void Document::setUseSecureKeyboardEntryWhenActive(bool usesSecureKeyboard) { if (m_useSecureKeyboardEntryWhenActive == usesSecureKeyboard) return; m_useSecureKeyboardEntryWhenActive = usesSecureKeyboard; m_frame->selection().updateSecureKeyboardEntryIfActive(); } bool Document::useSecureKeyboardEntryWhenActive() const { return m_useSecureKeyboardEntryWhenActive; } void Document::initSecurityContext(const DocumentInit& initializer) { ASSERT(!getSecurityOrigin()); if (!initializer.hasSecurityContext()) { // No source for a security context. // This can occur via document.implementation.createDocument(). m_cookieURL = KURL(ParsedURLString, emptyString()); setSecurityOrigin(SecurityOrigin::createUnique()); initContentSecurityPolicy(); // Unique security origins cannot have a suborigin return; } // In the common case, create the security context from the currently // loading URL with a fresh content security policy. enforceSandboxFlags(initializer.getSandboxFlags()); if (initializer.shouldEnforceStrictMixedContentChecking()) enforceStrictMixedContentChecking(); setInsecureRequestsPolicy(initializer.getInsecureRequestsPolicy()); if (initializer.insecureNavigationsToUpgrade()) { for (auto toUpgrade : *initializer.insecureNavigationsToUpgrade()) addInsecureNavigationUpgrade(toUpgrade); } if (isSandboxed(SandboxOrigin)) { m_cookieURL = m_url; setSecurityOrigin(SecurityOrigin::createUnique()); // If we're supposed to inherit our security origin from our // owner, but we're also sandboxed, the only things we inherit are // the origin's potential trustworthiness and the ability to // load local resources. The latter lets about:blank iframes in // file:// URL documents load images and other resources from // the file system. if (initializer.owner() && initializer.owner()->getSecurityOrigin()->isPotentiallyTrustworthy()) getSecurityOrigin()->setUniqueOriginIsPotentiallyTrustworthy(true); if (initializer.owner() && initializer.owner()->getSecurityOrigin()->canLoadLocalResources()) getSecurityOrigin()->grantLoadLocalResources(); } else if (initializer.owner()) { m_cookieURL = initializer.owner()->cookieURL(); // We alias the SecurityOrigins to match Firefox, see Bug 15313 // https://bugs.webkit.org/show_bug.cgi?id=15313 setSecurityOrigin(initializer.owner()->getSecurityOrigin()); } else { m_cookieURL = m_url; setSecurityOrigin(SecurityOrigin::create(m_url)); } // Set the address space before setting up CSP, as the latter may override // the former via the 'treat-as-public-address' directive (see // https://mikewest.github.io/cors-rfc1918/#csp). if (initializer.isHostedInReservedIPRange()) { setAddressSpace(getSecurityOrigin()->isLocalhost() ? WebAddressSpaceLocal : WebAddressSpacePrivate); } else { setAddressSpace(WebAddressSpacePublic); } if (importsController()) { // If this document is an HTML import, grab a reference to it's master document's Content // Security Policy. We don't call 'initContentSecurityPolicy' in this case, as we can't // rebind the master document's policy object: its ExecutionContext needs to remain tied // to the master document. setContentSecurityPolicy(importsController()->master()->contentSecurityPolicy()); } else { initContentSecurityPolicy(); } if (getSecurityOrigin()->hasSuborigin()) enforceSuborigin(getSecurityOrigin()->suboriginName()); if (Settings* settings = initializer.settings()) { if (!settings->webSecurityEnabled()) { // Web security is turned off. We should let this document access every other document. This is used primary by testing // harnesses for web sites. getSecurityOrigin()->grantUniversalAccess(); } else if (getSecurityOrigin()->isLocal()) { if (settings->allowUniversalAccessFromFileURLs()) { // Some clients want local URLs to have universal access, but that setting is dangerous for other clients. getSecurityOrigin()->grantUniversalAccess(); } else if (!settings->allowFileAccessFromFileURLs()) { // Some clients do not want local URLs to have access to other local URLs. getSecurityOrigin()->blockLocalAccessFromLocalOrigin(); } } }
https://code.google.com/p/chromium/codesearch#chromium/src/third_party/WebKit/Source/core/dom/Document.cpp&q=keyboard%20wrapper%20migration&sq=package:chromium&type=cs&l=4935
.png)
No comments:
Post a Comment