Skip to content
  • abarth@webkit.org's avatar
    WebCore: · c17c9594
    abarth@webkit.org authored
    2008-06-21  Adam Barth  <abarth@webkit.org>
    
            Reviewed by Sam Weinig.
    
            Fix <https://bugs.webkit.org/show_bug.cgi?id=19649>:
              XSL style sheets allowed across origins
    
            Block cross-orgin loads of XSL style sheets, matching Internet
            Explorer, Firefox, and Opera.  Also, we now block loading of XBL
            across origins, matching Firefox.  The XBL behavior does not appear
            testable because XBL seems to not be enabled.
    
            Test: http/tests/security/cross-origin-xsl-BLOCKED.html
    
            * loader/DocLoader.cpp:
            (WebCore::DocLoader::requestResource):
    
    LayoutTests:
    
    2008-06-21  Adam Barth  <abarth@webkit.org>
    
            Reviewed by Sam Weinig.
    
            https://bugs.webkit.org/show_bug.cgi?id=19649
    
            Test that we block cross-orign loads of XSL style sheets.
    
            * http/tests/security/cross-origin-xsl-BLOCKED-expected.txt: Added.
            * http/tests/security/cross-origin-xsl-BLOCKED.html: Added.
            * http/tests/security/resources/cross-origin-xsl.xml: Added.
            * http/tests/security/resources/forbidden-stylesheet.xsl: Added.
    
    
    git-svn-id: http://svn.webkit.org/repository/webkit/trunk@34719 268f45cc-cd09-0410-ab3c-d52691b4dbfc
    c17c9594