diff -r 000000000000 -r 4f2f89ce4247 WebKit/qt/Api/qwebsecurityorigin.cpp --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/WebKit/qt/Api/qwebsecurityorigin.cpp Fri Sep 17 09:02:29 2010 +0300 @@ -0,0 +1,262 @@ +/* + Copyright (C) 2008 Nokia Corporation and/or its subsidiary(-ies) + + This library is free software; you can redistribute it and/or + modify it under the terms of the GNU Library General Public + License as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Library General Public License for more details. + + You should have received a copy of the GNU Library General Public License + along with this library; see the file COPYING.LIB. If not, write to + the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, + Boston, MA 02110-1301, USA. +*/ + +#include "config.h" +#include "qwebsecurityorigin.h" +#include "qwebsecurityorigin_p.h" +#include "qwebdatabase.h" +#include "qwebdatabase_p.h" + +#include "DatabaseTracker.h" +#include "KURL.h" +#include "SchemeRegistry.h" +#include "SecurityOrigin.h" +#include + +using namespace WebCore; + +/*! + \class QWebSecurityOrigin + \since 4.5 + \brief The QWebSecurityOrigin class defines a security boundary for web sites. + + \inmodule QtWebKit + + QWebSecurityOrigin provides access to the security domains defined by web sites. + An origin consists of a host name, a scheme, and a port number. Web sites + with the same security origin can access each other's resources for client-side + scripting or databases. + + For example the site \c{http://www.example.com/my/page.html} is allowed to share the same + database as \c{http://www.example.com/my/overview.html}, or access each other's + documents when used in HTML frame sets and JavaScript. At the same time it prevents + \c{http://www.malicious.com/evil.html} from accessing \c{http://www.example.com/}'s resources, + because they are of a different security origin. + + By default local schemes like \c{file://} and \c{qrc://} are concidered to be in the same + security origin, and can access each other's resources. You can add additional local schemes + by using QWebSecurityOrigin::addLocalScheme(), or override the default same-origin behavior + by setting QWebSettings::LocalContentCanAccessFileUrls to \c{false}. + + \note Local resources are by default restricted from accessing remote content, which + means your \c{file://} will not be able to access \c{http://domain.com/foo.html}. You + can relax this restriction by setting QWebSettings::LocalContentCanAccessRemoteUrls to + \c{true}. + + Call QWebFrame::securityOrigin() to get the QWebSecurityOrigin for a frame in a + web page, and use host(), scheme() and port() to identify the security origin. + + Use databases() to access the databases defined within a security origin. The + disk usage of the origin's databases can be limited with setDatabaseQuota(). + databaseQuota() and databaseUsage() report the current limit as well as the + current usage. + + For more information refer to the + \l{http://en.wikipedia.org/wiki/Same_origin_policy}{"Same origin policy" Wikipedia Article}. + + \sa QWebFrame::securityOrigin() +*/ + +/*! + Constructs a security origin from \a other. +*/ +QWebSecurityOrigin::QWebSecurityOrigin(const QWebSecurityOrigin& other) : d(other.d) +{ +} + +/*! + Assigns the \a other security origin to this. +*/ +QWebSecurityOrigin& QWebSecurityOrigin::operator=(const QWebSecurityOrigin& other) +{ + d = other.d; + return *this; +} + +/*! + Returns the scheme defining the security origin. +*/ +QString QWebSecurityOrigin::scheme() const +{ + return d->origin->protocol(); +} + +/*! + Returns the host name defining the security origin. +*/ +QString QWebSecurityOrigin::host() const +{ + return d->origin->host(); +} + +/*! + Returns the port number defining the security origin. +*/ +int QWebSecurityOrigin::port() const +{ + return d->origin->port(); +} + +/*! + Returns the number of bytes all databases in the security origin + use on the disk. +*/ +qint64 QWebSecurityOrigin::databaseUsage() const +{ +#if ENABLE(DATABASE) + return DatabaseTracker::tracker().usageForOrigin(d->origin.get()); +#else + return 0; +#endif +} + +/*! + Returns the quota for the databases in the security origin. +*/ +qint64 QWebSecurityOrigin::databaseQuota() const +{ +#if ENABLE(DATABASE) + return DatabaseTracker::tracker().quotaForOrigin(d->origin.get()); +#else + return 0; +#endif +} + +/*! + Sets the quota for the databases in the security origin to \a quota bytes. + + If the quota is set to a value less than the current usage, the quota will remain + and no data will be purged to meet the new quota. However, no new data can be added + to databases in this origin. +*/ +void QWebSecurityOrigin::setDatabaseQuota(qint64 quota) +{ +#if ENABLE(DATABASE) + DatabaseTracker::tracker().setQuota(d->origin.get(), quota); +#endif +} + +/*! + Destroys the security origin. +*/ +QWebSecurityOrigin::~QWebSecurityOrigin() +{ +} + +/*! + \internal +*/ +QWebSecurityOrigin::QWebSecurityOrigin(QWebSecurityOriginPrivate* priv) +{ + d = priv; +} + +/*! + Returns a list of all security origins with a database quota defined. +*/ +QList QWebSecurityOrigin::allOrigins() +{ + QList webOrigins; + +#if ENABLE(DATABASE) + Vector > coreOrigins; + DatabaseTracker::tracker().origins(coreOrigins); + + for (unsigned i = 0; i < coreOrigins.size(); ++i) { + QWebSecurityOriginPrivate* priv = new QWebSecurityOriginPrivate(coreOrigins[i].get()); + webOrigins.append(priv); + } +#endif + + return webOrigins; +} + +/*! + Returns a list of all databases defined in the security origin. +*/ +QList QWebSecurityOrigin::databases() const +{ + QList databases; + +#if ENABLE(DATABASE) + Vector nameVector; + + if (!DatabaseTracker::tracker().databaseNamesForOrigin(d->origin.get(), nameVector)) + return databases; + for (unsigned i = 0; i < nameVector.size(); ++i) { + QWebDatabasePrivate* priv = new QWebDatabasePrivate(); + priv->name = nameVector[i]; + priv->origin = this->d->origin; + QWebDatabase webDatabase(priv); + databases.append(webDatabase); + } +#endif + + return databases; +} + +/*! + \since 4.6 + + Adds the given \a scheme to the list of schemes that are considered equivalent + to the \c file: scheme. + + Cross domain restrictions depend on the two web settings QWebSettings::LocalContentCanAccessFileUrls + and QWebSettings::LocalContentCanAccessFileUrls. By default all local schemes are concidered to be + in the same security origin, and local schemes can not access remote content. +*/ +void QWebSecurityOrigin::addLocalScheme(const QString& scheme) +{ + SchemeRegistry::registerURLSchemeAsLocal(scheme); +} + +/*! + \since 4.6 + + Removes the given \a scheme from the list of local schemes. + + \note You can not remove the \c{file://} scheme from the list + of local schemes. + + \sa addLocalScheme() +*/ +void QWebSecurityOrigin::removeLocalScheme(const QString& scheme) +{ + SchemeRegistry::removeURLSchemeRegisteredAsLocal(scheme); +} + +/*! + \since 4.6 + Returns a list of all the schemes concidered to be local. + + By default this is \c{file://} and \c{qrc://}. + + \sa addLocalScheme(), removeLocalScheme() +*/ +QStringList QWebSecurityOrigin::localSchemes() +{ + QStringList list; + const URLSchemesMap& map = SchemeRegistry::localURLSchemes(); + URLSchemesMap::const_iterator end = map.end(); + for (URLSchemesMap::const_iterator i = map.begin(); i != end; ++i) { + const QString scheme = *i; + list.append(scheme); + } + return list; +}