[SCM] WebKit Debian packaging branch, webkit-1.2, updated. upstream/1.1.90-6072-g9a69373

abarth at webkit.org abarth at webkit.org
Wed Apr 7 23:14:29 UTC 2010 

The following commit has been merged in the webkit-1.2 branch:
commit 331e781cc149b13477ab59ddad80253da7142fbb
Author: abarth at webkit.org <abarth at webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date:   Thu Oct 29 15:18:58 2009 +0000

    2009-10-29  Adam Barth  <abarth at webkit.org>
    
            Reviewed by Eric Seidel.
    
            Don't run JavaScript URLs in view source mode
            https://bugs.webkit.org/show_bug.cgi?id=30881
    
            Test that we don't run JavaScript URLs in view source mode.
    
            This test actually passes before this change.  I don't know how to
            actually run JavaScript URLs in view source frames using DRT, but it's
            possible in an abitrary embedding of WebKit.
    
            * http/tests/security/view-source-no-javascript-url-expected.txt: Added.
            * http/tests/security/view-source-no-javascript-url.html: Added.
    2009-10-28  Adam Barth  <abarth at webkit.org>
    
            Reviewed by Eric Seidel.
    
            Don't run JavaScript URLs in view source mode
            https://bugs.webkit.org/show_bug.cgi?id=30881
    
            Just say no.
    
            Test: http/tests/security/view-source-no-javascript-url.html
    
            * bindings/ScriptControllerBase.cpp:
            (WebCore::ScriptController::executeIfJavaScriptURL):
    
    git-svn-id: http://svn.webkit.org/repository/webkit/trunk@50271 268f45cc-cd09-0410-ab3c-d52691b4dbfc

diff --git a/LayoutTests/ChangeLog b/LayoutTests/ChangeLog
index 55b7e3f..9f42530 100644
--- a/LayoutTests/ChangeLog
+++ b/LayoutTests/ChangeLog
@@ -1,3 +1,19 @@
+2009-10-29  Adam Barth  <abarth at webkit.org>
+
+        Reviewed by Eric Seidel.
+
+        Don't run JavaScript URLs in view source mode
+        https://bugs.webkit.org/show_bug.cgi?id=30881
+
+        Test that we don't run JavaScript URLs in view source mode.
+
+        This test actually passes before this change.  I don't know how to
+        actually run JavaScript URLs in view source frames using DRT, but it's
+        possible in an abitrary embedding of WebKit.
+
+        * http/tests/security/view-source-no-javascript-url-expected.txt: Added.
+        * http/tests/security/view-source-no-javascript-url.html: Added.
+
 2009-10-28  Dan Bernstein  <mitz at apple.com>
 
         Removed Leopard-specific result after changing ATSUI missing-glyph behavior to match the
diff --git a/LayoutTests/http/tests/security/view-source-no-javascript-url-expected.txt b/LayoutTests/http/tests/security/view-source-no-javascript-url-expected.txt
new file mode 100644
index 0000000..b06e595
--- /dev/null
+++ b/LayoutTests/http/tests/security/view-source-no-javascript-url-expected.txt
@@ -0,0 +1,3 @@
+This test passes if it does not alert FAIL.
+
+
diff --git a/LayoutTests/http/tests/security/view-source-no-javascript-url.html b/LayoutTests/http/tests/security/view-source-no-javascript-url.html
new file mode 100644
index 0000000..ab000cd
--- /dev/null
+++ b/LayoutTests/http/tests/security/view-source-no-javascript-url.html
@@ -0,0 +1,16 @@
+<html>
+<body>
+<script>
+if (window.layoutTestController)
+  layoutTestController.dumpAsText();
+</script>
+<script>
+function loaded() {
+  frames[0].location = "javascript:alert('FAIL');";
+}
+</script>
+<p>This test passes if it does not alert FAIL.</p>
+<iframe viewsource src="resources/innocent-victim.html" onload="loaded()">
+</iframe>
+</body>
+</html>
diff --git a/WebCore/ChangeLog b/WebCore/ChangeLog
index 64c45ff..fd0b1b8 100644
--- a/WebCore/ChangeLog
+++ b/WebCore/ChangeLog
@@ -1,3 +1,17 @@
+2009-10-28  Adam Barth  <abarth at webkit.org>
+
+        Reviewed by Eric Seidel.
+
+        Don't run JavaScript URLs in view source mode
+        https://bugs.webkit.org/show_bug.cgi?id=30881
+
+        Just say no.
+
+        Test: http/tests/security/view-source-no-javascript-url.html
+
+        * bindings/ScriptControllerBase.cpp:
+        (WebCore::ScriptController::executeIfJavaScriptURL):
+
 2009-10-29  Gustavo Noronha Silva  <gustavo.noronha at collabora.co.uk>
 
         Unreviewed. Fixes style problems pointed out by Evan Martin.
@@ -169,7 +183,7 @@
         * xml/XPathFunctions.cpp:
         (WebCore::XPath::createFunctionMap):  Fix struct visibiity warning.
 
-2009-10-28  Adam Barth  <abarth at webkit.org>
+2009-10-29  Adam Barth  <abarth at webkit.org>
 
         Reviewed by Darin Adler.
 
diff --git a/WebCore/bindings/ScriptControllerBase.cpp b/WebCore/bindings/ScriptControllerBase.cpp
index c232e84..7dc68ef 100644
--- a/WebCore/bindings/ScriptControllerBase.cpp
+++ b/WebCore/bindings/ScriptControllerBase.cpp
@@ -62,6 +62,9 @@ bool ScriptController::executeIfJavaScriptURL(const KURL& url, bool userGesture,
     if (m_frame->page() && !m_frame->page()->javaScriptURLsAreAllowed())
         return true;
 
+    if (m_frame->inViewSourceMode())
+        return true;
+
     const int javascriptSchemeLength = sizeof("javascript:") - 1;
 
     String script = decodeURLEscapeSequences(url.string().substring(javascriptSchemeLength));

-- 
WebKit Debian packaging

More information about the Pkg-webkit-commits mailing list