-
inferno@chromium.org authored
Reviewed by Dave Hyatt. Add code in getMatchedCSSRules to block cross origin access to stylesheet data. Prevent access in Javascript to non author stylesheets. https://bugs.webkit.org/show_bug.cgi?id=46853 Tests: http/tests/security/cross-origin-getMatchedCSSRules.html http/tests/security/cross-origin-getMatchedCSSRules2.html * css/CSSRule.h: * css/CSSStyleSelector.cpp: (WebCore::CSSStyleSelector::matchRulesForList): (WebCore::CSSStyleSelector::SelectorChecker::SelectorChecker): (WebCore::CSSStyleSelector::styleRulesForElement): (WebCore::CSSStyleSelector::pseudoStyleRulesForElement): * css/CSSStyleSelector.h: * page/DOMWindow.cpp: (WebCore::DOMWindow::getMatchedCSSRules): * page/DOMWindow.idl: 2010-10-22 Abhishek Arya <inferno@chromium.org> Reviewed by Dave Hyatt. Tests that cross origin bypass does not work with getMatchedCSSRules. Rebaseline existing tests that try to access non-author stylesheets. This functionality is no longer supported. So, css rules should return null for those cases. https://bugs.webkit.org/show_bug.cgi?id=46853 * fast/backgrounds/repeat/background-repeat-shorthand-expected.txt: * fast/backgrounds/repeat/margin-shorthand-expected.txt: * fast/backgrounds/repeat/resources/background-repeat-shorthand.js: * fast/backgrounds/repeat/resources/margin-shorthand.js: * fast/css/disabled-author-styles.html: * fast/css/modify-ua-rules-from-javascript-expected.txt: * fast/css/modify-ua-rules-from-javascript.html: * fast/css/word-break-user-modify-allowed-values.html: * http/tests/security/cross-frame-access-call-expected.txt: * http/tests/security/cross-frame-access-call.html: * http/tests/security/cross-origin-getMatchedCSSRules-expected.txt: Added. * http/tests/security/cross-origin-getMatchedCSSRules.html: Added. * http/tests/security/cross-origin-getMatchedCSSRules2-expected.txt: Added. * http/tests/security/cross-origin-getMatchedCSSRules2.html: Added. * http/tests/security/resources/cross-origin-getMatchedCSSRules-frame.html: Added. * platform/chromium/http/tests/security/cross-frame-access-call-expected.txt: * platform/qt/http/tests/security/cross-frame-access-call-expected.txt: git-svn-id: http://svn.webkit.org/repository/webkit/trunk@70335 268f45cc-cd09-0410-ab3c-d52691b4dbfcinferno@chromium.org authoredReviewed by Dave Hyatt. Add code in getMatchedCSSRules to block cross origin access to stylesheet data. Prevent access in Javascript to non author stylesheets. https://bugs.webkit.org/show_bug.cgi?id=46853 Tests: http/tests/security/cross-origin-getMatchedCSSRules.html http/tests/security/cross-origin-getMatchedCSSRules2.html * css/CSSRule.h: * css/CSSStyleSelector.cpp: (WebCore::CSSStyleSelector::matchRulesForList): (WebCore::CSSStyleSelector::SelectorChecker::SelectorChecker): (WebCore::CSSStyleSelector::styleRulesForElement): (WebCore::CSSStyleSelector::pseudoStyleRulesForElement): * css/CSSStyleSelector.h: * page/DOMWindow.cpp: (WebCore::DOMWindow::getMatchedCSSRules): * page/DOMWindow.idl: 2010-10-22 Abhishek Arya <inferno@chromium.org> Reviewed by Dave Hyatt. Tests that cross origin bypass does not work with getMatchedCSSRules. Rebaseline existing tests that try to access non-author stylesheets. This functionality is no longer supported. So, css rules should return null for those cases. https://bugs.webkit.org/show_bug.cgi?id=46853 * fast/backgrounds/repeat/background-repeat-shorthand-expected.txt: * fast/backgrounds/repeat/margin-shorthand-expected.txt: * fast/backgrounds/repeat/resources/background-repeat-shorthand.js: * fast/backgrounds/repeat/resources/margin-shorthand.js: * fast/css/disabled-author-styles.html: * fast/css/modify-ua-rules-from-javascript-expected.txt: * fast/css/modify-ua-rules-from-javascript.html: * fast/css/word-break-user-modify-allowed-values.html: * http/tests/security/cross-frame-access-call-expected.txt: * http/tests/security/cross-frame-access-call.html: * http/tests/security/cross-origin-getMatchedCSSRules-expected.txt: Added. * http/tests/security/cross-origin-getMatchedCSSRules.html: Added. * http/tests/security/cross-origin-getMatchedCSSRules2-expected.txt: Added. * http/tests/security/cross-origin-getMatchedCSSRules2.html: Added. * http/tests/security/resources/cross-origin-getMatchedCSSRules-frame.html: Added. * platform/chromium/http/tests/security/cross-frame-access-call-expected.txt: * platform/qt/http/tests/security/cross-frame-access-call-expected.txt: git-svn-id: http://svn.webkit.org/repository/webkit/trunk@70335 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Loading