File indexing completed on 2024-05-05 16:11:43

 /*
  * Copyright (C) 2007,2008 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
  *
  * 1.  Redistributions of source code must retain the above copyright
  *     notice, this list of conditions and the following disclaimer.
  * 2.  Redistributions in binary form must reproduce the above copyright
  *     notice, this list of conditions and the following disclaimer in the
  *     documentation and/or other materials provided with the distribution.
  * 3.  Neither the name of Apple Computer, Inc. ("Apple") nor the names of
  *     its contributors may be used to endorse or promote products derived
  *     from this software without specific prior written permission.
  *
  * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY
  * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
  * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
  * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY
  * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
  * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
  * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 
 #ifndef SecurityOrigin_h
 #define SecurityOrigin_h
 
 #include <misc/shared.h>
 
 #include <QUrl>
 
 namespace khtml
 {
 
 class SecurityOrigin : public Shared<SecurityOrigin>
 {
 public:
     static SecurityOrigin *createFromString(const QString &);
     static SecurityOrigin *create(const QUrl &);
     static SecurityOrigin *createEmpty();
 
     // Set the domain property of this security origin to newDomain. This
     // function does not check whether newDomain is a suffix of the current
     // domain. The caller is responsible for validating newDomain.
     void setDomainFromDOM(const QString &newDomain);
     bool domainWasSetInDOM() const
     {
         return m_domainWasSetInDOM;
     }
 
     QString protocol() const
     {
         return m_protocol;
     }
     QString host() const
     {
         return m_host;
     }
     QString domain() const
     {
         return m_domain;
     }
     unsigned short port() const
     {
         return m_port;
     }
 
     // Returns true if this SecurityOrigin can script objects in the given
     // SecurityOrigin. For example, call this function before allowing
     // script from one security origin to read or write objects from
     // another SecurityOrigin.
     bool canAccess(const SecurityOrigin *) const;
 
     // Returns true if this SecurityOrigin can read content retrieved from
     // the given URL. For example, call this function before issuing
     // XMLHttpRequests.
     bool canRequest(const QUrl &) const;
 
     // Returns true if drawing an image from this URL taints a canvas from
     // this security origin. For example, call this function before
     // drawing an image onto an HTML canvas element with the drawImage API.
     bool taintsCanvas(const QUrl &) const;
 
     // The local SecurityOrigin is the most privileged SecurityOrigin.
     // The local SecurityOrigin can script any document, navigate to local
     // resources, and can set arbitrary headers on XMLHttpRequests.
     bool isLocal() const;
 
     // The empty SecurityOrigin is the least privileged SecurityOrigin.
     bool isEmpty() const;
 
     // The origin is a globally unique identifier assigned when the Document is
     // created. https://html.spec.whatwg.org/#sandboxOrigin
     bool isUnique() const
     {
         return m_isUnique;
     }
 
     // Marks an origin as being unique.
     void makeUnique();
 
     // Convert this SecurityOrigin into a string. The string
     // representation of a SecurityOrigin is similar to a URL, except it
     // lacks a path component. The string representation does not encode
     // the value of the SecurityOrigin's domain property.
     //
     // When using the string value, it's important to remember that it might be
     // "null". This happens when this SecurityOrigin is unique. For example,
     // this SecurityOrigin might have come from a sandboxed iframe, the
     // SecurityOrigin might be empty, or we might have explicitly decided that
     // we shouldTreatURLSchemeAsNoAccess.
     QString toString() const;
 
     // This method checks for equality, ignoring the value of document.domain
     // (and whether it was set) but considering the host. It is used for postMessage.
     bool isSameSchemeHostPort(const SecurityOrigin *) const;
 
 private:
     SecurityOrigin(const QUrl &);
     explicit SecurityOrigin(const SecurityOrigin *);
 
     QString m_protocol;
     QString m_host;
     QString m_domain;
     unsigned short m_port;
     bool m_domainWasSetInDOM;
     bool m_isUnique;
 };
 
 } // namespace khtml
 
 #endif // SecurityOrigin_h