• abarth@webkit.org's avatar
    WebCore: · a796cc07
    abarth@webkit.org authored
    2008-11-01  Adam Barth  <abarth@webkit.org>
    
            Reviewed by Sam Weinig.
    
            Be sure to check the final URLs of requested resources to make sure we
            don't get fooled by HTTP redirects.
    
            https://bugs.webkit.org/show_bug.cgi?id=21963
    
            Tests: http/tests/security/xss-DENIED-xsl-document-redirect.xml
                   http/tests/security/xss-DENIED-xsl-external-entity-redirect.xml
    
            * dom/XMLTokenizerLibxml2.cpp:
            (WebCore::openFunc):
            * loader/DocLoader.cpp:
            (WebCore::DocLoader::canRequest):
            (WebCore::DocLoader::requestResource):
            * loader/DocLoader.h:
            * xml/XSLTProcessor.cpp:
            (WebCore::docLoaderFunc):
    
    LayoutTests:
    
    2008-11-01  Adam Barth  <abarth@webkit.org>
    
            Reviewed by Sam Weinig.
    
            Test that we properly block non-same-origin redirects for these
            esoteric loads.
    
            https://bugs.webkit.org/show_bug.cgi?id=21963
    
            * http/tests/security/resources/xsl-using-document-redirect.xsl...
    a796cc07