Bug 113780

Summary: Extract URL that doesn't inherit a parent's SecurityOrigin out into a constant.
Product: WebKit Reporter: Mike West <mkwst>
Component: WebCore Misc.Assignee: Mike West <mkwst>
Status: RESOLVED FIXED    
Severity: Normal CC: abarth, dbates, esprehn+autocc, jochen, ojan.autocc, webkit.review.bot
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch
none
Patch
none
Patch none

Description Mike West 2013-04-02 07:04:46 PDT 
We're scheduling navigations to 'data:text/html,' in two places in order to end up on a page that doesn't inherit its parent's SecurityOrigin. We should be more explicit about what we're doing.
Comment 1 Mike West 2013-04-02 07:08:16 PDT 
Created attachment 196133 [details]
Patch
Comment 2 Mike West 2013-04-02 07:10:36 PDT 
Created attachment 196134 [details]
Patch
Comment 3 Mike West 2013-04-02 07:11:49 PDT 
Mind taking a look, Jochen? Should be pretty much what we discussed (I went with the method, as I didn't see too many occurrences of a bare static string in the codebase).
Comment 4 jochen 2013-04-02 07:21:00 PDT 
Comment on attachment 196134 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=196134&action=review

> Source/WebCore/page/SecurityOrigin.cpp:597
> +    DEFINE_STATIC_LOCAL(const String, uniqueSecurityOriginURL, (ASCIILiteral("data:text/html,")));

is the mime type even important at that point?
Comment 5 Mike West 2013-04-02 07:28:23 PDT 
(In reply to comment #4)
> (From update of attachment 196134 [details])
> View in context: https://bugs.webkit.org/attachment.cgi?id=196134&action=review
> 
> > Source/WebCore/page/SecurityOrigin.cpp:597
> > +    DEFINE_STATIC_LOCAL(const String, uniqueSecurityOriginURL, (ASCIILiteral("data:text/html,")));
> 
> is the mime type even important at that point?

No idea. I'm not sure what WebKit does with a blank MIME type. I suppose I can test it. I'll do that before landing.
Comment 6 Darin Adler 2013-04-02 09:32:49 PDT 
Comment on attachment 196134 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=196134&action=review

> Source/WebCore/page/SecurityOrigin.h:213
> +    static const String urlWithUniqueSecurityOrigin();

The const here is not needed or helpful. The return type should be just String.
Comment 7 Alexey Proskuryakov 2013-04-02 09:35:08 PDT 
Comment on attachment 196134 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=196134&action=review

> Source/WebCore/page/SecurityOrigin.cpp:595
> +const String SecurityOrigin::urlWithUniqueSecurityOrigin()

Can we assert isMainThread() here?
Comment 8 Mike West 2013-04-03 00:21:38 PDT 
Thanks, Alexey and Darin. I'll land this shortly with your tweaks.
Comment 9 Mike West 2013-04-03 00:26:53 PDT 
Created attachment 196292 [details]
Patch
Comment 10 Mike West 2013-04-03 00:36:49 PDT 
Comment on attachment 196292 [details]
Patch

The x-frame-options bug got reverted; adjusting this patch to drop that bit. I'll fold it into the other patch once this lands.
Comment 11 WebKit Review Bot 2013-04-03 01:29:31 PDT 
Comment on attachment 196292 [details]
Patch

Clearing flags on attachment: 196292

Committed r147526: <http://trac.webkit.org/changeset/147526>
Comment 12 WebKit Review Bot 2013-04-03 01:29:35 PDT 
All reviewed patches have been landed.  Closing bug.