Commit 322a3394 authored by abarth@webkit.org's avatar abarth@webkit.org
Browse files

2009-07-12 Daniel Bates <dbates@intudata.com>

        Reviewed by Darin Adler.

        https://bugs.webkit.org/show_bug.cgi?id=27189
        
        Fixes insufficient check in XSSAuditor::canSetBaseElementURL that caused 
        XSSAuditor to incorrectly block HTML Base elements whose base path coincided 
        with the URL of the page.

        Test: http/tests/security/xssAuditor/base-href-safe3.html

        * page/XSSAuditor.cpp:
        (WebCore::XSSAuditor::canSetBaseElementURL): Changed conditional to only call 
        XSSAuditor::findInRequest() if the host in the page URL disagrees with the host 
        in the base element URL.

2009-07-12  Daniel Bates  <dbates@intudata.com>

        Reviewed by Darin Adler.

        https://bugs.webkit.org/show_bug.cgi?id=27189
        
        Tests that XSSAuditor does not block HTML Base elements whose path has the 
        same host as the page.

        * http/tests/security/xssAuditor/base-href-safe3-expected.txt: Added.
        * http/tests/security/xssAuditor/base-href-safe3.html: Added.
        * http/tests/security/xssAuditor/resources/base-href/base-href-safe3.html: Added.



git-svn-id: http://svn.webkit.org/repository/webkit/trunk@45763 268f45cc-cd09-0410-ab3c-d52691b4dbfc
parent 12d0cf13
2009-07-12 Daniel Bates <dbates@intudata.com>
Reviewed by Darin Adler.
https://bugs.webkit.org/show_bug.cgi?id=27189
Tests that XSSAuditor does not block HTML Base elements whose path has the
same host as the page.
* http/tests/security/xssAuditor/base-href-safe3-expected.txt: Added.
* http/tests/security/xssAuditor/base-href-safe3.html: Added.
* http/tests/security/xssAuditor/resources/base-href/base-href-safe3.html: Added.
2009-07-11 Oliver Hunt <oliver@apple.com>
Reviewed by Simon Fraser.
......
<!DOCTYPE html>
<html>
<head>
<script>
if (window.layoutTestController) {
layoutTestController.dumpAsText();
layoutTestController.setXSSAuditorEnabled(true);
}
</script>
</head>
<body>
<iframe src="http://localhost:8000/security/xssAuditor/resources/base-href/base-href-safe3.html">
</iframe>
</body>
</html>
<!DOCTYPE html>
<html>
<head>
<script>
if (window.layoutTestController) {
layoutTestController.dumpAsText();
layoutTestController.setXSSAuditorEnabled(true);
}
</script>
<base href='http://localhost:8000/security/xssAuditor/resources/'>
</head>
<body>
<script src="safe-script.js"></script>
</body>
</html>
2009-07-12 Daniel Bates <dbates@intudata.com>
Reviewed by Darin Adler.
https://bugs.webkit.org/show_bug.cgi?id=27189
Fixes insufficient check in XSSAuditor::canSetBaseElementURL that caused
XSSAuditor to incorrectly block HTML Base elements whose base path coincided
with the URL of the page.
Test: http/tests/security/xssAuditor/base-href-safe3.html
* page/XSSAuditor.cpp:
(WebCore::XSSAuditor::canSetBaseElementURL): Changed conditional to only call
XSSAuditor::findInRequest() if the host in the page URL disagrees with the host
in the base element URL.
2009-07-12 Darin Adler <darin@apple.com>
Reviewed by Dan Bernstein.
......
......@@ -137,7 +137,7 @@ bool XSSAuditor::canSetBaseElementURL(const String& url) const
return true;
KURL baseElementURL(m_frame->document()->url(), url);
if (m_frame->document()->url().baseAsString() != baseElementURL.baseAsString() && findInRequest(url)) {
if (m_frame->document()->url().host() != baseElementURL.host() && findInRequest(url)) {
DEFINE_STATIC_LOCAL(String, consoleMessage, ("Refused to execute a JavaScript script. Source code of script found within request"));
m_frame->domWindow()->console()->addMessage(JSMessageSource, ErrorMessageLevel, consoleMessage, 1, String());
return false;
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment