-
abarth@webkit.org authored
Reviewed by Darin Adler. https://bugs.webkit.org/show_bug.cgi?id=27189 Fixes insufficient check in XSSAuditor::canSetBaseElementURL that caused XSSAuditor to incorrectly block HTML Base elements whose base path coincided with the URL of the page. Test: http/tests/security/xssAuditor/base-href-safe3.html * page/XSSAuditor.cpp: (WebCore::XSSAuditor::canSetBaseElementURL): Changed conditional to only call XSSAuditor::findInRequest() if the host in the page URL disagrees with the host in the base element URL. 2009-07-12 Daniel Bates <dbates@intudata.com> Reviewed by Darin Adler. https://bugs.webkit.org/show_bug.cgi?id=27189 Tests that XSSAuditor does not block HTML Base elements whose path has the same host as the page. * http/tests/security/xssAuditor/base-href-safe3-expected.txt: Added. * http/tests/security/xssAuditor/base-href-safe3.html: Added. * http/tests/security/xssAuditor/resources/base-href/base-href-safe3.html: Added. git-svn-id: http://svn.webkit.org/repository/webkit/trunk@45763 268f45cc-cd09-0410-ab3c-d52691b4dbfc
322a3394