2010-11-29 Gavin Peters <gavinp@chromium.org>

        Reviewed by Adam Barth.

        Web page can prevent WebKit from loading subresources on other
        pages (cache poisoning)
        https://bugs.webkit.org/show_bug.cgi?id=35404

        * http/tests/misc/unloadable-script-expected.txt: Renamed from LayoutTests/fast/loader/unloadable-script-expected.txt.
        * http/tests/misc/unloadable-script.html: Renamed from LayoutTests/fast/loader/unloadable-script.html.
        * loader/reload-subresource-when-type-changes-expected.txt: Added.
        * loader/reload-subresource-when-type-changes.html: Added.
        * loader/resources/image1.png: Added.
        * loader/resources/image2.png: Added.
        * loader/resources/reload-subresource-when-type-changes.js: Added.
2010-11-29  Gavin Peters  <gavinp@chromium.org>

        Reviewed by Adam Barth.

        Web page can prevent WebKit from loading subresources on other
        pages (cache poisoning)
        https://bugs.webkit.org/show_bug.cgi?id=35404

        Tests: http/tests/misc/unloadable-script.html
               loader/reload-subresource-when-type-changes.html

        * loader/cache/MemoryCache.cpp:
        (WebCore::MemoryCache::requestResource):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@72817 268f45cc-cd09-0410-ab3c-d52691b4dbfc
parent 86bc4a71
2010-11-29 Gavin Peters <gavinp@chromium.org>
Reviewed by Adam Barth.
Web page can prevent WebKit from loading subresources on other
pages (cache poisoning)
https://bugs.webkit.org/show_bug.cgi?id=35404
* http/tests/misc/unloadable-script-expected.txt: Renamed from LayoutTests/fast/loader/unloadable-script-expected.txt.
* http/tests/misc/unloadable-script.html: Renamed from LayoutTests/fast/loader/unloadable-script.html.
* loader/reload-subresource-when-type-changes-expected.txt: Added.
* loader/reload-subresource-when-type-changes.html: Added.
* loader/resources/image1.png: Added.
* loader/resources/image2.png: Added.
* loader/resources/reload-subresource-when-type-changes.js: Added.
2010-11-29 Adam Roben <aroben@apple.com>
Check in new Windows results after r72678
CONSOLE MESSAGE: line 0: Not allowed to load local resource: foobar
Test for bug 13584: <script> code wrongly assumes requests can't fail.
No crash == SUCCESS.
onerror called (good!)
onerror called (good!)
......@@ -15,14 +15,14 @@ function log(message) {
<div id=console></div>
<img src="resources/foobar">
<script id=test_script></script>
<script>
if (window.layoutTestController)
layoutTestController.dumpAsText();
document.getElementById('test_script').src = "resources/foobar";
<!-- we are an HTTP test so the security origin will fail the file method -->
document.getElementById('test_script').src = "file:///foobar";
script = document.createElement("script");
script.setAttribute("src", "resources/foobar");
......
CONSOLE MESSAGE: line 1: SyntaxError: Parse error
PASS 1 of 3
PASS 2 of 3
PASS 3 of 3
<div id="logDiv">FAILED</div>
<script>
if (window.layoutTestController)
layoutTestController.dumpAsText();
var logDiv = document.getElementById("logDiv");
function clearLog()
{
logDiv.innerHTML = "";
}
function log(string)
{
logDiv.appendChild(document.createTextNode(string));
logDiv.appendChild(document.createElement("br"));
}
function checkLoadedImage(event, testNumber) {
var imageWidth = event.target.width;
if (imageWidth == 25)
log("PASS " + testNumber + " of 3");
else
log("IMAGE SIZE " + imageWidth + " FAIL - " + testNumber + " of 2");
}
</script>
<img src="resources/reload-subresource-when-type-changes.js">
<script src="resources/reload-subresource-when-type-changes.js"></script>
<link rel="prefetch" href="resources/image1.png">
<img src="resources/image1.png" onerror="log('LOAD ERROR - FAIL 2 of 3)" onload="checkLoadedImage(event, 2)">
<script src="resources/image2.png"></script>
<img src="resources/image2.png" onerror="log('LOAD ERROR - FAIL 2 of 3)" onload="checkLoadedImage(event, 3)">
2010-11-29 Gavin Peters <gavinp@chromium.org>
Reviewed by Adam Barth.
Web page can prevent WebKit from loading subresources on other
pages (cache poisoning)
https://bugs.webkit.org/show_bug.cgi?id=35404
Tests: http/tests/misc/unloadable-script.html
loader/reload-subresource-when-type-changes.html
* loader/cache/MemoryCache.cpp:
(WebCore::MemoryCache::requestResource):
2010-11-29 Simon Fraser <simon.fraser@apple.com>
Reviewed by Dan Bernstein.
......@@ -126,7 +126,13 @@ CachedResource* MemoryCache::requestResource(CachedResourceLoader* cachedResourc
FrameLoader::reportLocalLoadFailed(cachedResourceLoader->document()->frame(), url.string());
return 0;
}
if (resource && resource->type() != type) {
LOG(ResourceLoading, "Cache::requestResource found a cache resource with matching url but different type, evicting and loading with new type.");
evict(resource);
resource = 0;
}
if (!resource) {
LOG(ResourceLoading, "CachedResource for '%s' wasn't found in cache. Creating it", url.string().latin1().data());
// The resource does not exist. Create it.
......@@ -157,11 +163,6 @@ CachedResource* MemoryCache::requestResource(CachedResourceLoader* cachedResourc
}
}
if (resource->type() != type) {
LOG(ResourceLoading, "MemoryCache::requestResource cannot use cached resource for '%s' due to type mismatch", url.string().latin1().data());
return 0;
}
if (!disabled()) {
// This will move the resource to the front of its LRU list and increase its access count.
resourceAccessed(resource);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment