Skip to content
GitLab
Switch branch/tag
Find file BlameHistoryPermalink
  • inferno@chromium.org's avatar
    2010-10-22 Abhishek Arya <inferno@chromium.org> · 7f449584
    inferno@chromium.org authored 
            Reviewed by Dave Hyatt.

        Add code in getMatchedCSSRules to block cross origin access to stylesheet data. Prevent access
        in Javascript to non author stylesheets.
        https://bugs.webkit.org/show_bug.cgi?id=46853

        Tests: http/tests/security/cross-origin-getMatchedCSSRules.html
               http/tests/security/cross-origin-getMatchedCSSRules2.html

        * css/CSSRule.h:
        * css/CSSStyleSelector.cpp:
        (WebCore::CSSStyleSelector::matchRulesForList):
        (WebCore::CSSStyleSelector::SelectorChecker::SelectorChecker):
        (WebCore::CSSStyleSelector::styleRulesForElement):
        (WebCore::CSSStyleSelector::pseudoStyleRulesForElement):
        * css/CSSStyleSelector.h:
        * page/DOMWindow.cpp:
        (WebCore::DOMWindow::getMatchedCSSRules):
        * page/DOMWindow.idl:
2010-10-22  Abhishek Arya  <inferno@chromium.org>

        Reviewed by Dave Hyatt.

        Tests that cross origin bypass does not work with getMatchedCSSRules. Rebaseline existing tests
        that try to access non-author stylesheets. This functionality is no longer supported. So, css rules
        should return null for those cases.
        https://bugs.webkit.org/show_bug.cgi?id=46853

        * fast/backgrounds/repeat/background-repeat-shorthand-expected.txt:
        * fast/backgrounds/repeat/margin-shorthand-expected.txt:
        * fast/backgrounds/repeat/resources/background-repeat-shorthand.js:
        * fast/backgrounds/repeat/resources/margin-shorthand.js:
        * fast/css/disabled-author-styles.html:
        * fast/css/modify-ua-rules-from-javascript-expected.txt:
        * fast/css/modify-ua-rules-from-javascript.html:
        * fast/css/word-break-user-modify-allowed-values.html:
        * http/tests/security/cross-frame-access-call-expected.txt:
        * http/tests/security/cross-frame-access-call.html:
        * http/tests/security/cross-origin-getMatchedCSSRules-expected.txt: Added.
        * http/tests/security/cross-origin-getMatchedCSSRules.html: Added.
        * http/tests/security/cross-origin-getMatchedCSSRules2-expected.txt: Added.
        * http/tests/security/cross-origin-getMatchedCSSRules2.html: Added.
        * http/tests/security/resources/cross-origin-getMatchedCSSRules-frame.html: Added.
        * platform/chromium/http/tests/security/cross-frame-access-call-expected.txt:
        * platform/qt/http/tests/security/cross-frame-access-call-expected.txt:


git-svn-id: http://svn.webkit.org/repository/webkit/trunk@70335 268f45cc-cd09-0410-ab3c-d52691b4dbfc
    7f449584