatwg.org/multipage/#relaxing-the-same-origin-restriction fn Domain(&self) -> DOMString { - // TODO: This should use the effective script origin when it exists - let origin = self.window.get_url(); - DOMString::from(origin.serialize_host().unwrap_or_else(|| "".to_owned())) + // Step 1. + if self.browsing_context().is_none() { + return DOMString::new(); + } + + if let Some(host) = self.origin.host() { + // Step 4. + DOMString::from(host.serialize()) + } else { + // Step 3. + DOMString::new() + } } // https://dom.spec.whatwg.org/#dom-document-documenturi -- cgit v1.2.3 From 90454c279d3ff3226f5758709d72f0a7d47f63f6 Mon Sep 17 00:00:00 2001 From: Josh Matthews Date: Wed, 13 Apr 2016 10:39:16 +0200 Subject: Use origin when manipulating cookies. --- components/script/dom/document.rs | 14 ++++++-------- 1 file changed, 6 insertions(+), 8 deletions(-) (limited to 'components/script/dom/document.rs') diff --git a/components/script/dom/document.rs b/components/script/dom/document.rs index 76e33565e63..723e461df30 100644 --- a/components/script/dom/document.rs +++ b/components/script/dom/document.rs @@ -2519,10 +2519,11 @@ impl DocumentMethods for Document { return Ok(DOMString::new()); } - let url = self.url(); - if !is_scheme_host_port_tuple(&url) { + if !self.origin.is_scheme_host_port_tuple() { return Err(Error::Security); } + + let url = self.url(); let (tx, rx) = ipc::channel().unwrap(); let _ = self.window.resource_thread().send(GetCookiesForUrl((*url).clone(), tx, NonHTTP)); let cookies = rx.recv().unwrap(); @@ -2535,10 +2536,11 @@ impl DocumentMethods for Document { return Ok(()); } - let url = self.url(); - if !is_scheme_host_port_tuple(url) { + if !self.origin.is_scheme_host_port_tuple() { return Err(Error::Security); } + + let url = self.url(); let _ = self.window .resource_thread() .send(SetCookiesForUrl((*url).clone(), String::from(cookie), NonHTTP)); @@ -2742,10 +2744,6 @@ impl DocumentMethods for Document { } } -fn is_scheme_host_port_tuple(url: &Url) -> bool { - url.host().is_some() && url.port_or_default().is_some() -} - fn update_with_current_time_ms(marker: &Cell) { if marker.get() == Default::default() { let time = time::get_time(); -- cgit v1.2.3