[SCM] WebKit Debian packaging branch, webkit-1.1, updated. upstream/1.1.15.1-1414-gc69ee75

Thu Oct 29 20:34:19 UTC 2009

The following commit has been merged in the webkit-1.1 branch:
commit e13621e6ed0db30c2fad8e0cc862fa2e6dadd7a5
Author: eric at webkit.org <eric at webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date:   Fri Sep 25 17:53:43 2009 +0000

    2009-09-25  Yuan Song  <song.yuan at ericsson.com>
    
            Reviewed by Darin Adler.
    
            https://bugs.webkit.org/show_bug.cgi?id=14566
    
            Add test "invalid-domain-change-throws-exception.html" to ensure a SECURITY_ERR exception is raised if an attempt is made to change document.domain to an invalid value. In the existing test case "basic-textareas.html", fix the faulty behavior of setting document.domain to invalid value, and replace the data URL to a file URL that points to "basic-textareas-standards.html" in order to make "basic-textareas.html" runnable in a browser.
    
            * fast/forms/basic-textareas.html:
            * fast/forms/resources/basic-textareas-standards.html: Added.
            * fast/js/invalid-domain-change-throws-exception-expected.txt: Added.
            * fast/js/invalid-domain-change-throws-exception.html: Added.
            * fast/js/resources/invalid-domain-change-throws-exception.js: Added.
    2009-09-25  Yuan Song  <song.yuan at ericsson.com>
    
            Reviewed by Darin Adler.
    
            https://bugs.webkit.org/show_bug.cgi?id=14566
    
            Raise SECURITY_ERR exception if an attempt is made to change document.domain to an invalid value.
    
            Test: fast/js/invalid-domain-change-throws-exception.html
    
            * dom/Document.cpp:
            (WebCore::Document::setDomain):
            * dom/Document.h:
            * dom/Document.idl:
    
    git-svn-id: http://svn.webkit.org/repository/webkit/trunk@48761 268f45cc-cd09-0410-ab3c-d52691b4dbfc

diff --git a/LayoutTests/ChangeLog b/LayoutTests/ChangeLog
index f209f18..a21427e 100644
--- a/LayoutTests/ChangeLog
+++ b/LayoutTests/ChangeLog
@@ -1,3 +1,17 @@
+2009-09-25  Yuan Song  <song.yuan at ericsson.com>
+
+        Reviewed by Darin Adler.
+
+        https://bugs.webkit.org/show_bug.cgi?id=14566
+
+        Add test "invalid-domain-change-throws-exception.html" to ensure a SECURITY_ERR exception is raised if an attempt is made to change document.domain to an invalid value. In the existing test case "basic-textareas.html", fix the faulty behavior of setting document.domain to invalid value, and replace the data URL to a file URL that points to "basic-textareas-standards.html" in order to make "basic-textareas.html" runnable in a browser.
+
+        * fast/forms/basic-textareas.html:
+        * fast/forms/resources/basic-textareas-standards.html: Added.
+        * fast/js/invalid-domain-change-throws-exception-expected.txt: Added.
+        * fast/js/invalid-domain-change-throws-exception.html: Added.
+        * fast/js/resources/invalid-domain-change-throws-exception.js: Added.
+
 2009-09-25  Adam Barth  <abarth at webkit.org>
 
         Reviewed by Dimitri Glazkov.
diff --git a/LayoutTests/fast/forms/basic-textareas.html b/LayoutTests/fast/forms/basic-textareas.html
index 9fe1561..6fba55d 100644
--- a/LayoutTests/fast/forms/basic-textareas.html
+++ b/LayoutTests/fast/forms/basic-textareas.html
@@ -81,14 +81,11 @@ function addAllTextareas(iframe, compatMode) {
     iframe.style.height = docToAppendTo.body.offsetHeight + 5 + 'px';
 }
 
-// Set the domain in the top-level page as well as the iframe.
-// So they can communicate despite use of the data url.
-document.domain = 'mydummydomain';
 document.body.style.margin = 0;
 
 var standardsIframe = document.createElement('iframe');
-// Create a page with a doctype so it's standards mode.
-standardsIframe.src = 'data:text/html;charset=utf-8,%3C!DOCTYPE%20HTML%3E%3Cbody%3E%3Cscript%3Edocument.domain%20%3D%20"mydummydomain"%3B%3C%2Fbody%3E%3C%2Fhtml%3E%0D%0A';
+// Reference a page with a doctype so it's standards mode.
+standardsIframe.src = 'resources/basic-textareas-standards.html';
 standardsIframe.onload = function(e) {
     addAllTextareas(e.target, 'CSS1Compat');
 }
diff --git a/LayoutTests/fast/forms/resources/basic-textareas-standards.html b/LayoutTests/fast/forms/resources/basic-textareas-standards.html
new file mode 100644
index 0000000..060baad
--- /dev/null
+++ b/LayoutTests/fast/forms/resources/basic-textareas-standards.html
@@ -0,0 +1 @@
+<!DOCTYPE HTML><body></body></html>
diff --git a/LayoutTests/fast/js/invalid-domain-change-throws-exception-expected.txt b/LayoutTests/fast/js/invalid-domain-change-throws-exception-expected.txt
new file mode 100644
index 0000000..f8615d9
--- /dev/null
+++ b/LayoutTests/fast/js/invalid-domain-change-throws-exception-expected.txt
@@ -0,0 +1,10 @@
+This test checks that a SECURITY_ERR exception is raised if an attempt is made to change document.domain to an invalid value.
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+PASS document.domain = "apple.com" threw exception Error: SECURITY_ERR: DOM Exception 18.
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
diff --git a/LayoutTests/fast/js/invalid-domain-change-throws-exception.html b/LayoutTests/fast/js/invalid-domain-change-throws-exception.html
new file mode 100644
index 0000000..3bf317f
--- /dev/null
+++ b/LayoutTests/fast/js/invalid-domain-change-throws-exception.html
@@ -0,0 +1,13 @@
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
+<html>
+<head>
+<link rel="stylesheet" href="resources/js-test-style.css">
+<script src="resources/js-test-pre.js"></script>
+</head>
+<body>
+<p id="description"></p>
+<div id="console"></div>
+<script src="resources/invalid-domain-change-throws-exception.js"></script>
+<script src="resources/js-test-post.js"></script>
+</body>
+</html>
diff --git a/LayoutTests/fast/js/resources/invalid-domain-change-throws-exception.js b/LayoutTests/fast/js/resources/invalid-domain-change-throws-exception.js
new file mode 100644
index 0000000..21166d0
--- /dev/null
+++ b/LayoutTests/fast/js/resources/invalid-domain-change-throws-exception.js
@@ -0,0 +1,5 @@
+description("This test checks that a SECURITY_ERR exception is raised if an attempt is made to change document.domain to an invalid value.");
+
+shouldThrow('document.domain = "apple.com"', '"Error: SECURITY_ERR: DOM Exception 18"');
+
+var successfullyParsed = true;
diff --git a/WebCore/ChangeLog b/WebCore/ChangeLog
index b9911ec..bfa469e 100644
--- a/WebCore/ChangeLog
+++ b/WebCore/ChangeLog
@@ -1,3 +1,18 @@
+2009-09-25  Yuan Song  <song.yuan at ericsson.com>
+
+        Reviewed by Darin Adler.
+
+        https://bugs.webkit.org/show_bug.cgi?id=14566
+
+        Raise SECURITY_ERR exception if an attempt is made to change document.domain to an invalid value.
+
+        Test: fast/js/invalid-domain-change-throws-exception.html
+
+        * dom/Document.cpp:
+        (WebCore::Document::setDomain):
+        * dom/Document.h:
+        * dom/Document.idl:
+
 2009-09-25  Adam Barth  <abarth at webkit.org>
 
         Reviewed by Dimitri Glazkov.
diff --git a/WebCore/dom/Document.cpp b/WebCore/dom/Document.cpp
index 5422bf0..40132b8 100644
--- a/WebCore/dom/Document.cpp
+++ b/WebCore/dom/Document.cpp
@@ -3011,7 +3011,7 @@ String Document::domain() const
     return securityOrigin()->domain();
 }
 
-void Document::setDomain(const String& newDomain)
+void Document::setDomain(const String& newDomain, ExceptionCode& ec)
 {
     // Both NS and IE specify that changing the domain is only allowed when
     // the new domain is a suffix of the old domain.
@@ -3034,19 +3034,25 @@ void Document::setDomain(const String& newDomain)
     int oldLength = domain().length();
     int newLength = newDomain.length();
     // e.g. newDomain = webkit.org (10) and domain() = www.webkit.org (14)
-    if (newLength >= oldLength)
+    if (newLength >= oldLength) {
+        ec = SECURITY_ERR;
         return;
+    }
 
     String test = domain();
     // Check that it's a subdomain, not e.g. "ebkit.org"
-    if (test[oldLength - newLength - 1] != '.')
+    if (test[oldLength - newLength - 1] != '.') {
+        ec = SECURITY_ERR;
         return;
+    }
 
     // Now test is "webkit.org" from domain()
     // and we check that it's the same thing as newDomain
     test.remove(0, oldLength - newLength);
-    if (test != newDomain)
+    if (test != newDomain) {
+        ec = SECURITY_ERR;
         return;
+    }
 
     securityOrigin()->setDomainFromDOM(newDomain);
     if (m_frame)
diff --git a/WebCore/dom/Document.h b/WebCore/dom/Document.h
index 454304b..2805562 100644
--- a/WebCore/dom/Document.h
+++ b/WebCore/dom/Document.h
@@ -672,7 +672,7 @@ public:
     String referrer() const;
 
     String domain() const;
-    void setDomain(const String& newDomain);
+    void setDomain(const String& newDomain, ExceptionCode&);
 
     String lastModified() const;
 
diff --git a/WebCore/dom/Document.idl b/WebCore/dom/Document.idl
index 34a9771..822f860 100644
--- a/WebCore/dom/Document.idl
+++ b/WebCore/dom/Document.idl
@@ -155,7 +155,8 @@ module core {
                  attribute [ConvertNullToNullString] DOMString title;
         readonly attribute DOMString referrer;
 #if defined(LANGUAGE_JAVASCRIPT) && LANGUAGE_JAVASCRIPT
-                 attribute [ConvertNullToNullString] DOMString domain;
+                 attribute [ConvertNullToNullString] DOMString domain
+                     setter raises (DOMException);
 #else
         readonly attribute DOMString domain;
 #endif

-- 
WebKit Debian packaging

