1. 03 Nov, 2008 9 commits
  2. 02 Nov, 2008 3 commits
  3. 01 Nov, 2008 3 commits
    • abarth@webkit.org's avatar
      WebCore: · a796cc07
      abarth@webkit.org authored
      2008-11-01  Adam Barth  <abarth@webkit.org>
      
              Reviewed by Sam Weinig.
      
              Be sure to check the final URLs of requested resources to make sure we
              don't get fooled by HTTP redirects.
      
              https://bugs.webkit.org/show_bug.cgi?id=21963
      
              Tests: http/tests/security/xss-DENIED-xsl-document-redirect.xml
                     http/tests/security/xss-DENIED-xsl-external-entity-redirect.xml
      
              * dom/XMLTokenizerLibxml2.cpp:
              (WebCore::openFunc):
              * loader/DocLoader.cpp:
              (WebCore::DocLoader::canRequest):
              (WebCore::DocLoader::requestResource):
              * loader/DocLoader.h:
              * xml/XSLTProcessor.cpp:
              (WebCore::docLoaderFunc):
      
      LayoutTests:
      
      2008-11-01  Adam Barth  <abarth@webkit.org>
      
              Reviewed by Sam Weinig.
      
              Test that we properly block non-same-origin redirects for these
              esoteric loads.
      
              https://bugs.webkit.org/show_bug.cgi?id=21963
      
              * http/tests/security/resources/xsl-using-document-redirect.xsl: Added.
              * http/tests/security/resources/xsl-using-external-entity-redirect.xsl: Added.
              * http/tests/security/xss-DENIED-xsl-document-redirect-expected.txt: Copied from LayoutTests/http/tests/security/xss-DENIED-xsl-document-expected.txt.
              * http/tests/security/xss-DENIED-xsl-document-redirect.xml: Added.
              * http/tests/security/xss-DENIED-xsl-external-entity-redirect-expected.txt: Copied from LayoutTests/http/tests/security/xss-DENIED-xsl-external-entity-expected.txt.
              * http/tests/security/xss-DENIED-xsl-external-entity-redirect.xml: Added.
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@38065 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      a796cc07
    • ap@webkit.org's avatar
      Reviewed by Darin Adler. · ec7365b9
      ap@webkit.org authored
              https://bugs.webkit.org/show_bug.cgi?id=22001
              AtomicStringImpl* keys of event listener maps can outlive their strings
      
              Test: fast/events/destroyed-atomic-string.html
      
              * dom/MessagePort.cpp:
              (WebCore::MessagePort::addEventListener):
              (WebCore::MessagePort::removeEventListener):
              (WebCore::MessagePort::dispatchEvent):
              * dom/MessagePort.h:
              * loader/appcache/DOMApplicationCache.cpp:
              (WebCore::DOMApplicationCache::addEventListener):
              (WebCore::DOMApplicationCache::removeEventListener):
              (WebCore::DOMApplicationCache::dispatchEvent):
              * loader/appcache/DOMApplicationCache.h:
              * xml/XMLHttpRequest.cpp:
              (WebCore::XMLHttpRequest::addEventListener):
              (WebCore::XMLHttpRequest::removeEventListener):
              (WebCore::XMLHttpRequest::dispatchEvent):
              * xml/XMLHttpRequest.h:
              * xml/XMLHttpRequestUpload.cpp:
              (WebCore::XMLHttpRequestUpload::addEventListener):
              (WebCore::XMLHttpRequestUpload::removeEventListener):
              (WebCore::XMLHttpRequestUpload::dispatchEvent):
              * xml/XMLHttpRequestUpload.h:
              Changed EventListenersMap to use AtomicString as key (instead of AtomicStringImpl*).
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@38064 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      ec7365b9
    • ap@webkit.org's avatar
      Reviewed by Darin Adler. · f319b265
      ap@webkit.org authored
              https://bugs.webkit.org/show_bug.cgi?id=21998
              Use JSDOMGlobalObject in EventListener-related bindings
      
              * dom/MessagePort.idl: Auto-generate bindings for onclose and onmessage.
      
              * bindings/scripts/CodeGeneratorJS.pm: Use JSDOMGlobalObject instead of JSDOMWindow in JS
              bindings for inline event handlers.
      
              * bindings/js/JSDOMApplicationCacheCustom.cpp:
              (WebCore::JSDOMApplicationCache::addEventListener):
              (WebCore::JSDOMApplicationCache::removeEventListener):
              * bindings/js/JSEventTargetNodeCustom.cpp:
              (WebCore::JSEventTargetNode::addEventListener):
              (WebCore::JSEventTargetNode::removeEventListener):
              * bindings/js/JSMessagePortCustom.cpp:
              (WebCore::JSMessagePort::removeEventListener):
              * bindings/js/JSSVGElementInstanceCustom.cpp:
              (WebCore::JSSVGElementInstance::addEventListener):
              (WebCore::JSSVGElementInstance::removeEventListener):
              * bindings/js/JSXMLHttpRequestCustom.cpp:
              (WebCore::JSXMLHttpRequest::addEventListener):
              (WebCore::JSXMLHttpRequest::removeEventListener):
              * bindings/js/JSXMLHttpRequestUploadCustom.cpp:
              (WebCore::JSXMLHttpRequestUpload::addEventListener):
              (WebCore::JSXMLHttpRequestUpload::removeEventListener):
              Use ScriptExecutionContext and JSDOMGlobalObject in bindings.
      
              * dom/EventTarget.h:
              * dom/EventTargetNode.cpp:
              (WebCore::EventTargetNode::scriptExecutionContext):
              * dom/EventTargetNode.h:
              * dom/MessagePort.cpp:
              * dom/MessagePort.h:
              (WebCore::MessagePort::scriptExecutionContext):
              * loader/appcache/DOMApplicationCache.cpp:
              (WebCore::DOMApplicationCache::scriptExecutionContext):
              * loader/appcache/DOMApplicationCache.h:
              * svg/SVGElementInstance.cpp:
              (WebCore::SVGElementInstance::scriptExecutionContext):
              * svg/SVGElementInstance.h:
              * xml/XMLHttpRequest.cpp:
              (WebCore::XMLHttpRequest::scriptExecutionContext):
              * xml/XMLHttpRequest.h:
              * xml/XMLHttpRequestUpload.cpp:
              (WebCore::XMLHttpRequestUpload::scriptExecutionContext):
              * xml/XMLHttpRequestUpload.h:
              Remove associatedFrame() method, and provide scriptExecutionContext() where it wasn't
              available yet.
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@38063 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      f319b265
  4. 31 Oct, 2008 25 commits