[SCM] WebKit Debian packaging branch, webkit-1.2, updated. upstream/1.1.90-6072-g9a69373

abarth at webkit.org abarth at webkit.org
Thu Apr 8 02:19:14 UTC 2010 

The following commit has been merged in the webkit-1.2 branch:
commit 245aae6b9fe280a8d6b1e82b0c3085ac9daef385
Author: abarth at webkit.org <abarth at webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date:   Thu Mar 11 02:07:36 2010 +0000

    2010-03-10  Justin Schuh  <jschuh at chromium.org>
    
            Reviewed by Adam Barth.
    
            Make Chrome consistently handle leading format characters in URLs
    
            https://bugs.webkit.org/show_bug.cgi?id=35948
    
            * http/tests/security/xss-DENIED-window-open-javascript-url-leading-format-char-expected.txt: Added.
            * http/tests/security/xss-DENIED-window-open-javascript-url-leading-format-char.html: Added.
    2010-03-10  Justin Schuh  <jschuh at chromium.org>
    
            Reviewed by Adam Barth.
    
            Make Chrome consistently handle leading format characters in URLs
    
            https://bugs.webkit.org/show_bug.cgi?id=35948
    
            Test: http/tests/security/xss-DENIED-window-open-javascript-url-leading-format-char.html
    
            * platform/KURLGoogle.cpp:
    
    git-svn-id: http://svn.webkit.org/repository/webkit/trunk@55822 268f45cc-cd09-0410-ab3c-d52691b4dbfc

diff --git a/LayoutTests/ChangeLog b/LayoutTests/ChangeLog
index 7e1fd00..963bf09 100644
--- a/LayoutTests/ChangeLog
+++ b/LayoutTests/ChangeLog
@@ -1,3 +1,14 @@
+2010-03-10  Justin Schuh  <jschuh at chromium.org>
+
+        Reviewed by Adam Barth.
+
+        Make Chrome consistently handle leading format characters in URLs
+
+        https://bugs.webkit.org/show_bug.cgi?id=35948
+
+        * http/tests/security/xss-DENIED-window-open-javascript-url-leading-format-char-expected.txt: Added.
+        * http/tests/security/xss-DENIED-window-open-javascript-url-leading-format-char.html: Added.
+
 2010-03-10  Chris Fleizach  <cfleizach at apple.com>
 
         Skipping test on GTK and WIN. No Review.
diff --git a/LayoutTests/http/tests/security/xss-DENIED-window-open-javascript-url-leading-format-char-expected.txt b/LayoutTests/http/tests/security/xss-DENIED-window-open-javascript-url-leading-format-char-expected.txt
new file mode 100644
index 0000000..5e8fc1e
--- /dev/null
+++ b/LayoutTests/http/tests/security/xss-DENIED-window-open-javascript-url-leading-format-char-expected.txt
@@ -0,0 +1,2 @@
+This test passes if there is no alert dialog and the iframe contains a broken link.
+
diff --git a/LayoutTests/http/tests/security/xss-DENIED-window-open-javascript-url-leading-format-char.html b/LayoutTests/http/tests/security/xss-DENIED-window-open-javascript-url-leading-format-char.html
new file mode 100644
index 0000000..4e94831
--- /dev/null
+++ b/LayoutTests/http/tests/security/xss-DENIED-window-open-javascript-url-leading-format-char.html
@@ -0,0 +1,28 @@
+<!DOCTYPE html>
+<html>
+<head>
+<script>
+if (window.layoutTestController) {
+    layoutTestController.dumpAsText();
+    layoutTestController.waitUntilDone();
+}
+function runTest() {
+    // Schedule a return to the main event loop so that the javascript: URL
+    // has a chance to run.
+    setTimeout(done, 0);
+    window.open("\u0000javascript:alert('FAIL')", "tg");
+}
+function done() {
+    if (window.layoutTestController)
+        layoutTestController.notifyDone();
+}
+</script>
+</head>
+<body>
+This test passes if there is no alert dialog and the iframe contains a broken 
+link.<br />
+<iframe onload="runTest()" name="tg"
+        src="http://localhost:8080/security/resources/innocent-victim.html"
+    ></iframe> 
+</body>
+</html>
diff --git a/WebCore/ChangeLog b/WebCore/ChangeLog
index 0dcded6..f4fe384 100644
--- a/WebCore/ChangeLog
+++ b/WebCore/ChangeLog
@@ -1,3 +1,15 @@
+2010-03-10  Justin Schuh  <jschuh at chromium.org>
+
+        Reviewed by Adam Barth.
+
+        Make Chrome consistently handle leading format characters in URLs
+
+        https://bugs.webkit.org/show_bug.cgi?id=35948
+
+        Test: http/tests/security/xss-DENIED-window-open-javascript-url-leading-format-char.html
+
+        * platform/KURLGoogle.cpp:
+
 2010-03-10  Jian Li  <jianli at chromium.org>
 
         Reviewed by Dmitry Titov.
diff --git a/WebCore/platform/KURLGoogle.cpp b/WebCore/platform/KURLGoogle.cpp
index c239ca5..602e602 100644
--- a/WebCore/platform/KURLGoogle.cpp
+++ b/WebCore/platform/KURLGoogle.cpp
@@ -1116,12 +1116,10 @@ bool protocolIs(const String& url, const char* protocol)
 {
     // Do the comparison without making a new string object.
     assertProtocolIsGood(protocol);
-    for (int i = 0; ; ++i) {
-        if (!protocol[i])
-            return url[i] == ':';
-        if (toASCIILower(url[i]) != protocol[i])
-            return false;
-    }
+
+    // Check the scheme like GURL does.
+    return url_util::FindAndCompareScheme(url.characters(), url.length(), 
+        protocol, NULL); 
 }
 
 inline bool KURL::protocolIs(const String& string, const char* protocol)

-- 
WebKit Debian packaging

More information about the Pkg-webkit-commits mailing list