Skip to content
  • weinig@apple.com's avatar
    WebCore: · 59084be0
    weinig@apple.com authored
            Reviewed by Sam Weinig.
    
            Fix for http://bugs.webkit.org/show_bug.cgi?id=16775
    
            We now use frame()->loader()->url() for postMessage, preventing a
            malicious sender from overwriting the uri property (using a <base> tag,
            for example). Also, use frame->loader()->url().host() instead of 
            instead of document()->SecurityOrigin()->domain() to reflect a recent
            clarification in the HTML5 spec. 
    
            Tests: http/tests/security/postMessage/domain-affected-by-document-domain.html
                   http/tests/security/postMessage/domain-and-uri-unaffected-by-base-tag.html
                   http/tests/security/postMessage/javascript-page-still-sends-domain.html
    
            * bindings/js/JSDOMWindowCustom.cpp:
            (WebCore::JSDOMWindow::postMessage):
    
    LayoutTests:
    
            Reviewed by Sam Weinig.
    
            Tests for http://bugs.webkit.org/show_bug.cgi?id=16775
    
            * http/tests/security/postMessage: Added.
            * http/tests/security/postMessage/domain-and-uri-unaffected-by-base-tag-expected.txt: Added.
            * http/tests/security/postMessage/domain-and-uri-unaffected-by-base-tag.html: Added.
            * http/tests/security/postMessage/domain-unaffected-by-document-domain-expected.txt: Added.
            * http/tests/security/postMessage/domain-unaffected-by-document-domain.html: Added.
            * http/tests/security/postMessage/javascript-page-still-sends-domain-expected.txt: Added.
            * http/tests/security/postMessage/javascript-page-still-sends-domain.html: Added.
            * http/tests/security/postMessage/resources: Added.
            * http/tests/security/postMessage/resources/javascript-post-message-sender.html: Added.
            * http/tests/security/postMessage/resources/post-message-listener.html: Added.
    
    
    
    git-svn-id: http://svn.webkit.org/repository/webkit/trunk@29678 268f45cc-cd09-0410-ab3c-d52691b4dbfc
    59084be0