Skip to content
  • abarth@webkit.org's avatar
    2009-07-12 Daniel Bates <dbates@intudata.com> · 322a3394
    abarth@webkit.org authored
            Reviewed by Darin Adler.
    
            https://bugs.webkit.org/show_bug.cgi?id=27189
            
            Fixes insufficient check in XSSAuditor::canSetBaseElementURL that caused 
            XSSAuditor to incorrectly block HTML Base elements whose base path coincided 
            with the URL of the page.
    
            Test: http/tests/security/xssAuditor/base-href-safe3.html
    
            * page/XSSAuditor.cpp:
            (WebCore::XSSAuditor::canSetBaseElementURL): Changed conditional to only call 
            XSSAuditor::findInRequest() if the host in the page URL disagrees with the host 
            in the base element URL.
    
    2009-07-12  Daniel Bates  <dbates@intudata.com>
    
            Reviewed by Darin Adler.
    
            https://bugs.webkit.org/show_bug.cgi?id=27189
            
            Tests that XSSAuditor does not block HTML Base elements whose path has the 
            same host as the page.
    
            * http/tests/security/xssAuditor/base-href-safe3-expected.txt: Added.
            * http/tests/security/xssAuditor/base-href-safe3.html: Added.
            * http/tests/security/xssAuditor/resources/base-href/base-href-safe3.html: Added.
    
    
    
    git-svn-id: http://svn.webkit.org/repository/webkit/trunk@45763 268f45cc-cd09-0410-ab3c-d52691b4dbfc
    322a3394