[SCM] WebKit Debian packaging branch, debian/unstable, updated. debian/1.1.15-1-40151-g37bb677
trey
trey at 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Sat Sep 26 07:19:46 UTC 2009
The following commit has been merged in the debian/unstable branch:
commit 2c65ac11d49cd9c63da63a8f688b4aa130900aa8
Author: trey <trey at 268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date: Wed Jan 15 18:59:19 2003 +0000
3144458 - user's credentials are present in a form that is revisited via b/f or history
We now never save/restore password fields. Also if the page has a form with a password
field that would be submitted securely, we do not save anything on that page.
Reviewed by Darin.
* force-clean-timestamp: PB isn't smart enough to know what to rebuild.
* khtml/html/html_formimpl.cpp:
(HTMLFormElementImpl::formWouldHaveSecureSubmission): Utility function.
(HTMLFormElementImpl::attach): Tell doc if we've added a secure form.
(HTMLFormElementImpl::parseAttribute): Tell doc if form became secure.
(HTMLInputElementImpl::state): Assert that we never save password fields.
(HTMLInputElementImpl::restoreState): Assert that we never restore password fields.
(HTMLInputElementImpl::attach): Tell doc if we've added a password field.
* khtml/html/html_formimpl.h:
* khtml/xml/dom_docimpl.cpp:
(DocumentImpl::DocumentImpl): Init count of secure forms, password fields.
(DocumentImpl::passwordFieldAdded):
(DocumentImpl::passwordFieldRemoved):
(DocumentImpl::hasPasswordField): New methods to count password fields.
(DocumentImpl::secureFormAdded):
(DocumentImpl::secureFormRemoved):
(DocumentImpl::hasSecureForm): New methods to count secure forms.
* khtml/xml/dom_docimpl.h:
* kwq/KWQKHTMLPart.mm:
(KWQKHTMLPart::canCachePage): Never let pages with password fields in the page cache.
(KWQKHTMLPart::saveDocumentState): Do not save form state if page has a form with
a password field that would be submitted securely
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@3328 268f45cc-cd09-0410-ab3c-d52691b4dbfc
diff --git a/WebCore/ChangeLog-2003-10-25 b/WebCore/ChangeLog-2003-10-25
index e92971e..d93c41e 100644
--- a/WebCore/ChangeLog-2003-10-25
+++ b/WebCore/ChangeLog-2003-10-25
@@ -1,3 +1,35 @@
+2003-01-15 Trey Matteson <trey at apple.com>
+
+ 3144458 - user's credentials are present in a form that is revisited via b/f or history
+
+ We now never save/restore password fields. Also if the page has a form with a password
+ field that would be submitted securely, we do not save anything on that page.
+
+ Reviewed by Darin.
+
+ * force-clean-timestamp: PB isn't smart enough to know what to rebuild.
+ * khtml/html/html_formimpl.cpp:
+ (HTMLFormElementImpl::formWouldHaveSecureSubmission): Utility function.
+ (HTMLFormElementImpl::attach): Tell doc if we've added a secure form.
+ (HTMLFormElementImpl::parseAttribute): Tell doc if form became secure.
+ (HTMLInputElementImpl::state): Assert that we never save password fields.
+ (HTMLInputElementImpl::restoreState): Assert that we never restore password fields.
+ (HTMLInputElementImpl::attach): Tell doc if we've added a password field.
+ * khtml/html/html_formimpl.h:
+ * khtml/xml/dom_docimpl.cpp:
+ (DocumentImpl::DocumentImpl): Init count of secure forms, password fields.
+ (DocumentImpl::passwordFieldAdded):
+ (DocumentImpl::passwordFieldRemoved):
+ (DocumentImpl::hasPasswordField): New methods to count password fields.
+ (DocumentImpl::secureFormAdded):
+ (DocumentImpl::secureFormRemoved):
+ (DocumentImpl::hasSecureForm): New methods to count secure forms.
+ * khtml/xml/dom_docimpl.h:
+ * kwq/KWQKHTMLPart.mm:
+ (KWQKHTMLPart::canCachePage): Never let pages with password fields in the page cache.
+ (KWQKHTMLPart::saveDocumentState): Do not save form state if page has a form with
+ a password field that would be submitted securely
+
2003-01-15 Darin Adler <darin at apple.com>
Reviewed by Ken.
diff --git a/WebCore/ChangeLog-2005-08-23 b/WebCore/ChangeLog-2005-08-23
index e92971e..d93c41e 100644
--- a/WebCore/ChangeLog-2005-08-23
+++ b/WebCore/ChangeLog-2005-08-23
@@ -1,3 +1,35 @@
+2003-01-15 Trey Matteson <trey at apple.com>
+
+ 3144458 - user's credentials are present in a form that is revisited via b/f or history
+
+ We now never save/restore password fields. Also if the page has a form with a password
+ field that would be submitted securely, we do not save anything on that page.
+
+ Reviewed by Darin.
+
+ * force-clean-timestamp: PB isn't smart enough to know what to rebuild.
+ * khtml/html/html_formimpl.cpp:
+ (HTMLFormElementImpl::formWouldHaveSecureSubmission): Utility function.
+ (HTMLFormElementImpl::attach): Tell doc if we've added a secure form.
+ (HTMLFormElementImpl::parseAttribute): Tell doc if form became secure.
+ (HTMLInputElementImpl::state): Assert that we never save password fields.
+ (HTMLInputElementImpl::restoreState): Assert that we never restore password fields.
+ (HTMLInputElementImpl::attach): Tell doc if we've added a password field.
+ * khtml/html/html_formimpl.h:
+ * khtml/xml/dom_docimpl.cpp:
+ (DocumentImpl::DocumentImpl): Init count of secure forms, password fields.
+ (DocumentImpl::passwordFieldAdded):
+ (DocumentImpl::passwordFieldRemoved):
+ (DocumentImpl::hasPasswordField): New methods to count password fields.
+ (DocumentImpl::secureFormAdded):
+ (DocumentImpl::secureFormRemoved):
+ (DocumentImpl::hasSecureForm): New methods to count secure forms.
+ * khtml/xml/dom_docimpl.h:
+ * kwq/KWQKHTMLPart.mm:
+ (KWQKHTMLPart::canCachePage): Never let pages with password fields in the page cache.
+ (KWQKHTMLPart::saveDocumentState): Do not save form state if page has a form with
+ a password field that would be submitted securely
+
2003-01-15 Darin Adler <darin at apple.com>
Reviewed by Ken.
diff --git a/WebCore/force-clean-timestamp b/WebCore/force-clean-timestamp
index d96e045..7771aeb 100644
--- a/WebCore/force-clean-timestamp
+++ b/WebCore/force-clean-timestamp
@@ -1 +1 @@
-DOMString constructor 12/13
+New member vars in DocumentImpl 1/15/03
diff --git a/WebCore/khtml/html/html_formimpl.cpp b/WebCore/khtml/html/html_formimpl.cpp
index 71eeb82..c6df7ea 100644
--- a/WebCore/khtml/html/html_formimpl.cpp
+++ b/WebCore/khtml/html/html_formimpl.cpp
@@ -90,6 +90,18 @@ NodeImpl::Id HTMLFormElementImpl::id() const
return ID_FORM;
}
+#if APPLE_CHANGES
+bool HTMLFormElementImpl::formWouldHaveSecureSubmission(DOMString url)
+{
+ if (url.isNull()) {
+ return false;
+ } else {
+ QString fullUrl = getDocument()->completeURL( url.string() );
+ return strncmp(fullUrl.latin1(), "https:", 6) == 0;
+ }
+}
+#endif
+
void HTMLFormElementImpl::attach()
{
HTMLElementImpl::attach();
@@ -99,6 +111,13 @@ void HTMLFormElementImpl::attach()
document->addNamedImageOrForm(oldNameAttr);
document->addNamedImageOrForm(oldIdAttr);
}
+
+#if APPLE_CHANGES
+ // note we don't deal with calling secureFormRemoved() on detach, because the timing
+ // was such that it cleared our state too early
+ if (formWouldHaveSecureSubmission(m_url))
+ getDocument()->secureFormAdded();
+#endif
}
void HTMLFormElementImpl::detach()
@@ -498,7 +517,21 @@ void HTMLFormElementImpl::parseAttribute(AttributeImpl *attr)
switch(attr->id())
{
case ATTR_ACTION:
+#if APPLE_CHANGES
+ {
+ bool oldURLWasSecure = formWouldHaveSecureSubmission(m_url);
+#endif
m_url = khtml::parseURL(attr->value());
+#if APPLE_CHANGES
+ bool newURLIsSecure = formWouldHaveSecureSubmission(m_url);
+
+ if (m_attached && (oldURLWasSecure != newURLIsSecure))
+ if (newURLIsSecure)
+ getDocument()->secureFormAdded();
+ else
+ getDocument()->secureFormRemoved();
+ }
+#endif
break;
case ATTR_TARGET:
m_target = attr->value();
@@ -1038,6 +1071,8 @@ DOMString HTMLInputElementImpl::type() const
QString HTMLInputElementImpl::state( )
{
+ assert(m_type != PASSWORD); // should never save/restore password fields
+
QString state = HTMLGenericFormElementImpl::state();
switch (m_type) {
case CHECKBOX:
@@ -1050,6 +1085,8 @@ QString HTMLInputElementImpl::state( )
void HTMLInputElementImpl::restoreState(QStringList &states)
{
+ assert(m_type != PASSWORD); // should never save/restore password fields
+
QString state = HTMLGenericFormElementImpl::findMatchingState(states);
if (state.isNull()) return;
@@ -1266,6 +1303,13 @@ void HTMLInputElementImpl::attach()
HTMLGenericFormElementImpl::attach();
_style->deref();
+
+#if APPLE_CHANGES
+ // note we don't deal with calling passwordFieldRemoved() on detach, because the timing
+ // was such that it cleared our state too early
+ if (m_type == PASSWORD)
+ getDocument()->passwordFieldAdded();
+#endif
}
DOMString HTMLInputElementImpl::altText() const
diff --git a/WebCore/khtml/html/html_formimpl.h b/WebCore/khtml/html/html_formimpl.h
index 9b9a216..92d26c7 100644
--- a/WebCore/khtml/html/html_formimpl.h
+++ b/WebCore/khtml/html/html_formimpl.h
@@ -119,6 +119,9 @@ public:
private:
QString oldIdAttr;
QString oldNameAttr;
+#if APPLE_CHANGES
+ bool formWouldHaveSecureSubmission(DOMString url);
+#endif
};
// -------------------------------------------------------------------------
@@ -282,7 +285,7 @@ public:
void blur();
void focus();
- virtual bool maintainsState() { return true; }
+ virtual bool maintainsState() { return m_type != PASSWORD; }
virtual QString state();
virtual void restoreState(QStringList &);
diff --git a/WebCore/khtml/xml/dom_docimpl.cpp b/WebCore/khtml/xml/dom_docimpl.cpp
index 12a8bc9..85b2730 100644
--- a/WebCore/khtml/xml/dom_docimpl.cpp
+++ b/WebCore/khtml/xml/dom_docimpl.cpp
@@ -228,7 +228,8 @@ QPtrList<DocumentImpl> * DocumentImpl::changedDocuments = 0;
DocumentImpl::DocumentImpl(DOMImplementationImpl *_implementation, KHTMLView *v)
: NodeBaseImpl( new DocumentPtr() )
#if APPLE_CHANGES
- , m_finishedParsing(this, SIGNAL(finishedParsing())), m_inPageCache(0)
+ , m_finishedParsing(this, SIGNAL(finishedParsing())), m_inPageCache(0),
+ m_passwordFields(0), m_secureForms(0)
#endif
{
document->doc = this;
@@ -2242,6 +2243,39 @@ void DocumentImpl::setInPageCache(bool flag)
{
m_inPageCache = flag;
}
+
+void DocumentImpl::passwordFieldAdded()
+{
+ m_passwordFields++;
+}
+
+void DocumentImpl::passwordFieldRemoved()
+{
+ assert(m_passwordFields > 0);
+ m_passwordFields--;
+}
+
+bool DocumentImpl::hasPasswordField() const
+{
+ return m_passwordFields > 0;
+}
+
+void DocumentImpl::secureFormAdded()
+{
+ m_secureForms++;
+}
+
+void DocumentImpl::secureFormRemoved()
+{
+ assert(m_secureForms > 0);
+ m_secureForms--;
+}
+
+bool DocumentImpl::hasSecureForm() const
+{
+ return m_secureForms > 0;
+}
+
#endif
#include "dom_docimpl.moc"
diff --git a/WebCore/khtml/xml/dom_docimpl.h b/WebCore/khtml/xml/dom_docimpl.h
index 10fe1f2..3006f05 100644
--- a/WebCore/khtml/xml/dom_docimpl.h
+++ b/WebCore/khtml/xml/dom_docimpl.h
@@ -418,9 +418,19 @@ public:
bool inPageCache();
void setInPageCache (bool flag);
void restoreRenderer(khtml::RenderObject* render);
-
+
+ void passwordFieldAdded();
+ void passwordFieldRemoved();
+ bool hasPasswordField() const ;
+
+ void secureFormAdded();
+ void secureFormRemoved();
+ bool hasSecureForm() const ;
+
private:
bool m_inPageCache;
+ int m_passwordFields;
+ int m_secureForms;
#endif
protected:
diff --git a/WebCore/kwq/KWQKHTMLPart.mm b/WebCore/kwq/KWQKHTMLPart.mm
index 4b657ab..592450a 100644
--- a/WebCore/kwq/KWQKHTMLPart.mm
+++ b/WebCore/kwq/KWQKHTMLPart.mm
@@ -468,13 +468,15 @@ bool KWQKHTMLPart::canCachePage()
// 1. We're not a frame or frameset.
// 2. The page has no javascript timers.
// 3. The page has no unload handler.
- // 4. The page has no plugins.
- // 5. The page has no JavaScript window timeouts.
+ // 4. The page has no password fields.
+ // 5. The page has no plugins.
+ // 6. The page has no JavaScript window timeouts.
if (d->m_doc &&
(d->m_frames.count() ||
parentPart() ||
d->m_objects.count() ||
- d->m_doc->getWindowEventListener (EventImpl::UNLOAD_EVENT))) {
+ d->m_doc->getWindowEventListener (EventImpl::UNLOAD_EVENT) ||
+ d->m_doc->hasPasswordField())) {
return false;
}
if (d->m_doc && d->m_jscript) {
@@ -611,7 +613,11 @@ void KWQKHTMLPart::clearDocumentFocus(QWidget *widget)
void KWQKHTMLPart::saveDocumentState()
{
- [_bridge saveDocumentState];
+ // Do not save doc state if the page has a password field and a form that would be submitted
+ // via https
+ if (!(d->m_doc && d->m_doc->hasPasswordField() && d->m_doc->hasSecureForm())) {
+ [_bridge saveDocumentState];
+ }
}
void KWQKHTMLPart::restoreDocumentState()
--
WebKit Debian packaging
More information about the Pkg-webkit-commits
mailing list