Commit da7d7210 authored by jschuh@chromium.org's avatar jschuh@chromium.org

2011-05-01 Justin Schuh <jschuh@chromium.org>

        Reviewed by Adam Barth.

        History::stateObjectAdded should check origin via SecurityOrigin::canRequest
        https://bugs.webkit.org/show_bug.cgi?id=59840

        * fast/loader/stateobjects/pushstate-in-data-url-denied-expected.txt: Added.
        * fast/loader/stateobjects/pushstate-in-data-url-denied.html: Added.
        * fast/loader/stateobjects/replacestate-base-illegal-expected.txt: Removed.
        * fast/loader/stateobjects/replacestate-base-illegal.html: Removed.
        * fast/loader/stateobjects/replacestate-base-legal-expected.txt: Removed.
        * fast/loader/stateobjects/replacestate-base-legal.html: Removed.
        * fast/loader/stateobjects/resources/replacestate-base-pass.html: Removed.
        * http/tests/navigation/replacestate-base-illegal-expected.txt: Copied from LayoutTests/fast/loader/stateobjects/replacestate-base-illegal-expected.txt.
        * http/tests/navigation/replacestate-base-illegal.html: Copied from LayoutTests/fast/loader/stateobjects/replacestate-base-illegal.html.
        * http/tests/navigation/replacestate-base-legal-expected.txt: Copied from LayoutTests/fast/loader/stateobjects/replacestate-base-legal-expected.txt.
        * http/tests/navigation/replacestate-base-legal.html: Copied from LayoutTests/fast/loader/stateobjects/replacestate-base-legal.html.
        * http/tests/navigation/resources/replacestate-base-pass.html: Copied from LayoutTests/fast/loader/stateobjects/resources/replacestate-base-pass.html.
2011-05-01  Justin Schuh  <jschuh@chromium.org>

        Reviewed by Adam Barth.

        History::stateObjectAdded should check origin via SecurityOrigin::canRequest
        https://bugs.webkit.org/show_bug.cgi?id=59840

        Tests: fast/loader/stateobjects/pushstate-in-data-url-denied.html
               http/tests/navigation/replacestate-base-illegal.html
               http/tests/navigation/replacestate-base-legal.html

        * page/History.cpp:
        (WebCore::History::stateObjectAdded):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@85436 268f45cc-cd09-0410-ab3c-d52691b4dbfc
parent 25ce353d
2011-05-01 Justin Schuh <jschuh@chromium.org>
Reviewed by Adam Barth.
History::stateObjectAdded should check origin via SecurityOrigin::canRequest
https://bugs.webkit.org/show_bug.cgi?id=59840
* fast/loader/stateobjects/pushstate-in-data-url-denied-expected.txt: Added.
* fast/loader/stateobjects/pushstate-in-data-url-denied.html: Added.
* fast/loader/stateobjects/replacestate-base-illegal-expected.txt: Removed.
* fast/loader/stateobjects/replacestate-base-illegal.html: Removed.
* fast/loader/stateobjects/replacestate-base-legal-expected.txt: Removed.
* fast/loader/stateobjects/replacestate-base-legal.html: Removed.
* fast/loader/stateobjects/resources/replacestate-base-pass.html: Removed.
* http/tests/navigation/replacestate-base-illegal-expected.txt: Copied from LayoutTests/fast/loader/stateobjects/replacestate-base-illegal-expected.txt.
* http/tests/navigation/replacestate-base-illegal.html: Copied from LayoutTests/fast/loader/stateobjects/replacestate-base-illegal.html.
* http/tests/navigation/replacestate-base-legal-expected.txt: Copied from LayoutTests/fast/loader/stateobjects/replacestate-base-legal-expected.txt.
* http/tests/navigation/replacestate-base-legal.html: Copied from LayoutTests/fast/loader/stateobjects/replacestate-base-legal.html.
* http/tests/navigation/resources/replacestate-base-pass.html: Copied from LayoutTests/fast/loader/stateobjects/resources/replacestate-base-pass.html.
2011-05-01 Emil A Eklund <eae@chromium.org>
Reviewed by Eric Seidel.
<script>
if (window.layoutTestController) {
layoutTestController.dumpAsText();
layoutTestController.waitUntilDone();
}
window.onload = function() {
window.location = 'data:text/html,' +
'%3Cscript%3E' +
'try{' +
'history.pushState({},"","data:");' +
'document.write("FAIL data URL was manipula via pushState.");' +
'} catch(e) {' +
'document.write("PASS: data URLs cannot be manipulated via pushState.");' +
'}' +
'if (window.layoutTestController)' +
'layoutTestController.notifyDone();' +
'%3C/script%3E';
}
</script>
2011-05-01 Justin Schuh <jschuh@chromium.org>
Reviewed by Adam Barth.
History::stateObjectAdded should check origin via SecurityOrigin::canRequest
https://bugs.webkit.org/show_bug.cgi?id=59840
Tests: fast/loader/stateobjects/pushstate-in-data-url-denied.html
http/tests/navigation/replacestate-base-illegal.html
http/tests/navigation/replacestate-base-legal.html
* page/History.cpp:
(WebCore::History::stateObjectAdded):
2011-05-01 Patrick Gansterer <paroga@webkit.org>
[WIN] Unreviewed buildfix after r85434.
......@@ -121,8 +121,7 @@ void History::stateObjectAdded(PassRefPtr<SerializedScriptValue> data, const Str
return;
KURL fullURL = urlForState(urlString);
RefPtr<SecurityOrigin> origin = SecurityOrigin::create(fullURL);
if (!fullURL.isValid() || !m_frame->document()->securityOrigin()->isSameSchemeHostPort(origin.get())) {
if (!fullURL.isValid() || !m_frame->document()->securityOrigin()->canRequest(fullURL)) {
ec = SECURITY_ERR;
return;
}
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment