<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[204181] trunk</title>
</head>
<body>
<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; }
#msg dl a { font-weight: bold}
#msg dl a:link { color:#fc3; }
#msg dl a:active { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta">
<dt>Revision</dt> <dd><a href="http://trac.webkit.org/projects/webkit/changeset/204181">204181</a></dd>
<dt>Author</dt> <dd>wilander@apple.com</dd>
<dt>Date</dt> <dd>2016-08-05 11:57:13 -0700 (Fri, 05 Aug 2016)</dd>
</dl>
<h3>Log Message</h3>
<pre>Don't set document.domain to an IP address fragment
https://bugs.webkit.org/show_bug.cgi?id=126045
<rdar://problem/27331794>
Reviewed by Daniel Bates.
Source/WebCore:
This patch matches the following Blink one:
https://chromium.googlesource.com/chromium/blink/+/b19a57fdb323d5a80d3a1cb0a6b343558c4237b0
IP address octets should not be treated as subdomains when setting
document.domain. The specs say:
'The domain attribute's setter must run these steps: ...
7. If host is not equal to effectiveDomain, then run these substeps:
1. If host or effectiveDomain is not a domain, then throw a
"SecurityError" DOMException.'
https://html.spec.whatwg.org/multipage/browsers.html#relaxing-the-same-origin-restriction
Last Updated 5 August 2016
'A host is a domain, an IPv4 address, or an IPv6 address.'
https://url.spec.whatwg.org/#concept-domain
Last Updated 28 July 2016
Test: http/tests/security/set-domain-remove-subdomain-for-ip-address.html
* dom/Document.cpp:
(WebCore::Document::setDomain):
Now checks whether the security origin is allowed to remove
subdomains. If not, it throws a security error.
* page/OriginAccessEntry.cpp:
(WebCore::OriginAccessEntry::OriginAccessEntry):
Constructor now expects an IP address setting.
(WebCore::OriginAccessEntry::matchesOrigin):
Now also checks whether the host in an IP address and returns
false if IP addresses aren't configured to be treated as domains.
* page/OriginAccessEntry.h:
Introduced new enum for IP address setting.
Constructor now expects an IP address setting.
(WebCore::OriginAccessEntry::ipAddressSettings):
New getter.
(WebCore::operator==):
Now also requires IP address settings to match.
* page/SecurityPolicy.cpp:
(WebCore::SecurityPolicy::addOriginAccessWhitelistEntry):
Changes to match OriginAccessEntry's new constructor.
(WebCore::SecurityPolicy::removeOriginAccessWhitelistEntry):
Changes to match OriginAccessEntry's new constructor.
* page/Settings.in:
Added a setting to allow IP address octets to be treated as
subdomains. This way our existing tests setting document.domain
still work.
LayoutTests:
IP address octets should not be treated as subdomains when
setting document.domain.
* http/tests/security/aboutBlank/security-context-alias.html:
Now enables the new setting treatIPAddressesAsDomains.
* http/tests/security/aboutBlank/security-context-grandchildren-alias.html:
Now enables the new setting treatIPAddressesAsDomains.
* http/tests/security/postMessage/origin-unaffected-by-document-domain.html:
Now enables the new setting treatIPAddressesAsDomains.
* http/tests/security/set-domain-remove-subdomain-for-ip-address-expected.txt: Added.
* http/tests/security/set-domain-remove-subdomain-for-ip-address.html: Added.
* http/tests/workers/worker-document-domain-security.html:
Now enables the new setting treatIPAddressesAsDomains.
* http/tests/xmlhttprequest/document-domain-set.html:
Now enables the new setting treatIPAddressesAsDomains.</pre>
<h3>Modified Paths</h3>
<ul>
<li><a href="#trunkLayoutTestsChangeLog">trunk/LayoutTests/ChangeLog</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityaboutBlanksecuritycontextaliashtml">trunk/LayoutTests/http/tests/security/aboutBlank/security-context-alias.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityaboutBlanksecuritycontextgrandchildrenaliashtml">trunk/LayoutTests/http/tests/security/aboutBlank/security-context-grandchildren-alias.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecuritypostMessageoriginunaffectedbydocumentdomainhtml">trunk/LayoutTests/http/tests/security/postMessage/origin-unaffected-by-document-domain.html</a></li>
<li><a href="#trunkLayoutTestshttptestsworkersworkerdocumentdomainsecurityhtml">trunk/LayoutTests/http/tests/workers/worker-document-domain-security.html</a></li>
<li><a href="#trunkLayoutTestshttptestsxmlhttprequestdocumentdomainsethtml">trunk/LayoutTests/http/tests/xmlhttprequest/document-domain-set.html</a></li>
<li><a href="#trunkSourceWebCoreChangeLog">trunk/Source/WebCore/ChangeLog</a></li>
<li><a href="#trunkSourceWebCoredomDocumentcpp">trunk/Source/WebCore/dom/Document.cpp</a></li>
<li><a href="#trunkSourceWebCorepageOriginAccessEntrycpp">trunk/Source/WebCore/page/OriginAccessEntry.cpp</a></li>
<li><a href="#trunkSourceWebCorepageOriginAccessEntryh">trunk/Source/WebCore/page/OriginAccessEntry.h</a></li>
<li><a href="#trunkSourceWebCorepageSecurityPolicycpp">trunk/Source/WebCore/page/SecurityPolicy.cpp</a></li>
<li><a href="#trunkSourceWebCorepageSettingsin">trunk/Source/WebCore/page/Settings.in</a></li>
</ul>
<h3>Added Paths</h3>
<ul>
<li><a href="#trunkLayoutTestshttptestssecuritysetdomainremovesubdomainforipaddressexpectedtxt">trunk/LayoutTests/http/tests/security/set-domain-remove-subdomain-for-ip-address-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestssecuritysetdomainremovesubdomainforipaddresshtml">trunk/LayoutTests/http/tests/security/set-domain-remove-subdomain-for-ip-address.html</a></li>
</ul>
</div>
<div id="patch">
<h3>Diff</h3>
<a id="trunkLayoutTestsChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/ChangeLog (204180 => 204181)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/ChangeLog        2016-08-05 18:53:49 UTC (rev 204180)
+++ trunk/LayoutTests/ChangeLog        2016-08-05 18:57:13 UTC (rev 204181)
</span><span class="lines">@@ -1,3 +1,27 @@
</span><ins>+2016-08-05 John Wilander <wilander@apple.com>
+
+ Don't set document.domain to an IP address fragment
+ https://bugs.webkit.org/show_bug.cgi?id=126045
+ <rdar://problem/27331794>
+
+ Reviewed by Daniel Bates.
+
+ IP address octets should not be treated as subdomains when
+ setting document.domain.
+
+ * http/tests/security/aboutBlank/security-context-alias.html:
+ Now enables the new setting treatIPAddressesAsDomains.
+ * http/tests/security/aboutBlank/security-context-grandchildren-alias.html:
+ Now enables the new setting treatIPAddressesAsDomains.
+ * http/tests/security/postMessage/origin-unaffected-by-document-domain.html:
+ Now enables the new setting treatIPAddressesAsDomains.
+ * http/tests/security/set-domain-remove-subdomain-for-ip-address-expected.txt: Added.
+ * http/tests/security/set-domain-remove-subdomain-for-ip-address.html: Added.
+ * http/tests/workers/worker-document-domain-security.html:
+ Now enables the new setting treatIPAddressesAsDomains.
+ * http/tests/xmlhttprequest/document-domain-set.html:
+ Now enables the new setting treatIPAddressesAsDomains.
+
</ins><span class="cx"> 2016-08-05 Chris Dumez <cdumez@apple.com>
</span><span class="cx">
</span><span class="cx"> Window's named properties should be exposed on a WindowProperties object in its prototype
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityaboutBlanksecuritycontextaliashtml"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/aboutBlank/security-context-alias.html (204180 => 204181)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/aboutBlank/security-context-alias.html        2016-08-05 18:53:49 UTC (rev 204180)
+++ trunk/LayoutTests/http/tests/security/aboutBlank/security-context-alias.html        2016-08-05 18:57:13 UTC (rev 204181)
</span><span class="lines">@@ -7,6 +7,9 @@
</span><span class="cx"> if (window.testRunner)
</span><span class="cx"> testRunner.dumpAsText();
</span><span class="cx">
</span><ins>+if (window.internals)
+ window.internals.settings.setTreatIPAddressAsDomain(true);
+
</ins><span class="cx"> document.write('--- Test begins ---\n');
</span><span class="cx"> document.write('* "about:blank"\n');
</span><span class="cx"> document.write('document.domain = ' + frames[0].document.domain + '\n');
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityaboutBlanksecuritycontextgrandchildrenaliashtml"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/aboutBlank/security-context-grandchildren-alias.html (204180 => 204181)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/aboutBlank/security-context-grandchildren-alias.html        2016-08-05 18:53:49 UTC (rev 204180)
+++ trunk/LayoutTests/http/tests/security/aboutBlank/security-context-grandchildren-alias.html        2016-08-05 18:57:13 UTC (rev 204181)
</span><span class="lines">@@ -6,6 +6,9 @@
</span><span class="cx"> testRunner.waitUntilDone();
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+if (window.internals)
+ window.internals.settings.setTreatIPAddressAsDomain(true);
+
</ins><span class="cx"> function log(msg) {
</span><span class="cx"> var line = document.createElement('div');
</span><span class="cx"> line.appendChild(document.createTextNode(msg));
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecuritypostMessageoriginunaffectedbydocumentdomainhtml"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/postMessage/origin-unaffected-by-document-domain.html (204180 => 204181)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/postMessage/origin-unaffected-by-document-domain.html        2016-08-05 18:53:49 UTC (rev 204180)
+++ trunk/LayoutTests/http/tests/security/postMessage/origin-unaffected-by-document-domain.html        2016-08-05 18:57:13 UTC (rev 204181)
</span><span class="lines">@@ -8,6 +8,9 @@
</span><span class="cx"> testRunner.waitUntilDone();
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+if (window.internals)
+ window.internals.settings.setTreatIPAddressAsDomain(true);
+
</ins><span class="cx"> addEventListener("message", recv, false);
</span><span class="cx">
</span><span class="cx"> function test() {
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecuritysetdomainremovesubdomainforipaddressexpectedtxt"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/http/tests/security/set-domain-remove-subdomain-for-ip-address-expected.txt (0 => 204181)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/set-domain-remove-subdomain-for-ip-address-expected.txt         (rev 0)
+++ trunk/LayoutTests/http/tests/security/set-domain-remove-subdomain-for-ip-address-expected.txt        2016-08-05 18:57:13 UTC (rev 204181)
</span><span class="lines">@@ -0,0 +1,11 @@
</span><ins>+Test whether a page loaded straight from an IP address can set document.domain and wrongly treat IP address octets as subdomains.
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+PASS document.domain = '0.0.1' threw exception SecurityError (DOM Exception 18): The operation is insecure..
+PASS document.domain is "127.0.0.1"
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
</ins></span></pre></div>
<a id="trunkLayoutTestshttptestssecuritysetdomainremovesubdomainforipaddresshtml"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/http/tests/security/set-domain-remove-subdomain-for-ip-address.html (0 => 204181)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/set-domain-remove-subdomain-for-ip-address.html         (rev 0)
+++ trunk/LayoutTests/http/tests/security/set-domain-remove-subdomain-for-ip-address.html        2016-08-05 18:57:13 UTC (rev 204181)
</span><span class="lines">@@ -0,0 +1,21 @@
</span><ins>+<!DOCTYPE html>
+<html lang="en">
+<head>
+ <meta charset="UTF-8">
+ <title>Try to set document.domain and wrongly treat IP address octets as subdomains</title>
+ <script src="../resources/js-test-pre.js"></script>
+</head>
+<body>
+<script>
+ description("Test whether a page loaded straight from an IP address can set document.domain and wrongly treat IP address octets as subdomains.");
+
+ if (document.domain != "127.0.0.1") {
+ document.location.hostname = "127.0.0.1";
+ }
+
+ shouldThrow("document.domain = '0.0.1'", "'SecurityError (DOM Exception 18): The operation is insecure.'");
+ shouldBeEqualToString("document.domain", "127.0.0.1");
+</script>
+<script src="../resources/js-test-post.js"></script>
+</body>
+</html>
</ins></span></pre></div>
<a id="trunkLayoutTestshttptestsworkersworkerdocumentdomainsecurityhtml"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/workers/worker-document-domain-security.html (204180 => 204181)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/workers/worker-document-domain-security.html        2016-08-05 18:53:49 UTC (rev 204180)
+++ trunk/LayoutTests/http/tests/workers/worker-document-domain-security.html        2016-08-05 18:57:13 UTC (rev 204181)
</span><span class="lines">@@ -5,6 +5,9 @@
</span><span class="cx"> if (window.testRunner)
</span><span class="cx"> testRunner.dumpAsText();
</span><span class="cx">
</span><ins>+if (window.internals)
+ window.internals.settings.setTreatIPAddressAsDomain(true);
+
</ins><span class="cx"> function log(message)
</span><span class="cx"> {
</span><span class="cx"> document.getElementById("result").innerHTML += message + "<br>";
</span></span></pre></div>
<a id="trunkLayoutTestshttptestsxmlhttprequestdocumentdomainsethtml"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/xmlhttprequest/document-domain-set.html (204180 => 204181)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/xmlhttprequest/document-domain-set.html        2016-08-05 18:53:49 UTC (rev 204180)
+++ trunk/LayoutTests/http/tests/xmlhttprequest/document-domain-set.html        2016-08-05 18:57:13 UTC (rev 204181)
</span><span class="lines">@@ -5,6 +5,9 @@
</span><span class="cx"> if (window.testRunner)
</span><span class="cx"> testRunner.dumpAsText();
</span><span class="cx">
</span><ins>+if (window.internals)
+ window.internals.settings.setTreatIPAddressAsDomain(true);
+
</ins><span class="cx"> document.domain = '0.0.1';
</span><span class="cx">
</span><span class="cx"> document.write('Waiting...\n');
</span></span></pre></div>
<a id="trunkSourceWebCoreChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/ChangeLog (204180 => 204181)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/ChangeLog        2016-08-05 18:53:49 UTC (rev 204180)
+++ trunk/Source/WebCore/ChangeLog        2016-08-05 18:57:13 UTC (rev 204181)
</span><span class="lines">@@ -1,3 +1,56 @@
</span><ins>+2016-08-05 John Wilander <wilander@apple.com>
+
+ Don't set document.domain to an IP address fragment
+ https://bugs.webkit.org/show_bug.cgi?id=126045
+ <rdar://problem/27331794>
+
+ Reviewed by Daniel Bates.
+
+ This patch matches the following Blink one:
+ https://chromium.googlesource.com/chromium/blink/+/b19a57fdb323d5a80d3a1cb0a6b343558c4237b0
+
+ IP address octets should not be treated as subdomains when setting
+ document.domain. The specs say:
+ 'The domain attribute's setter must run these steps: ...
+ 7. If host is not equal to effectiveDomain, then run these substeps:
+ 1. If host or effectiveDomain is not a domain, then throw a
+ "SecurityError" DOMException.'
+ https://html.spec.whatwg.org/multipage/browsers.html#relaxing-the-same-origin-restriction
+ Last Updated 5 August 2016
+
+ 'A host is a domain, an IPv4 address, or an IPv6 address.'
+ https://url.spec.whatwg.org/#concept-domain
+ Last Updated 28 July 2016
+
+ Test: http/tests/security/set-domain-remove-subdomain-for-ip-address.html
+
+ * dom/Document.cpp:
+ (WebCore::Document::setDomain):
+ Now checks whether the security origin is allowed to remove
+ subdomains. If not, it throws a security error.
+ * page/OriginAccessEntry.cpp:
+ (WebCore::OriginAccessEntry::OriginAccessEntry):
+ Constructor now expects an IP address setting.
+ (WebCore::OriginAccessEntry::matchesOrigin):
+ Now also checks whether the host in an IP address and returns
+ false if IP addresses aren't configured to be treated as domains.
+ * page/OriginAccessEntry.h:
+ Introduced new enum for IP address setting.
+ Constructor now expects an IP address setting.
+ (WebCore::OriginAccessEntry::ipAddressSettings):
+ New getter.
+ (WebCore::operator==):
+ Now also requires IP address settings to match.
+ * page/SecurityPolicy.cpp:
+ (WebCore::SecurityPolicy::addOriginAccessWhitelistEntry):
+ Changes to match OriginAccessEntry's new constructor.
+ (WebCore::SecurityPolicy::removeOriginAccessWhitelistEntry):
+ Changes to match OriginAccessEntry's new constructor.
+ * page/Settings.in:
+ Added a setting to allow IP address octets to be treated as
+ subdomains. This way our existing tests setting document.domain
+ still work.
+
</ins><span class="cx"> 2016-08-05 Chris Dumez <cdumez@apple.com>
</span><span class="cx">
</span><span class="cx"> Window's named properties should be exposed on a WindowProperties object in its prototype
</span></span></pre></div>
<a id="trunkSourceWebCoredomDocumentcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/dom/Document.cpp (204180 => 204181)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/dom/Document.cpp        2016-08-05 18:53:49 UTC (rev 204180)
+++ trunk/Source/WebCore/dom/Document.cpp        2016-08-05 18:57:13 UTC (rev 204181)
</span><span class="lines">@@ -121,6 +121,7 @@
</span><span class="cx"> #include "NodeIterator.h"
</span><span class="cx"> #include "NodeRareData.h"
</span><span class="cx"> #include "NodeWithIndex.h"
</span><ins>+#include "OriginAccessEntry.h"
</ins><span class="cx"> #include "OverflowEvent.h"
</span><span class="cx"> #include "PageConsoleClient.h"
</span><span class="cx"> #include "PageGroup.h"
</span><span class="lines">@@ -4497,6 +4498,13 @@
</span><span class="cx"> return;
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+ OriginAccessEntry::IPAddressSetting ipAddressSetting = settings() && settings()->treatIPAddressAsDomain() ? OriginAccessEntry::TreatIPAddressAsDomain : OriginAccessEntry::TreatIPAddressAsIPAddress;
+ OriginAccessEntry accessEntry(securityOrigin()->protocol(), newDomain, OriginAccessEntry::AllowSubdomains, ipAddressSetting);
+ if (!accessEntry.matchesOrigin(*securityOrigin())) {
+ ec = SECURITY_ERR;
+ return;
+ }
+
</ins><span class="cx"> String test = domain();
</span><span class="cx"> // Check that it's a subdomain, not e.g. "ebkit.org"
</span><span class="cx"> if (test[oldLength - newLength - 1] != '.') {
</span></span></pre></div>
<a id="trunkSourceWebCorepageOriginAccessEntrycpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/page/OriginAccessEntry.cpp (204180 => 204181)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/page/OriginAccessEntry.cpp        2016-08-05 18:53:49 UTC (rev 204180)
+++ trunk/Source/WebCore/page/OriginAccessEntry.cpp        2016-08-05 18:57:13 UTC (rev 204181)
</span><span class="lines">@@ -35,10 +35,11 @@
</span><span class="cx">
</span><span class="cx"> namespace WebCore {
</span><span class="cx">
</span><del>-OriginAccessEntry::OriginAccessEntry(const String& protocol, const String& host, SubdomainSetting subdomainSetting)
</del><ins>+OriginAccessEntry::OriginAccessEntry(const String& protocol, const String& host, SubdomainSetting subdomainSetting, IPAddressSetting ipAddressSetting)
</ins><span class="cx"> : m_protocol(protocol.convertToASCIILowercase())
</span><span class="cx"> , m_host(host.convertToASCIILowercase())
</span><span class="cx"> , m_subdomainSettings(subdomainSetting)
</span><ins>+ , m_ipAddressSettings(ipAddressSetting)
</ins><span class="cx"> {
</span><span class="cx"> ASSERT(subdomainSetting == AllowSubdomains || subdomainSetting == DisallowSubdomains);
</span><span class="cx">
</span><span class="lines">@@ -65,9 +66,9 @@
</span><span class="cx"> // Otherwise we can only match if we're matching subdomains.
</span><span class="cx"> if (m_subdomainSettings == DisallowSubdomains)
</span><span class="cx"> return false;
</span><del>-
</del><ins>+
</ins><span class="cx"> // Don't try to do subdomain matching on IP addresses.
</span><del>- if (m_hostIsIPAddress)
</del><ins>+ if (m_hostIsIPAddress && m_ipAddressSettings == TreatIPAddressAsIPAddress)
</ins><span class="cx"> return false;
</span><span class="cx">
</span><span class="cx"> // Match subdomains.
</span></span></pre></div>
<a id="trunkSourceWebCorepageOriginAccessEntryh"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/page/OriginAccessEntry.h (204180 => 204181)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/page/OriginAccessEntry.h        2016-08-05 18:53:49 UTC (rev 204180)
+++ trunk/Source/WebCore/page/OriginAccessEntry.h        2016-08-05 18:57:13 UTC (rev 204181)
</span><span class="lines">@@ -44,24 +44,34 @@
</span><span class="cx"> DisallowSubdomains
</span><span class="cx"> };
</span><span class="cx">
</span><ins>+ enum IPAddressSetting {
+ TreatIPAddressAsDomain,
+ TreatIPAddressAsIPAddress
+ };
+
</ins><span class="cx"> // If host is empty string and SubdomainSetting is AllowSubdomains, the entry will match all domains in the specified protocol.
</span><del>- OriginAccessEntry(const String& protocol, const String& host, SubdomainSetting);
</del><ins>+ OriginAccessEntry(const String& protocol, const String& host, SubdomainSetting, IPAddressSetting);
</ins><span class="cx"> bool matchesOrigin(const SecurityOrigin&) const;
</span><span class="cx">
</span><span class="cx"> const String& protocol() const { return m_protocol; }
</span><span class="cx"> const String& host() const { return m_host; }
</span><span class="cx"> SubdomainSetting subdomainSettings() const { return m_subdomainSettings; }
</span><ins>+ IPAddressSetting ipAddressSettings() const { return m_ipAddressSettings; }
</ins><span class="cx">
</span><span class="cx"> private:
</span><span class="cx"> String m_protocol;
</span><span class="cx"> String m_host;
</span><span class="cx"> SubdomainSetting m_subdomainSettings;
</span><ins>+ IPAddressSetting m_ipAddressSettings;
</ins><span class="cx"> bool m_hostIsIPAddress;
</span><span class="cx"> };
</span><span class="cx">
</span><span class="cx"> inline bool operator==(const OriginAccessEntry& a, const OriginAccessEntry& b)
</span><span class="cx"> {
</span><del>- return equalIgnoringASCIICase(a.protocol(), b.protocol()) && equalIgnoringASCIICase(a.host(), b.host()) && a.subdomainSettings() == b.subdomainSettings();
</del><ins>+ return equalIgnoringASCIICase(a.protocol(), b.protocol())
+ && equalIgnoringASCIICase(a.host(), b.host())
+ && a.subdomainSettings() == b.subdomainSettings()
+ && a.ipAddressSettings() == b.ipAddressSettings();
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> inline bool operator!=(const OriginAccessEntry& a, const OriginAccessEntry& b)
</span></span></pre></div>
<a id="trunkSourceWebCorepageSecurityPolicycpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/page/SecurityPolicy.cpp (204180 => 204181)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/page/SecurityPolicy.cpp        2016-08-05 18:53:49 UTC (rev 204180)
+++ trunk/Source/WebCore/page/SecurityPolicy.cpp        2016-08-05 18:57:13 UTC (rev 204181)
</span><span class="lines">@@ -139,7 +139,7 @@
</span><span class="cx"> result.iterator->value = std::make_unique<OriginAccessWhiteList>();
</span><span class="cx">
</span><span class="cx"> OriginAccessWhiteList* list = result.iterator->value.get();
</span><del>- list->append(OriginAccessEntry(destinationProtocol, destinationDomain, allowDestinationSubdomains ? OriginAccessEntry::AllowSubdomains : OriginAccessEntry::DisallowSubdomains));
</del><ins>+ list->append(OriginAccessEntry(destinationProtocol, destinationDomain, allowDestinationSubdomains ? OriginAccessEntry::AllowSubdomains : OriginAccessEntry::DisallowSubdomains, OriginAccessEntry::TreatIPAddressAsIPAddress));
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> void SecurityPolicy::removeOriginAccessWhitelistEntry(const SecurityOrigin& sourceOrigin, const String& destinationProtocol, const String& destinationDomain, bool allowDestinationSubdomains)
</span><span class="lines">@@ -156,7 +156,7 @@
</span><span class="cx"> return;
</span><span class="cx">
</span><span class="cx"> OriginAccessWhiteList& list = *it->value;
</span><del>- OriginAccessEntry originAccessEntry(destinationProtocol, destinationDomain, allowDestinationSubdomains ? OriginAccessEntry::AllowSubdomains : OriginAccessEntry::DisallowSubdomains);
</del><ins>+ OriginAccessEntry originAccessEntry(destinationProtocol, destinationDomain, allowDestinationSubdomains ? OriginAccessEntry::AllowSubdomains : OriginAccessEntry::DisallowSubdomains, OriginAccessEntry::TreatIPAddressAsIPAddress);
</ins><span class="cx"> if (!list.removeFirst(originAccessEntry))
</span><span class="cx"> return;
</span><span class="cx">
</span></span></pre></div>
<a id="trunkSourceWebCorepageSettingsin"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/page/Settings.in (204180 => 204181)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/page/Settings.in        2016-08-05 18:53:49 UTC (rev 204180)
+++ trunk/Source/WebCore/page/Settings.in        2016-08-05 18:57:13 UTC (rev 204181)
</span><span class="lines">@@ -271,3 +271,5 @@
</span><span class="cx"> shouldConvertInvalidURLsToBlank initial=true
</span><span class="cx">
</span><span class="cx"> springTimingFunctionEnabled initial=false
</span><ins>+
+treatIPAddressAsDomain initial=false
</ins></span></pre>
</div>
</div>
</body>
</html>