Bug 113780 - Extract URL that doesn't inherit a parent's SecurityOrigin out into a constant.
Summary: Extract URL that doesn't inherit a parent's SecurityOrigin out into a constant.
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebCore Misc. (show other bugs)
Version: 528+ (Nightly build)
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Mike West
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2013-04-02 07:04 PDT by Mike West
Modified: 2013-04-03 01:29 PDT (History)
6 users (show)

See Also:


Attachments
Patch (19.88 KB, patch)
2013-04-02 07:08 PDT, Mike West
no flags Details | Formatted Diff | Diff
Patch (27.28 KB, patch)
2013-04-02 07:10 PDT, Mike West
no flags Details | Formatted Diff | Diff
Patch (3.36 KB, patch)
2013-04-03 00:26 PDT, Mike West
no flags Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Mike West 2013-04-02 07:04:46 PDT
We're scheduling navigations to 'data:text/html,' in two places in order to end up on a page that doesn't inherit its parent's SecurityOrigin. We should be more explicit about what we're doing.
Comment 1 Mike West 2013-04-02 07:08:16 PDT
Created attachment 196133 [details]
Patch
Comment 2 Mike West 2013-04-02 07:10:36 PDT
Created attachment 196134 [details]
Patch
Comment 3 Mike West 2013-04-02 07:11:49 PDT
Mind taking a look, Jochen? Should be pretty much what we discussed (I went with the method, as I didn't see too many occurrences of a bare static string in the codebase).
Comment 4 jochen 2013-04-02 07:21:00 PDT
Comment on attachment 196134 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=196134&action=review

> Source/WebCore/page/SecurityOrigin.cpp:597
> +    DEFINE_STATIC_LOCAL(const String, uniqueSecurityOriginURL, (ASCIILiteral("data:text/html,")));

is the mime type even important at that point?
Comment 5 Mike West 2013-04-02 07:28:23 PDT
(In reply to comment #4)
> (From update of attachment 196134 [details])
> View in context: https://bugs.webkit.org/attachment.cgi?id=196134&action=review
> 
> > Source/WebCore/page/SecurityOrigin.cpp:597
> > +    DEFINE_STATIC_LOCAL(const String, uniqueSecurityOriginURL, (ASCIILiteral("data:text/html,")));
> 
> is the mime type even important at that point?

No idea. I'm not sure what WebKit does with a blank MIME type. I suppose I can test it. I'll do that before landing.
Comment 6 Darin Adler 2013-04-02 09:32:49 PDT
Comment on attachment 196134 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=196134&action=review

> Source/WebCore/page/SecurityOrigin.h:213
> +    static const String urlWithUniqueSecurityOrigin();

The const here is not needed or helpful. The return type should be just String.
Comment 7 Alexey Proskuryakov 2013-04-02 09:35:08 PDT
Comment on attachment 196134 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=196134&action=review

> Source/WebCore/page/SecurityOrigin.cpp:595
> +const String SecurityOrigin::urlWithUniqueSecurityOrigin()

Can we assert isMainThread() here?
Comment 8 Mike West 2013-04-03 00:21:38 PDT
Thanks, Alexey and Darin. I'll land this shortly with your tweaks.
Comment 9 Mike West 2013-04-03 00:26:53 PDT
Created attachment 196292 [details]
Patch
Comment 10 Mike West 2013-04-03 00:36:49 PDT
Comment on attachment 196292 [details]
Patch

The x-frame-options bug got reverted; adjusting this patch to drop that bit. I'll fold it into the other patch once this lands.
Comment 11 WebKit Review Bot 2013-04-03 01:29:31 PDT
Comment on attachment 196292 [details]
Patch

Clearing flags on attachment: 196292

Committed r147526: <http://trac.webkit.org/changeset/147526>
Comment 12 WebKit Review Bot 2013-04-03 01:29:35 PDT
All reviewed patches have been landed.  Closing bug.