-
abarth@webkit.org authored
2008-06-21 Adam Barth <abarth@webkit.org> Reviewed by Sam Weinig. Fix <https://bugs.webkit.org/show_bug.cgi?id=19649>: XSL style sheets allowed across origins Block cross-orgin loads of XSL style sheets, matching Internet Explorer, Firefox, and Opera. Also, we now block loading of XBL across origins, matching Firefox. The XBL behavior does not appear testable because XBL seems to not be enabled. Test: http/tests/security/cross-origin-xsl-BLOCKED.html * loader/DocLoader.cpp: (WebCore::DocLoader::requestResource): LayoutTests: 2008-06-21 Adam Barth <abarth@webkit.org> Reviewed by Sam Weinig. https://bugs.webkit.org/show_bug.cgi?id=19649 Test that we block cross-orign loads of XSL style sheets. * http/tests/security/cross-origin-xsl-BLOCKED-expected.txt: Added. * http/tests/security/cross-origin-xsl-BLOCKED.html: Added. * http/tests/security/resources/cross-origin-xsl.xml: Added. * http/tests/security/resources/forbidden-stylesheet.xsl: Added. git-svn-id: http://svn.webkit.org/repository/webkit/trunk@34719 268f45cc-cd09-0410-ab3c-d52691b4dbfc
c17c9594