[SCM] WebKit Debian packaging branch, webkit-1.1, updated. upstream/1.1.16-1409-g5afdf4d
abarth at webkit.org
abarth at webkit.org
Thu Dec 3 13:28:13 UTC 2009
The following commit has been merged in the webkit-1.1 branch:
commit 866916ca4bd1f101274e03c33f9cc0e88410f189
Author: abarth at webkit.org <abarth at webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date: Fri Nov 6 06:05:31 2009 +0000
2009-11-05 Adam Barth <abarth at webkit.org>
Reviewed by Sam Weinig.
Cross-domain access to stylesheet text should not be allowed
https://bugs.webkit.org/show_bug.cgi?id=20527
Test that a script cannot read cross-origin cssRules.
* http/tests/security/cannot-read-cssrules-expected.txt: Added.
* http/tests/security/cannot-read-cssrules-redirect-expected.txt: Added.
* http/tests/security/cannot-read-cssrules-redirect.html: Added.
* http/tests/security/cannot-read-cssrules.html: Added.
2009-11-05 Adam Barth <abarth at webkit.org>
Reviewed by Sam Weinig.
Cross-domain access to stylesheet text should not be allowed
https://bugs.webkit.org/show_bug.cgi?id=20527
Check whether whether the current document can read the cssRules from
the style sheet. Firefox throws a security error here, but we return
null instead because that's what we usually do in these cases.
Test: http/tests/security/cannot-read-cssrules-redirect.html
http/tests/security/cannot-read-cssrules.html
* css/CSSStyleSheet.cpp:
(WebCore::CSSStyleSheet::cssRules):
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@50587 268f45cc-cd09-0410-ab3c-d52691b4dbfc
diff --git a/LayoutTests/ChangeLog b/LayoutTests/ChangeLog
index d8ce070..bdea372 100644
--- a/LayoutTests/ChangeLog
+++ b/LayoutTests/ChangeLog
@@ -1,3 +1,17 @@
+2009-11-05 Adam Barth <abarth at webkit.org>
+
+ Reviewed by Sam Weinig.
+
+ Cross-domain access to stylesheet text should not be allowed
+ https://bugs.webkit.org/show_bug.cgi?id=20527
+
+ Test that a script cannot read cross-origin cssRules.
+
+ * http/tests/security/cannot-read-cssrules-expected.txt: Added.
+ * http/tests/security/cannot-read-cssrules-redirect-expected.txt: Added.
+ * http/tests/security/cannot-read-cssrules-redirect.html: Added.
+ * http/tests/security/cannot-read-cssrules.html: Added.
+
2009-11-05 Alice Liu <alice.liu at apple.com>
Adding a resource that seems to be missing. Without it, several tests in
diff --git a/LayoutTests/http/tests/security/cannot-read-cssrules-expected.txt b/LayoutTests/http/tests/security/cannot-read-cssrules-expected.txt
new file mode 100644
index 0000000..7a78bab
--- /dev/null
+++ b/LayoutTests/http/tests/security/cannot-read-cssrules-expected.txt
@@ -0,0 +1,10 @@
+This test whether a script can read the rules from a cross-origin style sheet. For more information on why we block this, please see https://bugs.webkit.org/show_bug.cgi?id=20527.
+
+Test begins.
+== Cross-Origin ==
+cssRules: null
+rules: null
+== Same-Origin ==
+cssRules: [object CSSRuleList]
+rules: [object CSSRuleList]
+Test ends.
diff --git a/LayoutTests/http/tests/security/cannot-read-cssrules-redirect-expected.txt b/LayoutTests/http/tests/security/cannot-read-cssrules-redirect-expected.txt
new file mode 100644
index 0000000..062646f
--- /dev/null
+++ b/LayoutTests/http/tests/security/cannot-read-cssrules-redirect-expected.txt
@@ -0,0 +1,10 @@
+This test whether a script can read the rules from a cross-origin style sheet in the presence of redirects. For more information on why we block this, please see https://bugs.webkit.org/show_bug.cgi?id=20527.
+
+Test begins.
+== Same-Origin to Cross-Origin ==
+cssRules: null
+rules: null
+== Cross-Origin to Same-Origin ==
+cssRules: [object CSSRuleList]
+rules: [object CSSRuleList]
+Test ends.
diff --git a/LayoutTests/http/tests/security/cannot-read-cssrules-redirect.html b/LayoutTests/http/tests/security/cannot-read-cssrules-redirect.html
new file mode 100644
index 0000000..fd41d55
--- /dev/null
+++ b/LayoutTests/http/tests/security/cannot-read-cssrules-redirect.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<html>
+<head>
+<link rel="stylesheet"
+ href="resources/redir.php?url=http://localhost:8000/security/resources/cssStyle.css">
+<link rel="stylesheet"
+ href="http://localhost:8000/security/resources/redir.php?url=http://127.0.0.1:8000/security/resources/cssStyle.css">
+<script>
+if (window.layoutTestController)
+ layoutTestController.dumpAsText();
+
+function log(msg) {
+ var div = document.createElement("div");
+ div.textContent = msg;
+ document.getElementById("console").appendChild(div);
+}
+
+window.onload = function() {
+ log("Test begins.");
+ log("== Same-Origin to Cross-Origin ==");
+ var sheet1 = document.styleSheets[0];
+ log("cssRules: " + sheet1.cssRules);
+ log("rules: " + sheet1.rules);
+ log("== Cross-Origin to Same-Origin ==");
+ var sheet2 = document.styleSheets[1];
+ log("cssRules: " + sheet2.cssRules);
+ log("rules: " + sheet2.rules);
+ log("Test ends.");
+}
+</script>
+</head>
+<body>
+<p>This test whether a script can read the rules from a cross-origin style
+sheet in the presence of redirects. For more information on why we block
+this, please see
+<a href="https://bugs.webkit.org/show_bug.cgi?id=20527">https://bugs.webkit.org/show_bug.cgi?id=20527</a>.
+</p>
+<div id="console"></div>
+</body>
+</html>
diff --git a/LayoutTests/http/tests/security/cannot-read-cssrules.html b/LayoutTests/http/tests/security/cannot-read-cssrules.html
new file mode 100644
index 0000000..2086757
--- /dev/null
+++ b/LayoutTests/http/tests/security/cannot-read-cssrules.html
@@ -0,0 +1,38 @@
+<!DOCTYPE html>
+<html>
+<head>
+<link rel="stylesheet"
+ href="http://localhost:8000/security/resources/cssStyle.css">
+<link rel="stylesheet" href="resources/cssStyle.css">
+<script>
+if (window.layoutTestController)
+ layoutTestController.dumpAsText();
+
+function log(msg) {
+ var div = document.createElement("div");
+ div.textContent = msg;
+ document.getElementById("console").appendChild(div);
+}
+
+window.onload = function() {
+ log("Test begins.");
+ log("== Cross-Origin ==");
+ var sheet1 = document.styleSheets[0];
+ log("cssRules: " + sheet1.cssRules);
+ log("rules: " + sheet1.rules);
+ log("== Same-Origin ==");
+ var sheet2 = document.styleSheets[1];
+ log("cssRules: " + sheet2.cssRules);
+ log("rules: " + sheet2.rules);
+ log("Test ends.");
+}
+</script>
+</head>
+<body>
+<p>This test whether a script can read the rules from a cross-origin style
+sheet. For more information on why we block this, please see
+<a href="https://bugs.webkit.org/show_bug.cgi?id=20527">https://bugs.webkit.org/show_bug.cgi?id=20527</a>.
+</p>
+<div id="console"></div>
+</body>
+</html>
diff --git a/WebCore/ChangeLog b/WebCore/ChangeLog
index d411a23..770fa83 100644
--- a/WebCore/ChangeLog
+++ b/WebCore/ChangeLog
@@ -1,3 +1,20 @@
+2009-11-05 Adam Barth <abarth at webkit.org>
+
+ Reviewed by Sam Weinig.
+
+ Cross-domain access to stylesheet text should not be allowed
+ https://bugs.webkit.org/show_bug.cgi?id=20527
+
+ Check whether whether the current document can read the cssRules from
+ the style sheet. Firefox throws a security error here, but we return
+ null instead because that's what we usually do in these cases.
+
+ Test: http/tests/security/cannot-read-cssrules-redirect.html
+ http/tests/security/cannot-read-cssrules.html
+
+ * css/CSSStyleSheet.cpp:
+ (WebCore::CSSStyleSheet::cssRules):
+
2009-11-05 Steve Block <steveblock at google.com>
Reviewed by Eric Seidel.
diff --git a/WebCore/css/CSSStyleSheet.cpp b/WebCore/css/CSSStyleSheet.cpp
index 1579999..9e57336 100644
--- a/WebCore/css/CSSStyleSheet.cpp
+++ b/WebCore/css/CSSStyleSheet.cpp
@@ -28,6 +28,7 @@
#include "Document.h"
#include "ExceptionCode.h"
#include "Node.h"
+#include "SecurityOrigin.h"
#include "TextEncoding.h"
#include <wtf/Deque.h>
@@ -118,6 +119,8 @@ int CSSStyleSheet::addRule(const String& selector, const String& style, Exceptio
PassRefPtr<CSSRuleList> CSSStyleSheet::cssRules(bool omitCharsetRules)
{
+ if (doc() && !doc()->securityOrigin()->canRequest(baseURL()))
+ return 0;
return CSSRuleList::create(this, omitCharsetRules);
}
--
WebKit Debian packaging
More information about the Pkg-webkit-commits
mailing list