[SCM] WebKit Debian packaging branch, webkit-1.1, updated. upstream/1.1.15.1-1414-gc69ee75
eric at webkit.org
eric at webkit.org
Thu Oct 29 20:51:12 UTC 2009
The following commit has been merged in the webkit-1.1 branch:
commit eb3b803ab16c9a3de6c83845fa645554e8f7cd48
Author: eric at webkit.org <eric at webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date: Sat Oct 24 02:06:48 2009 +0000
2009-10-23 Chris Evans <cevans at chromium.org>
Reviewed by Adam Barth.
Added test for bug 27239 (ignore Refresh for view source mode).
https://bugs.webkit.org/show_bug.cgi?id=27239
* http/tests/security/view-source-no-refresh.html: Added
* http/tests/security/view-source-no-refresh-expected.txt: Added
* http/tests/security/resources/view-source-no-refresh.php: Added
2009-10-23 Chris Evans <cevans at chromium.org>
Reviewed by Adam Barth.
Ignore the Refresh header if we're in view source mode.
https://bugs.webkit.org/show_bug.cgi?id=27239
Test: http/tests/security/view-source-no-refresh.html
* loader/FrameLoader.cpp: ignore Refresh in view-source mode.
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@50018 268f45cc-cd09-0410-ab3c-d52691b4dbfc
diff --git a/LayoutTests/ChangeLog b/LayoutTests/ChangeLog
index 85e1913..132e45a 100644
--- a/LayoutTests/ChangeLog
+++ b/LayoutTests/ChangeLog
@@ -1,3 +1,14 @@
+2009-10-23 Chris Evans <cevans at chromium.org>
+
+ Reviewed by Adam Barth.
+
+ Added test for bug 27239 (ignore Refresh for view source mode).
+ https://bugs.webkit.org/show_bug.cgi?id=27239
+
+ * http/tests/security/view-source-no-refresh.html: Added
+ * http/tests/security/view-source-no-refresh-expected.txt: Added
+ * http/tests/security/resources/view-source-no-refresh.php: Added
+
2009-10-23 Alejandro G. Castro <alex at igalia.com>
Reviewed by Xan Lopez.
diff --git a/LayoutTests/http/tests/security/resources/view-source-no-refresh.php b/LayoutTests/http/tests/security/resources/view-source-no-refresh.php
new file mode 100644
index 0000000..6a24d6a
--- /dev/null
+++ b/LayoutTests/http/tests/security/resources/view-source-no-refresh.php
@@ -0,0 +1,12 @@
+<?php
+ header('HTTP/1.0 200 OK');
+ header('Content-type: text/html');
+ header('Refresh: 0;URL=javascript:window.top.location="about:blank"');
+?>
+
+<head>
+<meta http-equiv='refresh' content='0;URL=javascript:window.top.location="about:blank"'/>
+</head>
+<body>
+This is the viewsource iframe.
+</body>
diff --git a/LayoutTests/http/tests/security/view-source-no-refresh-expected.txt b/LayoutTests/http/tests/security/view-source-no-refresh-expected.txt
new file mode 100644
index 0000000..b121987
--- /dev/null
+++ b/LayoutTests/http/tests/security/view-source-no-refresh-expected.txt
@@ -0,0 +1,3 @@
+Success - did not redirect to Javascript
+
+
diff --git a/LayoutTests/http/tests/security/view-source-no-refresh.html b/LayoutTests/http/tests/security/view-source-no-refresh.html
new file mode 100644
index 0000000..38b5675
--- /dev/null
+++ b/LayoutTests/http/tests/security/view-source-no-refresh.html
@@ -0,0 +1,25 @@
+<html>
+<body>
+<script>
+if (window.layoutTestController) {
+ layoutTestController.waitUntilDone();
+ layoutTestController.dumpAsText();
+}
+</script>
+<script>
+function done() {
+ if (window.layoutTestController)
+ layoutTestController.notifyDone();
+}
+
+function loaded() {
+ // Unfortunately need to wait a little to ensure the top level page
+ // transition occurs in the failure case.
+ setTimeout("done()", 1000);
+}
+</script>
+<p>Success - did not redirect to Javascript</p>
+<iframe viewsource src="resources/view-source-no-refresh.php" onload="loaded()">
+</iframe>
+</body>
+</html>
diff --git a/WebCore/ChangeLog b/WebCore/ChangeLog
index 97ac757..16b2af3 100644
--- a/WebCore/ChangeLog
+++ b/WebCore/ChangeLog
@@ -1,3 +1,15 @@
+2009-10-23 Chris Evans <cevans at chromium.org>
+
+ Reviewed by Adam Barth.
+
+ Ignore the Refresh header if we're in view source mode.
+
+ https://bugs.webkit.org/show_bug.cgi?id=27239
+
+ Test: http/tests/security/view-source-no-refresh.html
+
+ * loader/FrameLoader.cpp: ignore Refresh in view-source mode.
+
2009-10-23 Alexey Proskuryakov <ap at apple.com>
Reviewed by Sam Weinig.
diff --git a/WebCore/loader/FrameLoader.cpp b/WebCore/loader/FrameLoader.cpp
index 9e7bc67..34a8f32 100644
--- a/WebCore/loader/FrameLoader.cpp
+++ b/WebCore/loader/FrameLoader.cpp
@@ -757,6 +757,8 @@ void FrameLoader::receivedFirstData()
String url;
if (!m_documentLoader)
return;
+ if (m_frame->inViewSourceMode())
+ return;
if (!parseHTTPRefresh(m_documentLoader->response().httpHeaderField("Refresh"), false, delay, url))
return;
--
WebKit Debian packaging
More information about the Pkg-webkit-commits
mailing list