From 8e911ec11a6f7ddbd404c18a8b096a9bf5d97273 Mon Sep 17 00:00:00 2001 From: Selim Gurun Date: Fri, 20 Apr 2012 16:34:48 -0700 Subject: [PATCH] DO NOT MERGE Add API for file origin policy. Bug: 6212665 Add hidden websettings api for configuring file origin policy. Change-Id: I261ba6369fe606ca76f87c6a00d1168b44bcf1ab --- core/java/android/webkit/WebSettings.java | 70 +++++++++++++++++++++++ 1 file changed, 70 insertions(+) diff --git a/core/java/android/webkit/WebSettings.java b/core/java/android/webkit/WebSettings.java index f947f95f9d9a0..e2074ec05fba5 100644 --- a/core/java/android/webkit/WebSettings.java +++ b/core/java/android/webkit/WebSettings.java @@ -181,6 +181,8 @@ public class WebSettings { private boolean mBlockNetworkImage = false; private boolean mBlockNetworkLoads; private boolean mJavaScriptEnabled = false; + private boolean mAllowUniversalAccessFromFileURLs = true; + private boolean mAllowFileAccessFromFileURLs = true; private boolean mHardwareAccelSkia = false; private boolean mShowVisualIndicator = false; private PluginState mPluginState = PluginState.OFF; @@ -1263,6 +1265,47 @@ public class WebSettings { } } + /** + * Sets whether JavaScript running in the context of a file scheme URL + * should be allowed to access content from any origin. This includes + * access to content from other file scheme URLs. See + * {@link #setAllowFileAccessFromFileURLs}. To enable the most restrictive, + * and therefore secure policy, this setting should be disabled. + *

+ * The default value is true. + * + * @param flag whether JavaScript running in the context of a file scheme + * URL should be allowed to access content from any origin + * @hide + */ + public synchronized void setAllowUniversalAccessFromFileURLs(boolean flag) { + if (mAllowUniversalAccessFromFileURLs != flag) { + mAllowUniversalAccessFromFileURLs = flag; + postSync(); + } + } + + /** + * Sets whether JavaScript running in the context of a file scheme URL + * should be allowed to access content from other file scheme URLs. To + * enable the most restrictive, and therefore secure policy, this setting + * should be disabled. Note that the value of this setting is ignored if + * the value of {@link #getAllowUniversalAccessFromFileURLs} is true. + *

+ * The default value is true. + * + * @param flag whether JavaScript running in the context of a file scheme + * URL should be allowed to access content from other file + * scheme URLs + * @hide + */ + public synchronized void setAllowFileAccessFromFileURLs(boolean flag) { + if (mAllowFileAccessFromFileURLs != flag) { + mAllowFileAccessFromFileURLs = flag; + postSync(); + } + } + /** * Tell the WebView to use Skia's hardware accelerated rendering path * @param flag True if the WebView should use Skia's hw-accel path @@ -1499,6 +1542,33 @@ public class WebSettings { return mJavaScriptEnabled; } + /** + * Gets whether JavaScript running in the context of a file scheme URL can + * access content from any origin. This includes access to content from + * other file scheme URLs. + * + * @return whether JavaScript running in the context of a file scheme URL + * can access content from any origin + * @see #setAllowUniversalAccessFromFileURLs + * @hide + */ + public synchronized boolean getAllowUniversalAccessFromFileURLs() { + return mAllowUniversalAccessFromFileURLs; + } + + /** + * Gets whether JavaScript running in the context of a file scheme URL can + * access content from other file scheme URLs. + * + * @return whether JavaScript running in the context of a file scheme URL + * can access content from other file scheme URLs + * @see #setAllowFileAccessFromFileURLs + * @hide + */ + public synchronized boolean getAllowFileAccessFromFileURLs() { + return mAllowFileAccessFromFileURLs; + } + /** * Return true if plugins are enabled. * @return True if plugins are enabled.