Commit 1d255ef5 authored by inferno@chromium.org's avatar inferno@chromium.org

2010-11-11 Abhishek Arya <inferno@chromium.org>

        Reviewed by Adam Barth.

        Not allow drag and drop across different origins.
        https://bugs.webkit.org/show_bug.cgi?id=49098

        Test: http/tests/security/drag-drop-different-origin.html

        * page/DragController.cpp:
        (WebCore::DragController::tryDocumentDrag):
        * page/SecurityOrigin.cpp:
        (WebCore::SecurityOrigin::canDropOnTarget):
        * page/SecurityOrigin.h:
2010-11-10  Abhishek Arya  <inferno@chromium.org>

        Reviewed by Adam Barth.

        Check that drag and drop is not allowed across different origins.
        https://bugs.webkit.org/show_bug.cgi?id=49098
  
        * http/tests/security/drag-drop-different-origin-expected.txt: Added.
        * http/tests/security/drag-drop-different-origin.html: Added.
        * http/tests/security/resources/drag-drop.html: Added.


git-svn-id: http://svn.webkit.org/repository/webkit/trunk@71925 268f45cc-cd09-0410-ab3c-d52691b4dbfc
parent 9d1e661e
2010-11-10 Abhishek Arya <inferno@chromium.org>
Reviewed by Adam Barth.
Check that drag and drop is not allowed across different origins.
https://bugs.webkit.org/show_bug.cgi?id=49098
* http/tests/security/drag-drop-different-origin-expected.txt: Added.
* http/tests/security/drag-drop-different-origin.html: Added.
* http/tests/security/resources/drag-drop.html: Added.
2010-11-12 Mihai Parparita <mihaip@chromium.org>
Unreviewed Chromium expectations update.
<html>
<head>
<script>
if (window.layoutTestController) {
layoutTestController.dumpAsText();
layoutTestController.waitUntilDone();
}
function moveToCenter(element)
{
x = element.offsetParent.offsetLeft + element.offsetLeft + element.offsetWidth / 2;
y = element.offsetParent.offsetTop + element.offsetTop + element.offsetHeight / 2;
eventSender.mouseMoveTo(x, y);
}
function runTest() {
var x, y;
var span = document.getElementById("span");
moveToCenter(span);
eventSender.mouseDown();
eventSender.mouseUp();
eventSender.mouseDown();
eventSender.mouseUp();
eventSender.leapForward(1000);
eventSender.mouseDown();
eventSender.leapForward(500);
var input = document.getElementById("target");
moveToCenter(input);
eventSender.leapForward(500);
eventSender.mouseUp();
input.contentWindow.postMessage("go", "*");
}
</script>
</head>
<body onload="runTest()">
<span id="span">Dragme</span>
<iframe id="target" src="http://localhost:8000/security/resources/drag-drop.html"></iframe>
</body>
</html>
<script>
window.addEventListener("message", receiveMessage, false);
function receiveMessage(event)
{
if (document.body.innerHTML.match(/Dragme/i))
alert("FAIL");
else
alert("PASS");
if (window.layoutTestController)
layoutTestController.notifyDone();
}
</script>
<body contenteditable="true">
</body>
2010-11-11 Abhishek Arya <inferno@chromium.org>
Reviewed by Adam Barth.
Not allow drag and drop across different origins.
https://bugs.webkit.org/show_bug.cgi?id=49098
Test: http/tests/security/drag-drop-different-origin.html
* page/DragController.cpp:
(WebCore::DragController::tryDocumentDrag):
* page/SecurityOrigin.cpp:
(WebCore::SecurityOrigin::canDropOnTarget):
* page/SecurityOrigin.h:
2010-11-11 Alexander Pavlov <apavlov@chromium.org>
Reviewed by Yury Semikhatsky.
......@@ -295,6 +295,9 @@ bool DragController::tryDocumentDrag(DragData* dragData, DragDestinationAction a
if (!m_documentUnderMouse)
return false;
if (m_dragInitiator && !m_documentUnderMouse->securityOrigin()->canReceiveDragData(m_dragInitiator->securityOrigin()))
return false;
m_isHandlingDrag = false;
if (actionMask & DragDestinationActionDHTML) {
m_isHandlingDrag = tryDHTMLDrag(dragData, operation);
......
......@@ -273,6 +273,18 @@ bool SecurityOrigin::taintsCanvas(const KURL& url) const
return true;
}
bool SecurityOrigin::canReceiveDragData(const SecurityOrigin* dragInitiator) const
{
// FIXME: Currently we treat data URLs as having a unique origin, contrary to the
// current (9/19/2009) draft of the HTML5 specification. We still want to allow
// drop across data URLs, so we special case data URLs below. If we change to
// match HTML5 w.r.t. data URL security, then we can remove this check.
if (m_protocol == "data")
return true;
return canAccess(dragInitiator);
}
bool SecurityOrigin::isAccessWhiteListed(const SecurityOrigin* targetOrigin) const
{
if (OriginAccessWhiteList* list = originAccessMap().get(toString())) {
......
......@@ -84,6 +84,11 @@ public:
// drawing an image onto an HTML canvas element with the drawImage API.
bool taintsCanvas(const KURL&) const;
// Returns true if this SecurityOrigin can receive drag content from the
// initiator. For example, call this function before allowing content to be
// dropped onto a target.
bool canReceiveDragData(const SecurityOrigin* dragInitiator) const;
// Returns true if |document| can display content from the given URL (e.g.,
// in an iframe or as an image). For example, web sites generally cannot
// display content from the user's files system.
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment