[SCM] WebKit Debian packaging branch, webkit-1.2, updated. upstream/1.1.90-6072-g9a69373
dbates at webkit.org
dbates at webkit.org
Wed Apr 7 23:58:54 UTC 2010
The following commit has been merged in the webkit-1.2 branch:
commit 6b86d5069959c95432fa0f5dff6a705ab18a3194
Author: dbates at webkit.org <dbates at webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date: Fri Nov 27 23:04:50 2009 +0000
2009-11-27 Daniel Bates <dbates at webkit.org>
Reviewed by Adam Barth.
https://bugs.webkit.org/show_bug.cgi?id=31940
Makes the error messages more descriptive when we refuse to load an object/embed or
refuse to load from the document base URL.
* page/XSSAuditor.cpp:
(WebCore::XSSAuditor::canLoadObject): Changed console message to be more descriptive.
(WebCore::XSSAuditor::canSetBaseElementURL): Ditto.
2009-11-27 Daniel Bates <dbates at webkit.org>
Reviewed by Adam Barth.
https://bugs.webkit.org/show_bug.cgi?id=31940
Rebased results because of new error messages.
* http/tests/security/xssAuditor/base-href-control-char-expected.txt:
* http/tests/security/xssAuditor/base-href-expected.txt:
* http/tests/security/xssAuditor/base-href-null-char-expected.txt:
* http/tests/security/xssAuditor/base-href-scheme-relative-expected.txt:
* http/tests/security/xssAuditor/embed-tag-control-char-expected.txt:
* http/tests/security/xssAuditor/embed-tag-expected.txt:
* http/tests/security/xssAuditor/embed-tag-javascript-url-expected.txt:
* http/tests/security/xssAuditor/embed-tag-null-char-expected.txt:
* http/tests/security/xssAuditor/object-embed-tag-control-char-expected.txt:
* http/tests/security/xssAuditor/object-embed-tag-expected.txt:
* http/tests/security/xssAuditor/object-embed-tag-null-char-expected.txt:
* http/tests/security/xssAuditor/object-src-inject-expected.txt:
* http/tests/security/xssAuditor/object-tag-expected.txt:
* http/tests/security/xssAuditor/object-tag-javascript-url-expected.txt:
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@51445 268f45cc-cd09-0410-ab3c-d52691b4dbfc
diff --git a/LayoutTests/ChangeLog b/LayoutTests/ChangeLog
index 2339402..02f962a 100644
--- a/LayoutTests/ChangeLog
+++ b/LayoutTests/ChangeLog
@@ -1,3 +1,26 @@
+2009-11-27 Daniel Bates <dbates at webkit.org>
+
+ Reviewed by Adam Barth.
+
+ https://bugs.webkit.org/show_bug.cgi?id=31940
+
+ Rebased results because of new error messages.
+
+ * http/tests/security/xssAuditor/base-href-control-char-expected.txt:
+ * http/tests/security/xssAuditor/base-href-expected.txt:
+ * http/tests/security/xssAuditor/base-href-null-char-expected.txt:
+ * http/tests/security/xssAuditor/base-href-scheme-relative-expected.txt:
+ * http/tests/security/xssAuditor/embed-tag-control-char-expected.txt:
+ * http/tests/security/xssAuditor/embed-tag-expected.txt:
+ * http/tests/security/xssAuditor/embed-tag-javascript-url-expected.txt:
+ * http/tests/security/xssAuditor/embed-tag-null-char-expected.txt:
+ * http/tests/security/xssAuditor/object-embed-tag-control-char-expected.txt:
+ * http/tests/security/xssAuditor/object-embed-tag-expected.txt:
+ * http/tests/security/xssAuditor/object-embed-tag-null-char-expected.txt:
+ * http/tests/security/xssAuditor/object-src-inject-expected.txt:
+ * http/tests/security/xssAuditor/object-tag-expected.txt:
+ * http/tests/security/xssAuditor/object-tag-javascript-url-expected.txt:
+
2009-11-27 Kenneth Russell <kbr at google.com>
Reviewed by Eric Seidel.
diff --git a/LayoutTests/http/tests/security/xssAuditor/base-href-control-char-expected.txt b/LayoutTests/http/tests/security/xssAuditor/base-href-control-char-expected.txt
index 3a83578..fec2f86 100644
--- a/LayoutTests/http/tests/security/xssAuditor/base-href-control-char-expected.txt
+++ b/LayoutTests/http/tests/security/xssAuditor/base-href-control-char-expected.txt
@@ -1,3 +1,4 @@
-CONSOLE MESSAGE: line 1: Refused to execute a JavaScript script. Source code of script found within request
+CONSOLE MESSAGE: line 1: Refused to load from document base URL. URL found within request.
+
ALERT: This is a safe script.
diff --git a/LayoutTests/http/tests/security/xssAuditor/base-href-expected.txt b/LayoutTests/http/tests/security/xssAuditor/base-href-expected.txt
index 3a83578..fec2f86 100644
--- a/LayoutTests/http/tests/security/xssAuditor/base-href-expected.txt
+++ b/LayoutTests/http/tests/security/xssAuditor/base-href-expected.txt
@@ -1,3 +1,4 @@
-CONSOLE MESSAGE: line 1: Refused to execute a JavaScript script. Source code of script found within request
+CONSOLE MESSAGE: line 1: Refused to load from document base URL. URL found within request.
+
ALERT: This is a safe script.
diff --git a/LayoutTests/http/tests/security/xssAuditor/base-href-null-char-expected.txt b/LayoutTests/http/tests/security/xssAuditor/base-href-null-char-expected.txt
index 3a83578..fec2f86 100644
--- a/LayoutTests/http/tests/security/xssAuditor/base-href-null-char-expected.txt
+++ b/LayoutTests/http/tests/security/xssAuditor/base-href-null-char-expected.txt
@@ -1,3 +1,4 @@
-CONSOLE MESSAGE: line 1: Refused to execute a JavaScript script. Source code of script found within request
+CONSOLE MESSAGE: line 1: Refused to load from document base URL. URL found within request.
+
ALERT: This is a safe script.
diff --git a/LayoutTests/http/tests/security/xssAuditor/base-href-scheme-relative-expected.txt b/LayoutTests/http/tests/security/xssAuditor/base-href-scheme-relative-expected.txt
index 3a83578..fec2f86 100644
--- a/LayoutTests/http/tests/security/xssAuditor/base-href-scheme-relative-expected.txt
+++ b/LayoutTests/http/tests/security/xssAuditor/base-href-scheme-relative-expected.txt
@@ -1,3 +1,4 @@
-CONSOLE MESSAGE: line 1: Refused to execute a JavaScript script. Source code of script found within request
+CONSOLE MESSAGE: line 1: Refused to load from document base URL. URL found within request.
+
ALERT: This is a safe script.
diff --git a/LayoutTests/http/tests/security/xssAuditor/embed-tag-control-char-expected.txt b/LayoutTests/http/tests/security/xssAuditor/embed-tag-control-char-expected.txt
index 672136f..0be2156 100644
--- a/LayoutTests/http/tests/security/xssAuditor/embed-tag-control-char-expected.txt
+++ b/LayoutTests/http/tests/security/xssAuditor/embed-tag-control-char-expected.txt
@@ -1,2 +1,3 @@
-CONSOLE MESSAGE: line 1: Refused to execute a JavaScript script. Source code of script found within request
+CONSOLE MESSAGE: line 1: Refused to load an object. URL found within request: "http://127.0.0.1:8000/security/xssAuditor/resources/dummy.swf".
+
diff --git a/LayoutTests/http/tests/security/xssAuditor/embed-tag-expected.txt b/LayoutTests/http/tests/security/xssAuditor/embed-tag-expected.txt
index 672136f..0be2156 100644
--- a/LayoutTests/http/tests/security/xssAuditor/embed-tag-expected.txt
+++ b/LayoutTests/http/tests/security/xssAuditor/embed-tag-expected.txt
@@ -1,2 +1,3 @@
-CONSOLE MESSAGE: line 1: Refused to execute a JavaScript script. Source code of script found within request
+CONSOLE MESSAGE: line 1: Refused to load an object. URL found within request: "http://127.0.0.1:8000/security/xssAuditor/resources/dummy.swf".
+
diff --git a/LayoutTests/http/tests/security/xssAuditor/embed-tag-javascript-url-expected.txt b/LayoutTests/http/tests/security/xssAuditor/embed-tag-javascript-url-expected.txt
index fd2ef77..9250b9f 100644
--- a/LayoutTests/http/tests/security/xssAuditor/embed-tag-javascript-url-expected.txt
+++ b/LayoutTests/http/tests/security/xssAuditor/embed-tag-javascript-url-expected.txt
@@ -1,3 +1,5 @@
-CONSOLE MESSAGE: line 1: Refused to execute a JavaScript script. Source code of script found within request
-CONSOLE MESSAGE: line 1: Refused to execute a JavaScript script. Source code of script found within request
+CONSOLE MESSAGE: line 1: Refused to load an object. URL found within request: "javascript:alert(document.domain)".
+
+CONSOLE MESSAGE: line 1: Refused to load an object. URL found within request: "javascript:alert(document.domain)".
+
diff --git a/LayoutTests/http/tests/security/xssAuditor/embed-tag-null-char-expected.txt b/LayoutTests/http/tests/security/xssAuditor/embed-tag-null-char-expected.txt
index 672136f..0be2156 100644
--- a/LayoutTests/http/tests/security/xssAuditor/embed-tag-null-char-expected.txt
+++ b/LayoutTests/http/tests/security/xssAuditor/embed-tag-null-char-expected.txt
@@ -1,2 +1,3 @@
-CONSOLE MESSAGE: line 1: Refused to execute a JavaScript script. Source code of script found within request
+CONSOLE MESSAGE: line 1: Refused to load an object. URL found within request: "http://127.0.0.1:8000/security/xssAuditor/resources/dummy.swf".
+
diff --git a/LayoutTests/http/tests/security/xssAuditor/object-embed-tag-control-char-expected.txt b/LayoutTests/http/tests/security/xssAuditor/object-embed-tag-control-char-expected.txt
index 672136f..0be2156 100644
--- a/LayoutTests/http/tests/security/xssAuditor/object-embed-tag-control-char-expected.txt
+++ b/LayoutTests/http/tests/security/xssAuditor/object-embed-tag-control-char-expected.txt
@@ -1,2 +1,3 @@
-CONSOLE MESSAGE: line 1: Refused to execute a JavaScript script. Source code of script found within request
+CONSOLE MESSAGE: line 1: Refused to load an object. URL found within request: "http://127.0.0.1:8000/security/xssAuditor/resources/dummy.swf".
+
diff --git a/LayoutTests/http/tests/security/xssAuditor/object-embed-tag-expected.txt b/LayoutTests/http/tests/security/xssAuditor/object-embed-tag-expected.txt
index 672136f..0be2156 100644
--- a/LayoutTests/http/tests/security/xssAuditor/object-embed-tag-expected.txt
+++ b/LayoutTests/http/tests/security/xssAuditor/object-embed-tag-expected.txt
@@ -1,2 +1,3 @@
-CONSOLE MESSAGE: line 1: Refused to execute a JavaScript script. Source code of script found within request
+CONSOLE MESSAGE: line 1: Refused to load an object. URL found within request: "http://127.0.0.1:8000/security/xssAuditor/resources/dummy.swf".
+
diff --git a/LayoutTests/http/tests/security/xssAuditor/object-embed-tag-null-char-expected.txt b/LayoutTests/http/tests/security/xssAuditor/object-embed-tag-null-char-expected.txt
index 672136f..0be2156 100644
--- a/LayoutTests/http/tests/security/xssAuditor/object-embed-tag-null-char-expected.txt
+++ b/LayoutTests/http/tests/security/xssAuditor/object-embed-tag-null-char-expected.txt
@@ -1,2 +1,3 @@
-CONSOLE MESSAGE: line 1: Refused to execute a JavaScript script. Source code of script found within request
+CONSOLE MESSAGE: line 1: Refused to load an object. URL found within request: "http://127.0.0.1:8000/security/xssAuditor/resources/dummy.swf".
+
diff --git a/LayoutTests/http/tests/security/xssAuditor/object-src-inject-expected.txt b/LayoutTests/http/tests/security/xssAuditor/object-src-inject-expected.txt
index 672136f..0be2156 100644
--- a/LayoutTests/http/tests/security/xssAuditor/object-src-inject-expected.txt
+++ b/LayoutTests/http/tests/security/xssAuditor/object-src-inject-expected.txt
@@ -1,2 +1,3 @@
-CONSOLE MESSAGE: line 1: Refused to execute a JavaScript script. Source code of script found within request
+CONSOLE MESSAGE: line 1: Refused to load an object. URL found within request: "http://127.0.0.1:8000/security/xssAuditor/resources/dummy.swf".
+
diff --git a/LayoutTests/http/tests/security/xssAuditor/object-tag-expected.txt b/LayoutTests/http/tests/security/xssAuditor/object-tag-expected.txt
index 672136f..0be2156 100644
--- a/LayoutTests/http/tests/security/xssAuditor/object-tag-expected.txt
+++ b/LayoutTests/http/tests/security/xssAuditor/object-tag-expected.txt
@@ -1,2 +1,3 @@
-CONSOLE MESSAGE: line 1: Refused to execute a JavaScript script. Source code of script found within request
+CONSOLE MESSAGE: line 1: Refused to load an object. URL found within request: "http://127.0.0.1:8000/security/xssAuditor/resources/dummy.swf".
+
diff --git a/LayoutTests/http/tests/security/xssAuditor/object-tag-javascript-url-expected.txt b/LayoutTests/http/tests/security/xssAuditor/object-tag-javascript-url-expected.txt
index fd2ef77..9250b9f 100644
--- a/LayoutTests/http/tests/security/xssAuditor/object-tag-javascript-url-expected.txt
+++ b/LayoutTests/http/tests/security/xssAuditor/object-tag-javascript-url-expected.txt
@@ -1,3 +1,5 @@
-CONSOLE MESSAGE: line 1: Refused to execute a JavaScript script. Source code of script found within request
-CONSOLE MESSAGE: line 1: Refused to execute a JavaScript script. Source code of script found within request
+CONSOLE MESSAGE: line 1: Refused to load an object. URL found within request: "javascript:alert(document.domain)".
+
+CONSOLE MESSAGE: line 1: Refused to load an object. URL found within request: "javascript:alert(document.domain)".
+
diff --git a/WebCore/ChangeLog b/WebCore/ChangeLog
index 7185279..4cb6dc1 100644
--- a/WebCore/ChangeLog
+++ b/WebCore/ChangeLog
@@ -1,3 +1,16 @@
+2009-11-27 Daniel Bates <dbates at webkit.org>
+
+ Reviewed by Adam Barth.
+
+ https://bugs.webkit.org/show_bug.cgi?id=31940
+
+ Makes the error messages more descriptive when we refuse to load an object/embed or
+ refuse to load from the document base URL.
+
+ * page/XSSAuditor.cpp:
+ (WebCore::XSSAuditor::canLoadObject): Changed console message to be more descriptive.
+ (WebCore::XSSAuditor::canSetBaseElementURL): Ditto.
+
2009-11-27 Yury Semikhatsky <yurys at chromium.org>
Reviewed by Pavel Feldman.
diff --git a/WebCore/page/XSSAuditor.cpp b/WebCore/page/XSSAuditor.cpp
index 28acad2..72c2591 100644
--- a/WebCore/page/XSSAuditor.cpp
+++ b/WebCore/page/XSSAuditor.cpp
@@ -164,7 +164,7 @@ bool XSSAuditor::canLoadObject(const String& url) const
return true;
if (findInRequest(url)) {
- DEFINE_STATIC_LOCAL(String, consoleMessage, ("Refused to execute a JavaScript script. Source code of script found within request"));
+ String consoleMessage = String::format("Refused to load an object. URL found within request: \"%s\".\n", url.utf8().data());
m_frame->domWindow()->console()->addMessage(JSMessageSource, LogMessageType, ErrorMessageLevel, consoleMessage, 1, String());
return false;
}
@@ -180,7 +180,7 @@ bool XSSAuditor::canSetBaseElementURL(const String& url) const
return true;
if (findInRequest(url)) {
- DEFINE_STATIC_LOCAL(String, consoleMessage, ("Refused to execute a JavaScript script. Source code of script found within request"));
+ DEFINE_STATIC_LOCAL(String, consoleMessage, ("Refused to load from document base URL. URL found within request.\n"));
m_frame->domWindow()->console()->addMessage(JSMessageSource, LogMessageType, ErrorMessageLevel, consoleMessage, 1, String());
return false;
}
--
WebKit Debian packaging
More information about the Pkg-webkit-commits
mailing list