Skip to content
Find file Blame History Permalink
  • mjs's avatar
    WebCore: · 2b06eabb
    mjs authored 
            Reviewed by Darin.

	<rdar://problem/4005575> Arbitrary file disclosure vulnerability due to ability to load local html from remote content

        * khtml/ecma/kjs_html.cpp:
        (KJS::HTMLDocument::putValue):
        * khtml/ecma/kjs_window.cpp:
        (Window::put):
        (WindowFunc::tryCall):
        (Location::put):
        (LocationFunc::tryCall):
        * khtml/khtml_part.cpp:
        (KHTMLPart::begin):
        (KHTMLPart::scheduleLocationChange):
        (KHTMLPart::slotRedirect):
        (KHTMLPart::processObjectRequest):
        * khtml/khtml_part.h:
        * khtml/khtmlpart_p.h:
        * kwq/KWQKHTMLPart.mm:
        (KWQKHTMLPart::openURLRequest):
        (KWQKHTMLPart::urlSelected):
        (KWQKHTMLPart::createPart):
        * kwq/KWQKHTMLPartBrowserExtension.mm:
        (KHTMLPartBrowserExtension::createNewWindow):
        * kwq/WebCoreBridge.h:
        * kwq/WebCoreBridge.mm:
        (hasCaseInsensitivePrefix):
        (-[WebCoreBridge didNotOpenURL:pageCache:]):
        (-[WebCoreBridge canLoadURL:fromReferrer:hideReferrer:]):

WebKit:

        Reviewed by Darin.

	<rdar://problem/4005575> Arbitrary file disclosure vulnerability due to ability to load local html from remote content

	* Plugins.subproj/WebBaseNetscapePluginView.m:
        (-[WebBaseNetscapePluginView requestWithURLCString:]):
        * Plugins.subproj/WebNetscapePluginEmbeddedView.m:
        (-[WebNetscapePluginEmbeddedView didStart]):
        * Plugins.subproj/WebNetscapePluginStream.m:
        (-[WebNetscapePluginStream initWithRequest:pluginPointer:notifyData:sendNotification:]):
        * WebCoreSupport.subproj/WebBridge.m:
        (-[WebBridge createWindowWithURL:frameName:]):
        (-[WebBridge startLoadingResource:withURL:customHeaders:]):
        (-[WebBridge startLoadingResource:withURL:customHeaders:postData:]):
        (-[WebBridge syncLoadResourceWithURL:customHeaders:postData:finalURL:responseHeaders:statusCode:]):
        (-[WebBridge loadURL:referrer:reload:userGesture:target:triggeringEvent:form:formValues:]):
        (-[WebBridge postWithURL:referrer:target:data:contentType:triggeringEvent:form:formValues:]):
        (-[WebBridge createChildFrameNamed:withURL:referrer:renderPart:allowsScrolling:marginWidth:marginHeight:]):
        (-[WebBridge viewForPluginWithURL:attributeNames:attributeValues:MIMEType:]):
        * WebView.subproj/WebFrame.m:
        (-[WebFrame _loadURL:referrer:intoChild:]):
        * WebView.subproj/WebFramePrivate.h:


git-svn-id: http://svn.webkit.org/repository/webkit/trunk@8837 268f45cc-cd09-0410-ab3c-d52691b4dbfc
    2b06eabb