1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
|
/*
* Copyright (C) 1999 Lars Knoll (knoll@kde.org)
* (C) 1999 Antti Koivisto (koivisto@kde.org)
* (C) 2001 Dirk Mueller (mueller@kde.org)
* (C) 2006 Alexey Proskuryakov (ap@webkit.org)
* Copyright (C) 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2012 Apple Inc. All
* rights reserved.
* Copyright (C) 2008, 2009 Torch Mobile Inc. All rights reserved.
* (http://www.torchmobile.com/)
* Copyright (C) 2010 Nokia Corporation and/or its subsidiary(-ies)
* Copyright (C) 2013 Google Inc. All rights reserved.
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Library General Public
* License as published by the Free Software Foundation; either
* version 2 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Library General Public License for more details.
*
* You should have received a copy of the GNU Library General Public License
* along with this library; see the file COPYING.LIB. If not, write to
* the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
* Boston, MA 02110-1301, USA.
*
*/
#ifndef THIRD_PARTY_BLINK_RENDERER_CORE_DOM_DOCUMENT_INIT_H_
#define THIRD_PARTY_BLINK_RENDERER_CORE_DOM_DOCUMENT_INIT_H_
#include "services/network/public/mojom/ip_address_space.mojom-shared.h"
#include "services/network/public/mojom/web_sandbox_flags.mojom-blink.h"
#include "third_party/blink/public/common/frame/frame_policy.h"
#include "third_party/blink/public/mojom/feature_policy/feature_policy.mojom-blink.h"
#include "third_party/blink/public/mojom/security_context/insecure_request_policy.mojom-blink-forward.h"
#include "third_party/blink/renderer/core/core_export.h"
#include "third_party/blink/renderer/core/execution_context/security_context.h"
#include "third_party/blink/renderer/core/html/custom/v0_custom_element_registration_context.h"
#include "third_party/blink/renderer/platform/graphics/color.h"
#include "third_party/blink/renderer/platform/heap/handle.h"
#include "third_party/blink/renderer/platform/weborigin/kurl.h"
namespace blink {
class ContentSecurityPolicy;
class Document;
class DocumentLoader;
class HTMLImportsController;
class LocalFrame;
class PluginData;
class Settings;
class UseCounter;
class WindowAgentFactory;
class CORE_EXPORT DocumentInit final {
STACK_ALLOCATED();
public:
// Use either of the following methods to create a DocumentInit instance, and
// then add a chain of calls to the .WithFooBar() methods to add optional
// parameters to it.
//
// Example:
//
// DocumentInit init = DocumentInit::Create()
// .WithDocumentLoader(loader)
// .WithContextDocument(context_document)
// .WithURL(url);
// Document* document = MakeGarbageCollected<Document>(init);
static DocumentInit Create();
DocumentInit(const DocumentInit&);
~DocumentInit();
enum class Type {
kHTML,
kXHTML,
kImage,
kPlugin,
kMedia,
kSVG,
kXML,
kViewSource,
kText,
kUnspecified
};
DocumentInit& WithImportsController(HTMLImportsController*);
HTMLImportsController* ImportsController() const {
return imports_controller_;
}
bool HasSecurityContext() const { return MasterDocumentLoader(); }
bool IsSrcdocDocument() const;
bool ShouldSetURL() const;
network::mojom::blink::WebSandboxFlags GetSandboxFlags() const;
mojom::blink::InsecureRequestPolicy GetInsecureRequestPolicy() const;
const SecurityContext::InsecureNavigationsSet* InsecureNavigationsToUpgrade()
const;
bool GrantLoadLocalResources() const { return grant_load_local_resources_; }
Settings* GetSettings() const;
DocumentInit& WithDocumentLoader(DocumentLoader*);
LocalFrame* GetFrame() const;
UseCounter* GetUseCounter() const;
// Compute the type of document to be loaded inside a |frame|, given its |url|
// and its |mime_type|.
//
// In case of plugin handled by MimeHandlerview (which do not create a
// PluginDocument), the type is Type::KHTML and |is_for_external_handler| is
// set to true.
static Type ComputeDocumentType(LocalFrame* frame,
const KURL& url,
const String& mime_type,
bool* is_for_external_handler = nullptr);
DocumentInit& WithTypeFrom(const String& mime_type);
Type GetType() const { return type_; }
const String& GetMimeType() const { return mime_type_; }
bool IsForExternalHandler() const { return is_for_external_handler_; }
Color GetPluginBackgroundColor() const { return plugin_background_color_; }
// Used by the DOMImplementation and DOMParser to pass their parent Document
// so that the created Document will return the Document when the
// ContextDocument() method is called.
DocumentInit& WithContextDocument(Document*);
Document* ContextDocument() const;
DocumentInit& WithURL(const KURL&);
const KURL& Url() const { return url_; }
scoped_refptr<SecurityOrigin> GetDocumentOrigin() const;
// Specifies the Document to inherit security configurations from.
DocumentInit& WithOwnerDocument(Document*);
Document* OwnerDocument() const { return owner_document_; }
// Specifies the SecurityOrigin in which the URL was requested. This is
// relevant for determining properties of the resulting document's origin
// when loading data: and about: schemes.
DocumentInit& WithInitiatorOrigin(
scoped_refptr<const SecurityOrigin> initiator_origin);
DocumentInit& WithOriginToCommit(
scoped_refptr<SecurityOrigin> origin_to_commit);
const scoped_refptr<SecurityOrigin>& OriginToCommit() const {
return origin_to_commit_;
}
DocumentInit& WithIPAddressSpace(
network::mojom::IPAddressSpace ip_address_space);
network::mojom::IPAddressSpace GetIPAddressSpace() const;
DocumentInit& WithSrcdocDocument(bool is_srcdoc_document);
DocumentInit& WithBlockedByCSP(bool blocked_by_csp);
DocumentInit& WithGrantLoadLocalResources(bool grant_load_local_resources);
DocumentInit& WithRegistrationContext(V0CustomElementRegistrationContext*);
V0CustomElementRegistrationContext* RegistrationContext(Document*) const;
DocumentInit& WithNewRegistrationContext();
DocumentInit& WithFeaturePolicyHeader(const String& header);
const String& FeaturePolicyHeader() const { return feature_policy_header_; }
DocumentInit& WithReportOnlyFeaturePolicyHeader(const String& header);
const String& ReportOnlyFeaturePolicyHeader() const {
return report_only_feature_policy_header_;
}
DocumentInit& WithOriginTrialsHeader(const String& header);
const String& OriginTrialsHeader() const { return origin_trials_header_; }
DocumentInit& WithSandboxFlags(network::mojom::blink::WebSandboxFlags flags);
DocumentInit& WithContentSecurityPolicy(ContentSecurityPolicy* policy);
DocumentInit& WithContentSecurityPolicyFromContextDoc();
ContentSecurityPolicy* GetContentSecurityPolicy() const;
DocumentInit& WithFramePolicy(
const base::Optional<FramePolicy>& frame_policy);
const base::Optional<FramePolicy>& GetFramePolicy() const {
return frame_policy_;
}
DocumentInit& WithDocumentPolicy(
const DocumentPolicy::ParsedDocumentPolicy& document_policy);
const DocumentPolicy::ParsedDocumentPolicy& GetDocumentPolicy() const {
return document_policy_;
}
DocumentInit& WithReportOnlyDocumentPolicyHeader(const String& header);
const String& ReportOnlyDocumentPolicyHeader() const {
return report_only_document_policy_header_;
}
DocumentInit& WithWebBundleClaimedUrl(const KURL& web_bundle_claimed_url);
const KURL& GetWebBundleClaimedUrl() const { return web_bundle_claimed_url_; }
WindowAgentFactory* GetWindowAgentFactory() const;
Settings* GetSettingsForWindowAgentFactory() const;
private:
DocumentInit() = default;
// For a Document associated directly with a frame, this will be the
// DocumentLoader driving the commit. For an import, XSLT-generated
// document, etc., it will be the DocumentLoader that drove the commit
// of its owning Document.
DocumentLoader* MasterDocumentLoader() const;
static PluginData* GetPluginData(LocalFrame* frame, const KURL& url);
Type type_ = Type::kUnspecified;
String mime_type_;
DocumentLoader* document_loader_ = nullptr;
Document* parent_document_ = nullptr;
HTMLImportsController* imports_controller_ = nullptr;
Document* context_document_ = nullptr;
KURL url_;
Document* owner_document_ = nullptr;
// Initiator origin is used for calculating the document origin when the
// navigation is started in a different process. In such cases, the document
// which initiates the navigation sends its origin to the browser process and
// it is provided by the browser process here. It is used for cases such as
// data: URLs, which inherit their origin from the initiator of the
// navigation.
// Note: about:blank should also behave this way, however currently it
// inherits its origin from the parent frame or opener, regardless of whether
// it is the initiator or not.
scoped_refptr<const SecurityOrigin> initiator_origin_;
// The |origin_to_commit_| is to be used directly without calculating the
// document origin at initialization time. It is specified by the browser
// process for session history navigations. This allows us to preserve
// the origin across session history and ensure the exact same origin
// is present on such navigations to URLs that inherit their origins (e.g.
// about:blank and data: URLs).
scoped_refptr<SecurityOrigin> origin_to_commit_;
// Whether we should treat the new document as "srcdoc" document. This
// affects security checks, since srcdoc's content comes directly from
// the parent document, not from loading a URL.
bool is_srcdoc_document_ = false;
// Whether the actual document was blocked by csp and we are creating a dummy
// empty document instead.
bool blocked_by_csp_ = false;
// Whether the document should be able to access local file:// resources.
bool grant_load_local_resources_ = false;
V0CustomElementRegistrationContext* registration_context_ = nullptr;
bool create_new_registration_context_ = false;
// The feature policy set via response header.
String feature_policy_header_;
String report_only_feature_policy_header_;
// The origin trial set via response header.
String origin_trials_header_;
// Additional sandbox flags
network::mojom::blink::WebSandboxFlags sandbox_flags_ =
network::mojom::blink::WebSandboxFlags::kNone;
// Loader's CSP
ContentSecurityPolicy* content_security_policy_ = nullptr;
bool content_security_policy_from_context_doc_ = false;
network::mojom::IPAddressSpace ip_address_space_ =
network::mojom::IPAddressSpace::kUnknown;
// The frame policy snapshot from the beginning of navigation.
base::Optional<FramePolicy> frame_policy_ = base::nullopt;
// The document policy set via response header.
DocumentPolicy::ParsedDocumentPolicy document_policy_;
String report_only_document_policy_header_;
// The claimed URL inside Web Bundle file from which the document is loaded.
// This URL is used for window.location and document.URL and relative path
// computation in the document.
KURL web_bundle_claimed_url_;
bool is_for_external_handler_ = false;
Color plugin_background_color_;
};
} // namespace blink
#endif // THIRD_PARTY_BLINK_RENDERER_CORE_DOM_DOCUMENT_INIT_H_
|
