-
mkwst@chromium.org authored
https://bugs.webkit.org/show_bug.cgi?id=112894 Reviewed by Timothy Hatcher. Source/WebCore: Following up on http://wkbug.com/112813, this patch brings protocol mismatch errors into line with the new origin-only hotness. The message is also changed to display the URL's protocol rather than the origin's protocol: it makes a big difference for 'data:' URLs, for instance. * page/DOMWindow.cpp: (WebCore::DOMWindow::crossDomainAccessErrorMessage): LayoutTests: * http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-allow-block-expected.txt: * http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-block-allow-expected.txt: * http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-block-block-expected.txt: * http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-block-filter-expected.txt: * http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-block-invalid-expected.txt: * http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-block-unset-expected.txt: * http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-filter-block-expected.txt: * http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-invalid-block-expected.txt: * http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-unset-block-expected.txt: * http/tests/security/contentSecurityPolicy/1.1/reflected-xss-block-expected.txt: * http/tests/security/cross-frame-access-protocol-expected.txt: * http/tests/security/cross-frame-access-protocol-explicit-domain-expected.txt: * http/tests/security/dataURL/xss-DENIED-from-data-url-in-foreign-domain-subframe-expected.txt: * http/tests/security/dataURL/xss-DENIED-from-data-url-in-foreign-domain-window-open-expected.txt: * http/tests/security/dataURL/xss-DENIED-from-data-url-sub-frame-2-level-expected.txt: * http/tests/security/dataURL/xss-DENIED-from-data-url-sub-frame-expected.txt: * http/tests/security/dataURL/xss-DENIED-from-javascript-url-window-open-expected.txt: * http/tests/security/dataURL/xss-DENIED-to-data-url-in-foreign-domain-subframe-expected.txt: * http/tests/security/dataURL/xss-DENIED-to-data-url-in-foreign-domain-subframe-location-change-expected.txt: * http/tests/security/dataURL/xss-DENIED-to-data-url-in-foreign-domain-window-open-expected.txt: * http/tests/security/dataURL/xss-DENIED-to-data-url-sub-frame-2-level-expected.txt: * http/tests/security/dataURL/xss-DENIED-to-data-url-sub-frame-expected.txt: * http/tests/security/dataURL/xss-DENIED-to-data-url-sub-frame-uppercase-expected.txt: * http/tests/security/dataURL/xss-DENIED-to-data-url-window-open-expected.txt: * http/tests/security/view-source-no-javascript-url-expected.txt: * http/tests/security/xssAuditor/block-does-not-leak-location-expected.txt: * http/tests/security/xssAuditor/block-does-not-leak-referrer-expected.txt: * http/tests/security/xssAuditor/full-block-base-href-expected.txt: * http/tests/security/xssAuditor/full-block-iframe-javascript-url-expected.txt: * http/tests/security/xssAuditor/full-block-javascript-link-expected.txt: * http/tests/security/xssAuditor/full-block-link-onclick-expected.txt: * http/tests/security/xssAuditor/full-block-object-tag-expected.txt: * http/tests/security/xssAuditor/full-block-script-tag-cross-domain-expected.txt: * http/tests/security/xssAuditor/full-block-script-tag-expected.txt: * http/tests/security/xssAuditor/full-block-script-tag-with-source-expected.txt: * http/tests/security/xssAuditor/xss-protection-parsing-03-expected.txt: * http/tests/security/xssAuditor/xss-protection-parsing-04-expected.txt: * platform/chromium/http/tests/security/dataURL/xss-DENIED-from-data-url-in-foreign-domain-subframe-expected.txt: * platform/chromium/http/tests/security/dataURL/xss-DENIED-from-data-url-in-foreign-domain-window-open-expected.txt: * platform/chromium/http/tests/security/dataURL/xss-DENIED-from-data-url-sub-frame-2-level-expected.txt: * platform/chromium/http/tests/security/dataURL/xss-DENIED-from-data-url-sub-frame-expected.txt: * platform/chromium/http/tests/security/dataURL/xss-DENIED-from-javascript-url-window-open-expected.txt: * platform/chromium/http/tests/security/dataURL/xss-DENIED-to-data-url-in-foreign-domain-subframe-expected.txt: * platform/chromium/http/tests/security/dataURL/xss-DENIED-to-data-url-in-foreign-domain-subframe-location-change-expected.txt: * platform/chromium/http/tests/security/dataURL/xss-DENIED-to-data-url-in-foreign-domain-window-open-expected.txt: * platform/chromium/http/tests/security/dataURL/xss-DENIED-to-data-url-sub-frame-2-level-expected.txt: * platform/chromium/http/tests/security/dataURL/xss-DENIED-to-data-url-sub-frame-expected.txt: * platform/chromium/http/tests/security/dataURL/xss-DENIED-to-data-url-sub-frame-uppercase-expected.txt: * platform/chromium/http/tests/security/dataURL/xss-DENIED-to-data-url-window-open-expected.txt: * platform/chromium/http/tests/security/inactive-document-with-empty-security-origin-expected.txt: * platform/chromium/http/tests/security/window-named-proto-expected.txt: git-svn-id: http://svn.webkit.org/repository/webkit/trunk@146516 268f45cc-cd09-0410-ab3c-d52691b4dbfc
18b6035c