1. 04 Oct, 2011 1 commit
    • commit-queue@webkit.org's avatar
      Resource loader should block HTTP redirects to local resources · d065482e
      commit-queue@webkit.org authored
      https://bugs.webkit.org/show_bug.cgi?id=68706
      
      Patch by Ken Buchanan <kenrb@chromium.org> on 2011-10-03
      Reviewed by Adam Barth.
      
      Source/WebCore:
      
      Modified MainResourceLoader to add an extra security check on
      HTTP redirects. Also, moved isFeedWithNestedProtocolInHTTPFamily
      to SecurityOrigin.cpp.
      
      * loader/FrameLoader.cpp:
      (WebCore::isFeedWithNestedProtocolInHTTPFamily):
      (WebCore::FrameLoader::loadFrameRequest):
      * loader/MainResourceLoader.cpp:
      (WebCore::MainResourceLoader::willSendRequest):
      * page/SecurityOrigin.cpp:
      (WebCore::isFeedWithNestedProtocolInHTTPFamily):
      (WebCore::SecurityOrigin::canDisplay):
      
      LayoutTests:
      
      Adding a test to attempt an HTTP redirect to a file: URL.
      
      * http/tests/security/redirect-BLOCKED-to-localURL.html: Added.
      * http/tests/security/redirect-BLOCKED-to-localURL-expected.txt: Added.
      * http/tests/security/resources/file-redirect-target.html: Added.
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@96610 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      d065482e