1 /* 2 Copyright (C) 2008 Nokia Corporation and/or its subsidiary(-ies) 3 4 This library is free software; you can redistribute it and/or 5 modify it under the terms of the GNU Library General Public 6 License as published by the Free Software Foundation; either 7 version 2 of the License, or (at your option) any later version. 8 9 This library is distributed in the hope that it will be useful, 10 but WITHOUT ANY WARRANTY; without even the implied warranty of 11 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 12 Library General Public License for more details. 13 14 You should have received a copy of the GNU Library General Public License 15 along with this library; see the file COPYING.LIB. If not, write to 16 the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, 17 Boston, MA 02110-1301, USA. 18 */ 19 20 #include "config.h" 21 #include "qwebsecurityorigin.h" 22 #include "qwebsecurityorigin_p.h" 23 #include "qwebdatabase.h" 24 #include "qwebdatabase_p.h" 25 26 #include "DatabaseTracker.h" 27 #include "KURL.h" 28 #include "SecurityOrigin.h" 29 #include <QStringList> 30 31 using namespace WebCore; 32 33 void QWEBKIT_EXPORT qt_drt_whiteListAccessFromOrigin(const QString& sourceOrigin, const QString& destinationProtocol, const QString& destinationHost, bool allowDestinationSubdomains) 34 { 35 SecurityOrigin::whiteListAccessFromOrigin(*SecurityOrigin::createFromString(sourceOrigin), destinationProtocol, destinationHost, allowDestinationSubdomains); 36 } 37 38 void QWEBKIT_EXPORT qt_drt_resetOriginAccessWhiteLists() 39 { 40 SecurityOrigin::resetOriginAccessWhiteLists(); 41 } 42 43 void QWEBKIT_EXPORT qt_drt_setDomainRelaxationForbiddenForURLScheme(bool forbidden, const QString& scheme) 44 { 45 SecurityOrigin::setDomainRelaxationForbiddenForURLScheme(forbidden, scheme); 46 } 47 48 /*! 49 \class QWebSecurityOrigin 50 \since 4.5 51 \brief The QWebSecurityOrigin class defines a security boundary for web sites. 52 53 \inmodule QtWebKit 54 55 QWebSecurityOrigin provides access to the security domains defined by web sites. 56 An origin consists of a host name, a scheme, and a port number. Web sites 57 with the same security origin can access each other's resources for client-side 58 scripting or databases. 59 60 For example the site \c{http://www.example.com/my/page.html} is allowed to share the same 61 database as \c{http://www.example.com/my/overview.html}, or access each other's 62 documents when used in HTML frame sets and JavaScript. At the same time it prevents 63 \c{http://www.malicious.com/evil.html} from accessing \c{http://www.example.com/}'s resources, 64 because they are of a different security origin. 65 66 Call QWebFrame::securityOrigin() to get the QWebSecurityOrigin for a frame in a 67 web page, and use host(), scheme() and port() to identify the security origin. 68 69 Use databases() to access the databases defined within a security origin. The 70 disk usage of the origin's databases can be limited with setDatabaseQuota(). 71 databaseQuota() and databaseUsage() report the current limit as well as the 72 current usage. 73 74 For more information refer to the 75 \l{http://en.wikipedia.org/wiki/Same_origin_policy}{"Same origin policy" Wikipedia Article}. 76 77 \sa QWebFrame::securityOrigin() 78 */ 79 80 /*! 81 Constructs a security origin from \a other. 82 */ 83 QWebSecurityOrigin::QWebSecurityOrigin(const QWebSecurityOrigin& other) : d(other.d) 84 { 85 } 86 87 /*! 88 Assigns the \a other security origin to this. 89 */ 90 QWebSecurityOrigin& QWebSecurityOrigin::operator=(const QWebSecurityOrigin& other) 91 { 92 d = other.d; 93 return *this; 94 } 95 96 /*! 97 Returns the scheme defining the security origin. 98 */ 99 QString QWebSecurityOrigin::scheme() const 100 { 101 return d->origin->protocol(); 102 } 103 104 /*! 105 Returns the host name defining the security origin. 106 */ 107 QString QWebSecurityOrigin::host() const 108 { 109 return d->origin->host(); 110 } 111 112 /*! 113 Returns the port number defining the security origin. 114 */ 115 int QWebSecurityOrigin::port() const 116 { 117 return d->origin->port(); 118 } 119 120 /*! 121 Returns the number of bytes all databases in the security origin 122 use on the disk. 123 */ 124 qint64 QWebSecurityOrigin::databaseUsage() const 125 { 126 #if ENABLE(DATABASE) 127 return DatabaseTracker::tracker().usageForOrigin(d->origin.get()); 128 #else 129 return 0; 130 #endif 131 } 132 133 /*! 134 Returns the quota for the databases in the security origin. 135 */ 136 qint64 QWebSecurityOrigin::databaseQuota() const 137 { 138 #if ENABLE(DATABASE) 139 return DatabaseTracker::tracker().quotaForOrigin(d->origin.get()); 140 #else 141 return 0; 142 #endif 143 } 144 145 /*! 146 Sets the quota for the databases in the security origin to \a quota bytes. 147 148 If the quota is set to a value less than the current usage, the quota will remain 149 and no data will be purged to meet the new quota. However, no new data can be added 150 to databases in this origin. 151 */ 152 void QWebSecurityOrigin::setDatabaseQuota(qint64 quota) 153 { 154 #if ENABLE(DATABASE) 155 DatabaseTracker::tracker().setQuota(d->origin.get(), quota); 156 #endif 157 } 158 159 /*! 160 Destroys the security origin. 161 */ 162 QWebSecurityOrigin::~QWebSecurityOrigin() 163 { 164 } 165 166 /*! 167 \internal 168 */ 169 QWebSecurityOrigin::QWebSecurityOrigin(QWebSecurityOriginPrivate* priv) 170 { 171 d = priv; 172 } 173 174 /*! 175 Returns a list of all security origins with a database quota defined. 176 */ 177 QList<QWebSecurityOrigin> QWebSecurityOrigin::allOrigins() 178 { 179 QList<QWebSecurityOrigin> webOrigins; 180 181 #if ENABLE(DATABASE) 182 Vector<RefPtr<SecurityOrigin> > coreOrigins; 183 DatabaseTracker::tracker().origins(coreOrigins); 184 185 for (unsigned i = 0; i < coreOrigins.size(); ++i) { 186 QWebSecurityOriginPrivate* priv = new QWebSecurityOriginPrivate(coreOrigins[i].get()); 187 webOrigins.append(priv); 188 } 189 #endif 190 191 return webOrigins; 192 } 193 194 /*! 195 Returns a list of all databases defined in the security origin. 196 */ 197 QList<QWebDatabase> QWebSecurityOrigin::databases() const 198 { 199 QList<QWebDatabase> databases; 200 201 #if ENABLE(DATABASE) 202 Vector<String> nameVector; 203 204 if (!DatabaseTracker::tracker().databaseNamesForOrigin(d->origin.get(), nameVector)) 205 return databases; 206 for (unsigned i = 0; i < nameVector.size(); ++i) { 207 QWebDatabasePrivate* priv = new QWebDatabasePrivate(); 208 priv->name = nameVector[i]; 209 priv->origin = this->d->origin; 210 QWebDatabase webDatabase(priv); 211 databases.append(webDatabase); 212 } 213 #endif 214 215 return databases; 216 } 217 218 /*! 219 \since 4.6 220 221 Adds the given \a scheme to the list of schemes that are considered equivalent 222 to the \c file: scheme. They are not subject to cross domain restrictions. 223 */ 224 void QWebSecurityOrigin::addLocalScheme(const QString& scheme) 225 { 226 SecurityOrigin::registerURLSchemeAsLocal(scheme); 227 } 228 229 /*! 230 \since 4.6 231 232 Removes the given \a scheme from the list of local schemes. 233 234 \sa addLocalScheme() 235 */ 236 void QWebSecurityOrigin::removeLocalScheme(const QString& scheme) 237 { 238 SecurityOrigin::removeURLSchemeRegisteredAsLocal(scheme); 239 } 240 241 /*! 242 \since 4.6 243 Returns a list of all the schemes that were set by the application as local schemes, 244 \sa addLocalScheme(), removeLocalScheme() 245 */ 246 QStringList QWebSecurityOrigin::localSchemes() 247 { 248 QStringList list; 249 const URLSchemesMap& map = SecurityOrigin::localURLSchemes(); 250 URLSchemesMap::const_iterator end = map.end(); 251 for (URLSchemesMap::const_iterator i = map.begin(); i != end; ++i) { 252 const QString scheme = *i; 253 list.append(scheme); 254 } 255 return list; 256 } 257
