[SCM] WebKit Debian packaging branch, webkit-1.2, updated. upstream/1.1.90-6072-g9a69373

Thu Apr 8 00:44:55 UTC 2010

The following commit has been merged in the webkit-1.2 branch:
commit 5ce90865c7756f2fa043b8d9eb6d0796747fbf66
Author: eric at webkit.org <eric at webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date:   Mon Dec 21 23:42:11 2009 +0000

    2009-12-21  Dirk Pranke  <dpranke at chromium.org>
    
            Reviewed by Darin Adler.
    
            Upstream a test to ensure we handle variations on "javascript:" URL
            correctly.
    
            https://bugs.webkit.org/show_bug.cgi?id=32740
    
            * fast/dom/xss-DENIED-javascript-variations-expected.txt: Added.
            * fast/dom/xss-DENIED-javascript-variations.html: Added.
    
    git-svn-id: http://svn.webkit.org/repository/webkit/trunk@52461 268f45cc-cd09-0410-ab3c-d52691b4dbfc

diff --git a/LayoutTests/ChangeLog b/LayoutTests/ChangeLog
index ebfd529..cea1f6a 100644
--- a/LayoutTests/ChangeLog
+++ b/LayoutTests/ChangeLog
@@ -1,3 +1,15 @@
+2009-12-21  Dirk Pranke  <dpranke at chromium.org>
+
+        Reviewed by Darin Adler.
+
+        Upstream a test to ensure we handle variations on "javascript:" URL
+        correctly.
+
+        https://bugs.webkit.org/show_bug.cgi?id=32740
+
+        * fast/dom/xss-DENIED-javascript-variations-expected.txt: Added.
+        * fast/dom/xss-DENIED-javascript-variations.html: Added.
+
 2009-12-21  Nate Chapin  <japhet at chromium.org>
 
         Unreviewed, build fix.
diff --git a/LayoutTests/fast/dom/xss-DENIED-javascript-variations-expected.txt b/LayoutTests/fast/dom/xss-DENIED-javascript-variations-expected.txt
new file mode 100644
index 0000000..e8a7bf3
--- /dev/null
+++ b/LayoutTests/fast/dom/xss-DENIED-javascript-variations-expected.txt
@@ -0,0 +1,9 @@
+
+
+
+--------
+Frame: 'DUPA'
+--------
+Inner text should not be replaced.
+
+
diff --git a/LayoutTests/fast/dom/xss-DENIED-javascript-variations.html b/LayoutTests/fast/dom/xss-DENIED-javascript-variations.html
new file mode 100644
index 0000000..f34ffea
--- /dev/null
+++ b/LayoutTests/fast/dom/xss-DENIED-javascript-variations.html
@@ -0,0 +1,37 @@
+<html>
+<head>
+<script>
+if (window.layoutTestController) {
+  layoutTestController.dumpAsText();
+  layoutTestController.dumpChildFramesAsText();
+}
+
+function runTest() {
+  var a = window.frames[0];
+// java\0script is invalid url.
+
+  a.location.href = " javascript:document.write('FAIL')";
+  a.location.href = "javascript\t:document.write('FAIL')";
+  a.location.href = "javascript\1:document.write('FAIL')";
+  a.location.href = "javascript:document.write('FAIL')";
+
+
+  a.location.replace(" javascript:document.write('FAIL')");
+  a.location.replace("javascript\t:document.write('FAIL')");
+  a.location.replace("javascript\1:document.write('FAIL')");
+  a.location.replace("javascript:document.write('FAIL')");
+
+  a.location = " javascript:document.write('FAIL')";
+  a.location = "javascript\t:document.write('FAIL')";
+  a.location = "javascript\1:document.write('FAIL')";
+  a.location = "javascript:document.write('FAIL')";
+}
+</script>
+
+</head>
+<body onload="runTest()">
+<br>
+<iframe id = 'DUPA' src="data:text/html,<p>Inner text should not be replaced.<p>"></iframe>
+
+</body>
+</html>

-- 
WebKit Debian packaging

