1. 04 May, 2008 1 commit
  2. 03 May, 2008 6 commits
  3. 02 May, 2008 25 commits
  4. 01 May, 2008 8 commits
    • adachan@apple.com's avatar
      #include <wtf/StrHash.h> in identifier.cpp. · 23964003
      adachan@apple.com authored
              Reviewed by Maciej.
      
              * kjs/identifier.cpp:
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@32799 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      23964003
    • kevino@webkit.org's avatar
      Reviewed by Eric Seidel. · 7ddd11b0
      kevino@webkit.org authored
      Make sure we properly set the button for all mouse events, not just mouse down, set the click count to 0 for non-click events, and finally set the timestamp.
              
      https://bugs.webkit.org/show_bug.cgi?id=18464
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@32798 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      7ddd11b0
    • weinig@apple.com's avatar
      2008-05-01 Sam Weinig <sam@webkit.org> · 50d9efc7
      weinig@apple.com authored
              Add missing result.
      
              * fast/canvas/canvas-path-with-inf-nan-dimensions-expected.txt: Added.
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@32796 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      50d9efc7
    • weinig@apple.com's avatar
      2008-05-01 Sam Weinig <sam@webkit.org> · 9ee4418c
      weinig@apple.com authored
              Reviewed by Mark Rowe (in his infinite wisdom).
      
              Auto-generate the JSXSLTProcessor binding.
      
              * DerivedSources.make:
              * GNUmakefile.am:
              * WebCore.pro:
              * WebCore.vcproj/WebCore.vcproj:
              * WebCore.xcodeproj/project.pbxproj:
              * WebCoreSources.bkl:
              * bindings/js/JSDOMWindowBase.cpp:
              (WebCore::JSDOMWindowBase::getValueProperty):
              * bindings/js/JSDOMWindowBase.h:
              (WebCore::JSDOMWindowBase::):
              * bindings/js/JSXSLTProcessor.cpp: Removed.
              * bindings/js/JSXSLTProcessor.h: Removed.
              * xml/XSLTProcessor.h:
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@32795 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      9ee4418c
    • weinig@apple.com's avatar
      WebCore: · 796309ca
      weinig@apple.com authored
      2008-05-01  Sam Weinig  <sam@webkit.org>
      
              Reviewed by Geoffrey Garen.
      
              Fixes:
                - https://bugs.webkit.org/show_bug.cgi?id=17249
                  Incorrect lexical scope after navigation leads to UXSS
                  <rdar://problem/5738497>
      
                - https://bugs.webkit.org/show_bug.cgi?id=16824
                  Script authorization should follow lexical (not dynamic) scope
                  <rdar://problem/5683032>
      
              This patch changes us to perform same-origin checks based on the lexical global object) 
              rather than dynamic global object, which is now possible we don't re-use the window on 
              navigations, but rather switch in a new one and re-use the outer shell.  This is both
              more secure and conforms with the HTML5 specification.  Now that all the checks are
              done based on the lexical global object, we can remove the SecurityOrigin::Reason
              concept, as it was only around to work around an ebay.com bug that required the check to
              be done that way.
      
              An important thing to note is that we currently implement a stricter than necessary policy
              and perform the same-origin check based on the currently active global object to avoid leaking
              the document in cases when the target frame is navigated before access.  This will be fixed in
              an upcoming patch.
      
              * bindings/js/JSDOMWindowBase.cpp:
              (WebCore::JSDOMWindowBase::allowsAccessFrom):
              (WebCore::JSDOMWindowBase::allowsAccessFromNoErrorMessage):
              (WebCore::JSDOMWindowBase::allowsAccessFromPrivate):
              (WebCore::JSDOMWindowBase::crossDomainAccessErrorMessage):
              (WebCore::JSDOMWindowBase::printErrorMessage):
              (WebCore::asJSDOMWindow):
              * bindings/js/JSDOMWindowBase.h:
              * html/CanvasRenderingContext2D.cpp:
              (WebCore::CanvasRenderingContext2D::checkOrigin):
              (WebCore::CanvasRenderingContext2D::createPattern):
              * loader/FrameLoader.cpp:
              (WebCore::FrameLoader::begin):
              (WebCore::FrameLoader::write):
              (WebCore::FrameLoader::setOpener):
              (WebCore::FrameLoader::shouldAllowNavigation):
              * page/DOMWindow.h:
              (WebCore::DOMWindow::setSecurityOrigin):
              (WebCore::DOMWindow::securityOrigin):
              (WebCore::DOMWindow::setURL):
              (WebCore::DOMWindow::url):
              * platform/SecurityOrigin.cpp:
              (WebCore::SecurityOrigin::canAccess):
              (WebCore::SecurityOrigin::isSecureTransitionTo):
              * platform/SecurityOrigin.h:
      
      LayoutTests:
      
      2008-05-01  Sam Weinig  <sam@webkit.org>
      
              Reviewed by Geoffrey Garen.
      
              * http/tests/security/listener/xss-JSTargetNode-onclick-addEventListener-expected.txt:
              * http/tests/security/listener/xss-JSTargetNode-onclick-shortcut-expected.txt:
              * http/tests/security/listener/xss-XMLHttpRequest-addEventListener-expected.txt:
              * http/tests/security/listener/xss-XMLHttpRequest-shortcut-expected.txt:
              * http/tests/security/listener/xss-window-onclick-addEventListener-expected.txt:
              * http/tests/security/listener/xss-window-onclick-shortcut-expected.txt:
              * http/tests/security/xss-eval-expected.txt:
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@32791 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      796309ca
    • andersca@apple.com's avatar
      WebCore: · 3bee2462
      andersca@apple.com authored
      2008-05-01  Anders Carlsson  <andersca@apple.com>
      
              Reviewed by Mark.
      
              Enable 64-bit NPAPI plugins.
              
              * WebCore.xcodeproj/project.pbxproj:
              Don't remove NPAPI related symbols from the 64-bit .exp file.
              
              * bridge/npruntime.h:
              Remove now unnecessary #error.
      
      WebKit/mac:
      
      2008-05-01  Anders Carlsson  <andersca@apple.com>
      
              Reviewed by Mark.
      
              64-bit NPAPI plugin build fixes.
              
              * Plugins/WebBaseNetscapePluginView.mm:
              (-[WebBaseNetscapePluginView saveAndSetNewPortStateForUpdate:]):
              (-[WebBaseNetscapePluginView updateAndSetWindow]):
              (-[WebBaseNetscapePluginView start]):
              (-[WebBaseNetscapePluginView windowBecameKey:]):
              * Plugins/WebNetscapeDeprecatedFunctions.c:
              * Plugins/WebNetscapeDeprecatedFunctions.h:
              * Plugins/WebNetscapePluginEventHandler.mm:
              (WebNetscapePluginEventHandler::create):
              * Plugins/WebNetscapePluginEventHandlerCarbon.h:
              * Plugins/WebNetscapePluginEventHandlerCarbon.mm:
              * Plugins/WebPluginDatabase.m:
              (-[WebPluginDatabase pluginForKey:withEnumeratorSelector:]):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@32790 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      3bee2462
    • sfalken@apple.com's avatar
      2008-05-01 Steve Falkenburg <sfalken@apple.com> · 277d259f
      sfalken@apple.com authored
              Build fix.
      
              * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@32789 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      277d259f
    • mjs@apple.com's avatar
      2008-05-01 Maciej Stachowiak <mjs@apple.com> · e7c7f73a
      mjs@apple.com authored
              Reviewed by Oliver (a while ago)
      
              - just a wee bit more bindings speedup
              
              Store the per-document Node --> JS wrapper cache in the document
              instead of an external hashtable.
      
              * bindings/js/kjs_binding.cpp:
              (WebCore::ScriptInterpreter::getDOMNodeForDocument):
              (WebCore::ScriptInterpreter::forgetDOMNodeForDocument):
              (WebCore::ScriptInterpreter::putDOMNodeForDocument):
              (WebCore::ScriptInterpreter::forgetAllDOMNodesForDocument):
              (WebCore::ScriptInterpreter::markDOMNodesForDocument):
              * dom/Document.h:
              (WebCore::Document::wrapperCache):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@32788 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      e7c7f73a