Commit 6b86d506 authored by dbates@webkit.org's avatar dbates@webkit.org
Browse files

2009-11-27 Daniel Bates <dbates@webkit.org>

        Reviewed by Adam Barth.

        https://bugs.webkit.org/show_bug.cgi?id=31940

        Makes the error messages more descriptive when we refuse to load an object/embed or
        refuse to load from the document base URL.

        * page/XSSAuditor.cpp:
        (WebCore::XSSAuditor::canLoadObject): Changed console message to be more descriptive.
        (WebCore::XSSAuditor::canSetBaseElementURL): Ditto.
2009-11-27  Daniel Bates  <dbates@webkit.org>

        Reviewed by Adam Barth.

        https://bugs.webkit.org/show_bug.cgi?id=31940

        Rebased results because of new error messages.

        * http/tests/security/xssAuditor/base-href-control-char-expected.txt:
        * http/tests/security/xssAuditor/base-href-expected.txt:
        * http/tests/security/xssAuditor/base-href-null-char-expected.txt:
        * http/tests/security/xssAuditor/base-href-scheme-relative-expected.txt:
        * http/tests/security/xssAuditor/embed-tag-control-char-expected.txt:
        * http/tests/security/xssAuditor/embed-tag-expected.txt:
        * http/tests/security/xssAuditor/embed-tag-javascript-url-expected.txt:
        * http/tests/security/xssAuditor/embed-tag-null-char-expected.txt:
        * http/tests/security/xssAuditor/object-embed-tag-control-char-expected.txt:
        * http/tests/security/xssAuditor/object-embed-tag-expected.txt:
        * http/tests/security/xssAuditor/object-embed-tag-null-char-expected.txt:
        * http/tests/security/xssAuditor/object-src-inject-expected.txt:
        * http/tests/security/xssAuditor/object-tag-expected.txt:
        * http/tests/security/xssAuditor/object-tag-javascript-url-expected.txt:


git-svn-id: http://svn.webkit.org/repository/webkit/trunk@51445 268f45cc-cd09-0410-ab3c-d52691b4dbfc
parent b594986c
2009-11-27 Daniel Bates <dbates@webkit.org>
Reviewed by Adam Barth.
https://bugs.webkit.org/show_bug.cgi?id=31940
Rebased results because of new error messages.
* http/tests/security/xssAuditor/base-href-control-char-expected.txt:
* http/tests/security/xssAuditor/base-href-expected.txt:
* http/tests/security/xssAuditor/base-href-null-char-expected.txt:
* http/tests/security/xssAuditor/base-href-scheme-relative-expected.txt:
* http/tests/security/xssAuditor/embed-tag-control-char-expected.txt:
* http/tests/security/xssAuditor/embed-tag-expected.txt:
* http/tests/security/xssAuditor/embed-tag-javascript-url-expected.txt:
* http/tests/security/xssAuditor/embed-tag-null-char-expected.txt:
* http/tests/security/xssAuditor/object-embed-tag-control-char-expected.txt:
* http/tests/security/xssAuditor/object-embed-tag-expected.txt:
* http/tests/security/xssAuditor/object-embed-tag-null-char-expected.txt:
* http/tests/security/xssAuditor/object-src-inject-expected.txt:
* http/tests/security/xssAuditor/object-tag-expected.txt:
* http/tests/security/xssAuditor/object-tag-javascript-url-expected.txt:
2009-11-27 Kenneth Russell <kbr@google.com>
 
Reviewed by Eric Seidel.
CONSOLE MESSAGE: line 1: Refused to execute a JavaScript script. Source code of script found within request
CONSOLE MESSAGE: line 1: Refused to load from document base URL. URL found within request.
ALERT: This is a safe script.
CONSOLE MESSAGE: line 1: Refused to execute a JavaScript script. Source code of script found within request
CONSOLE MESSAGE: line 1: Refused to load from document base URL. URL found within request.
ALERT: This is a safe script.
CONSOLE MESSAGE: line 1: Refused to execute a JavaScript script. Source code of script found within request
CONSOLE MESSAGE: line 1: Refused to load from document base URL. URL found within request.
ALERT: This is a safe script.
CONSOLE MESSAGE: line 1: Refused to execute a JavaScript script. Source code of script found within request
CONSOLE MESSAGE: line 1: Refused to load from document base URL. URL found within request.
ALERT: This is a safe script.
CONSOLE MESSAGE: line 1: Refused to execute a JavaScript script. Source code of script found within request
CONSOLE MESSAGE: line 1: Refused to load an object. URL found within request: "http://127.0.0.1:8000/security/xssAuditor/resources/dummy.swf".
CONSOLE MESSAGE: line 1: Refused to execute a JavaScript script. Source code of script found within request
CONSOLE MESSAGE: line 1: Refused to load an object. URL found within request: "http://127.0.0.1:8000/security/xssAuditor/resources/dummy.swf".
CONSOLE MESSAGE: line 1: Refused to execute a JavaScript script. Source code of script found within request
CONSOLE MESSAGE: line 1: Refused to execute a JavaScript script. Source code of script found within request
CONSOLE MESSAGE: line 1: Refused to load an object. URL found within request: "javascript:alert(document.domain)".
CONSOLE MESSAGE: line 1: Refused to load an object. URL found within request: "javascript:alert(document.domain)".
CONSOLE MESSAGE: line 1: Refused to execute a JavaScript script. Source code of script found within request
CONSOLE MESSAGE: line 1: Refused to load an object. URL found within request: "http://127.0.0.1:8000/security/xssAuditor/resources/dummy.swf".
CONSOLE MESSAGE: line 1: Refused to execute a JavaScript script. Source code of script found within request
CONSOLE MESSAGE: line 1: Refused to load an object. URL found within request: "http://127.0.0.1:8000/security/xssAuditor/resources/dummy.swf".
CONSOLE MESSAGE: line 1: Refused to execute a JavaScript script. Source code of script found within request
CONSOLE MESSAGE: line 1: Refused to load an object. URL found within request: "http://127.0.0.1:8000/security/xssAuditor/resources/dummy.swf".
CONSOLE MESSAGE: line 1: Refused to execute a JavaScript script. Source code of script found within request
CONSOLE MESSAGE: line 1: Refused to load an object. URL found within request: "http://127.0.0.1:8000/security/xssAuditor/resources/dummy.swf".
CONSOLE MESSAGE: line 1: Refused to execute a JavaScript script. Source code of script found within request
CONSOLE MESSAGE: line 1: Refused to load an object. URL found within request: "http://127.0.0.1:8000/security/xssAuditor/resources/dummy.swf".
CONSOLE MESSAGE: line 1: Refused to execute a JavaScript script. Source code of script found within request
CONSOLE MESSAGE: line 1: Refused to load an object. URL found within request: "http://127.0.0.1:8000/security/xssAuditor/resources/dummy.swf".
CONSOLE MESSAGE: line 1: Refused to execute a JavaScript script. Source code of script found within request
CONSOLE MESSAGE: line 1: Refused to execute a JavaScript script. Source code of script found within request
CONSOLE MESSAGE: line 1: Refused to load an object. URL found within request: "javascript:alert(document.domain)".
CONSOLE MESSAGE: line 1: Refused to load an object. URL found within request: "javascript:alert(document.domain)".
2009-11-27 Daniel Bates <dbates@webkit.org>
Reviewed by Adam Barth.
https://bugs.webkit.org/show_bug.cgi?id=31940
Makes the error messages more descriptive when we refuse to load an object/embed or
refuse to load from the document base URL.
* page/XSSAuditor.cpp:
(WebCore::XSSAuditor::canLoadObject): Changed console message to be more descriptive.
(WebCore::XSSAuditor::canSetBaseElementURL): Ditto.
2009-11-27 Yury Semikhatsky <yurys@chromium.org>
 
Reviewed by Pavel Feldman.
......@@ -164,7 +164,7 @@ bool XSSAuditor::canLoadObject(const String& url) const
return true;
if (findInRequest(url)) {
DEFINE_STATIC_LOCAL(String, consoleMessage, ("Refused to execute a JavaScript script. Source code of script found within request"));
String consoleMessage = String::format("Refused to load an object. URL found within request: \"%s\".\n", url.utf8().data());
m_frame->domWindow()->console()->addMessage(JSMessageSource, LogMessageType, ErrorMessageLevel, consoleMessage, 1, String());
return false;
}
......@@ -180,7 +180,7 @@ bool XSSAuditor::canSetBaseElementURL(const String& url) const
return true;
if (findInRequest(url)) {
DEFINE_STATIC_LOCAL(String, consoleMessage, ("Refused to execute a JavaScript script. Source code of script found within request"));
DEFINE_STATIC_LOCAL(String, consoleMessage, ("Refused to load from document base URL. URL found within request.\n"));
m_frame->domWindow()->console()->addMessage(JSMessageSource, LogMessageType, ErrorMessageLevel, consoleMessage, 1, String());
return false;
}
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment