[SCM] WebKit Debian packaging branch, webkit-1.2, updated. upstream/1.1.90-6072-g9a69373

abarth at webkit.org abarth at webkit.org
Thu Apr 8 00:43:47 UTC 2010 

The following commit has been merged in the webkit-1.2 branch:
commit d157a04bcd71b299eda8e60ce898a91e75cc310b
Author: abarth at webkit.org <abarth at webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date:   Sun Dec 20 07:22:56 2009 +0000

    2009-12-19  Adam Barth  <abarth at webkit.org>
    
            Reviewed by Eric Seidel.
    
            Add a test for window.open and JavaScript URLs.
    
            * http/tests/security/xss-DENIED-window-open-javascript-url-expected.txt: Added.
            * http/tests/security/xss-DENIED-window-open-javascript-url.html: Added.
    2009-12-19  Adam Barth  <abarth at webkit.org>
    
            Reviewed by Eric Seidel.
    
            Added a missing "not".
    
            Test: http/tests/security/xss-DENIED-window-open-javascript-url.html
    
            * bindings/v8/custom/V8DOMWindowCustom.cpp:
            (WebCore::createWindow):
    
    git-svn-id: http://svn.webkit.org/repository/webkit/trunk@52401 268f45cc-cd09-0410-ab3c-d52691b4dbfc

diff --git a/LayoutTests/ChangeLog b/LayoutTests/ChangeLog
index 4a9fc01..d356fda 100644
--- a/LayoutTests/ChangeLog
+++ b/LayoutTests/ChangeLog
@@ -1,3 +1,12 @@
+2009-12-19  Adam Barth  <abarth at webkit.org>
+
+        Reviewed by Eric Seidel.
+
+        Add a test for window.open and JavaScript URLs.
+
+        * http/tests/security/xss-DENIED-window-open-javascript-url-expected.txt: Added.
+        * http/tests/security/xss-DENIED-window-open-javascript-url.html: Added.
+
 2009-12-19  Fumitoshi Ukai  <ukai at chromium.org>
 
         Reviewed by Alexey Proskuryakov.
diff --git a/LayoutTests/http/tests/security/xss-DENIED-window-open-javascript-url-expected.txt b/LayoutTests/http/tests/security/xss-DENIED-window-open-javascript-url-expected.txt
new file mode 100644
index 0000000..7816795
--- /dev/null
+++ b/LayoutTests/http/tests/security/xss-DENIED-window-open-javascript-url-expected.txt
@@ -0,0 +1,4 @@
+CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8080/security/resources/innocent-victim.html from frame with URL http://127.0.0.1:8000/security/xss-DENIED-window-open-javascript-url.html. Domains, protocols and ports must match.
+
+This test passes if there is no alert dialog.
+
diff --git a/LayoutTests/http/tests/security/xss-DENIED-window-open-javascript-url.html b/LayoutTests/http/tests/security/xss-DENIED-window-open-javascript-url.html
new file mode 100644
index 0000000..bb59b75
--- /dev/null
+++ b/LayoutTests/http/tests/security/xss-DENIED-window-open-javascript-url.html
@@ -0,0 +1,25 @@
+<!DOCTYPE html>
+<html>
+<head>
+<script>
+if (window.layoutTestController) {
+    layoutTestController.dumpAsText();
+    layoutTestController.waitUntilDone();
+}
+function runTest() {
+    window.open("javascript:alert('FAIL')", "tg");
+    window.open("javascript:done()", "_self");
+}
+function done() {
+    if (window.layoutTestController)
+        layoutTestController.notifyDone();
+}
+</script>
+</head>
+<body>
+This test passes if there is no alert dialog.<br>
+<iframe onload="runTest()" name="tg"
+        src="http://localhost:8080/security/resources/innocent-victim.html"
+    ></iframe> 
+</body>
+</html>
diff --git a/WebCore/ChangeLog b/WebCore/ChangeLog
index f85a6ed..3a110ee 100644
--- a/WebCore/ChangeLog
+++ b/WebCore/ChangeLog
@@ -1,3 +1,14 @@
+2009-12-19  Adam Barth  <abarth at webkit.org>
+
+        Reviewed by Eric Seidel.
+
+        Added a missing "not".
+
+        Test: http/tests/security/xss-DENIED-window-open-javascript-url.html
+
+        * bindings/v8/custom/V8DOMWindowCustom.cpp:
+        (WebCore::createWindow):
+
 2009-12-19  Fumitoshi Ukai  <ukai at chromium.org>
 
         Reviewed by Alexey Proskuryakov.
diff --git a/WebCore/bindings/v8/custom/V8DOMWindowCustom.cpp b/WebCore/bindings/v8/custom/V8DOMWindowCustom.cpp
index 36e7054..e7065c3 100644
--- a/WebCore/bindings/v8/custom/V8DOMWindowCustom.cpp
+++ b/WebCore/bindings/v8/custom/V8DOMWindowCustom.cpp
@@ -595,7 +595,7 @@ static Frame* createWindow(Frame* callingFrame,
         }
     }
 
-    if (protocolIsJavaScript(url) || ScriptController::isSafeScript(newFrame)) {
+    if (!protocolIsJavaScript(url) || ScriptController::isSafeScript(newFrame)) {
         KURL completedUrl =
             url.isEmpty() ? KURL(ParsedURLString, "") : completeURL(url);
         bool userGesture = processingUserGesture();

-- 
WebKit Debian packaging

More information about the Pkg-webkit-commits mailing list