-
commit-queue@webkit.org authored
https://bugs.webkit.org/show_bug.cgi?id=68706 Patch by Ken Buchanan <kenrb@chromium.org> on 2011-10-03 Reviewed by Adam Barth. Source/WebCore: Modified MainResourceLoader to add an extra security check on HTTP redirects. Also, moved isFeedWithNestedProtocolInHTTPFamily to SecurityOrigin.cpp. * loader/FrameLoader.cpp: (WebCore::isFeedWithNestedProtocolInHTTPFamily): (WebCore::FrameLoader::loadFrameRequest): * loader/MainResourceLoader.cpp: (WebCore::MainResourceLoader::willSendRequest): * page/SecurityOrigin.cpp: (WebCore::isFeedWithNestedProtocolInHTTPFamily): (WebCore::SecurityOrigin::canDisplay): LayoutTests: Adding a test to attempt an HTTP redirect to a file: URL. * http/tests/security/redirect-BLOCKED-to-localURL.html: Added. * http/tests/security/redirect-BLOCKED-to-localURL-expected.txt: Added. * http/tests/security/resources/file-redirect-target.html: Added. git-svn-id: http://svn.webkit.org/repository/webkit/trunk@96610 268f45cc-cd09-0410-ab3c-d52691b4dbfc
d065482e