-
abarth@webkit.org authored
2008-11-01 Adam Barth <abarth@webkit.org> Reviewed by Sam Weinig. Be sure to check the final URLs of requested resources to make sure we don't get fooled by HTTP redirects. https://bugs.webkit.org/show_bug.cgi?id=21963 Tests: http/tests/security/xss-DENIED-xsl-document-redirect.xml http/tests/security/xss-DENIED-xsl-external-entity-redirect.xml * dom/XMLTokenizerLibxml2.cpp: (WebCore::openFunc): * loader/DocLoader.cpp: (WebCore::DocLoader::canRequest): (WebCore::DocLoader::requestResource): * loader/DocLoader.h: * xml/XSLTProcessor.cpp: (WebCore::docLoaderFunc): LayoutTests: 2008-11-01 Adam Barth <abarth@webkit.org> Reviewed by Sam Weinig. Test that we properly block non-same-origin redirects for these esoteric loads. https://bugs.webkit.org/show_bug.cgi?id=21963 * http/tests/security/resources/xsl-using-document-redirect.xsl: Added. * http/tests/security/resources/xsl-using-external-entity-redirect.xsl: Added. * http/tests/security/xss-DENIED-xsl-document-redirect-expected.txt: Copied from LayoutTests/http/tests/security/xss-DENIED-xsl-document-expected.txt. * http/tests/security/xss-DENIED-xsl-document-redirect.xml: Added. * http/tests/security/xss-DENIED-xsl-external-entity-redirect-expected.txt: Copied from LayoutTests/http/tests/security/xss-DENIED-xsl-external-entity-expected.txt. * http/tests/security/xss-DENIED-xsl-external-entity-redirect.xml: Added. git-svn-id: http://svn.webkit.org/repository/webkit/trunk@38065 268f45cc-cd09-0410-ab3c-d52691b4dbfc
a796cc07