Bug 113780

Summary: Extract URL that doesn't inherit a parent's SecurityOrigin out into a constant.
Product: WebKit Reporter: Mike West <mkwst>
Component: WebCore Misc.Assignee: Mike West <mkwst>
Status: RESOLVED FIXED    
Severity: Normal CC: abarth, dbates, esprehn+autocc, jochen, ojan.autocc, webkit.review.bot
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch
none
Patch
none
Patch none

Mike West
Reported 2013-04-02 07:04:46 PDT
We're scheduling navigations to 'data:text/html,' in two places in order to end up on a page that doesn't inherit its parent's SecurityOrigin. We should be more explicit about what we're doing.
Attachments
Patch (19.88 KB, patch)
2013-04-02 07:08 PDT, Mike West 		no flags
DetailsFormatted DiffDiff
Patch (27.28 KB, patch)
2013-04-02 07:10 PDT, Mike West 		no flags
DetailsFormatted DiffDiff
Patch (3.36 KB, patch)
2013-04-03 00:26 PDT, Mike West 		no flags
DetailsFormatted DiffDiff
Show Obsolete (2) View All Add attachment proposed patch, testcase, etc.
Mike West
Comment 1 2013-04-02 07:08:16 PDT
Created attachment 196133 [details] Patch
Mike West
Comment 2 2013-04-02 07:10:36 PDT
Created attachment 196134 [details] Patch
Mike West
Comment 3 2013-04-02 07:11:49 PDT
Mind taking a look, Jochen? Should be pretty much what we discussed (I went with the method, as I didn't see too many occurrences of a bare static string in the codebase).
jochen
Comment 4 2013-04-02 07:21:00 PDT
Comment on attachment 196134 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=196134&action=review > Source/WebCore/page/SecurityOrigin.cpp:597 > + DEFINE_STATIC_LOCAL(const String, uniqueSecurityOriginURL, (ASCIILiteral("data:text/html,"))); is the mime type even important at that point?
Mike West
Comment 5 2013-04-02 07:28:23 PDT
(In reply to comment #4) > (From update of attachment 196134 [details]) > View in context: https://bugs.webkit.org/attachment.cgi?id=196134&action=review > > > Source/WebCore/page/SecurityOrigin.cpp:597 > > + DEFINE_STATIC_LOCAL(const String, uniqueSecurityOriginURL, (ASCIILiteral("data:text/html,"))); > > is the mime type even important at that point? No idea. I'm not sure what WebKit does with a blank MIME type. I suppose I can test it. I'll do that before landing.
Darin Adler
Comment 6 2013-04-02 09:32:49 PDT
Comment on attachment 196134 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=196134&action=review > Source/WebCore/page/SecurityOrigin.h:213 > + static const String urlWithUniqueSecurityOrigin(); The const here is not needed or helpful. The return type should be just String.
Alexey Proskuryakov
Comment 7 2013-04-02 09:35:08 PDT
Comment on attachment 196134 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=196134&action=review > Source/WebCore/page/SecurityOrigin.cpp:595 > +const String SecurityOrigin::urlWithUniqueSecurityOrigin() Can we assert isMainThread() here?
Mike West
Comment 8 2013-04-03 00:21:38 PDT
Thanks, Alexey and Darin. I'll land this shortly with your tweaks.
Mike West
Comment 9 2013-04-03 00:26:53 PDT
Created attachment 196292 [details] Patch
Mike West
Comment 10 2013-04-03 00:36:49 PDT
Comment on attachment 196292 [details] Patch The x-frame-options bug got reverted; adjusting this patch to drop that bit. I'll fold it into the other patch once this lands.
WebKit Review Bot
Comment 11 2013-04-03 01:29:31 PDT
Comment on attachment 196292 [details] Patch Clearing flags on attachment: 196292 Committed r147526: <http://trac.webkit.org/changeset/147526>
WebKit Review Bot
Comment 12 2013-04-03 01:29:35 PDT
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.