[SCM] WebKit Debian packaging branch, debian/experimental, updated. upstream/1.3.3-9427-gc2be6fc
jschuh at chromium.org
jschuh at chromium.org
Wed Dec 22 11:25:28 UTC 2010
The following commit has been merged in the debian/experimental branch:
commit fe5fa97d9ba5ad4ac7638fa523676da99917e323
Author: jschuh at chromium.org <jschuh at chromium.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date: Fri Jul 23 00:29:11 2010 +0000
2010-07-22 Justin Schuh <jschuh at chromium.org>
Reviewed by Adam Barth.
Make history state methods validate against document URL
https://bugs.webkit.org/show_bug.cgi?id=42858
Test: fast/history/history-replace-illegal.html
* page/History.cpp:
(WebCore::History::urlForState):
2010-07-22 Justin Schuh <jschuh at chromium.org>
Reviewed by Adam Barth.
Make history state methods validate against document URL
https://bugs.webkit.org/show_bug.cgi?id=42858
* fast/history/history-replace-illegal-expected.txt: Added.
* fast/history/history-replace-illegal.html: Added.
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@63925 268f45cc-cd09-0410-ab3c-d52691b4dbfc
diff --git a/LayoutTests/ChangeLog b/LayoutTests/ChangeLog
index 9e3d11c..f8ec741 100644
--- a/LayoutTests/ChangeLog
+++ b/LayoutTests/ChangeLog
@@ -1,3 +1,13 @@
+2010-07-22 Justin Schuh <jschuh at chromium.org>
+
+ Reviewed by Adam Barth.
+
+ Make history state methods validate against document URL
+ https://bugs.webkit.org/show_bug.cgi?id=42858
+
+ * fast/history/history-replace-illegal-expected.txt: Added.
+ * fast/history/history-replace-illegal.html: Added.
+
2010-07-22 Yury Semikhatsky <yurys at chromium.org>
Reviewed by Joseph Pecoraro.
diff --git a/LayoutTests/fast/history/history-replace-illegal-expected.txt b/LayoutTests/fast/history/history-replace-illegal-expected.txt
new file mode 100644
index 0000000..6103e11
--- /dev/null
+++ b/LayoutTests/fast/history/history-replace-illegal-expected.txt
@@ -0,0 +1,2 @@
+CONSOLE MESSAGE: line 9: SECURITY_ERR: DOM Exception 18: An attempt was made to break through the security policy of the user agent.
+This page should trigger an error on attempting to set the URL bar to https://www.test.com/
diff --git a/LayoutTests/fast/history/history-replace-illegal.html b/LayoutTests/fast/history/history-replace-illegal.html
new file mode 100644
index 0000000..25c7da1
--- /dev/null
+++ b/LayoutTests/fast/history/history-replace-illegal.html
@@ -0,0 +1,16 @@
+<html>
+<head>
+<base href="https://www.test.com/">
+<script>
+if (window.layoutTestController)
+ layoutTestController.dumpAsText();
+
+window.onload = function(){
+ window.history.replaceState({}, {}, 'https://www.test.com/');
+};
+</script>
+</head>
+<body>
+This page should trigger an error on attempting to set the URL bar to https://www.test.com/
+</body>
+</html>
\ No newline at end of file
diff --git a/WebCore/ChangeLog b/WebCore/ChangeLog
index 1586873..717938b 100644
--- a/WebCore/ChangeLog
+++ b/WebCore/ChangeLog
@@ -1,3 +1,15 @@
+2010-07-22 Justin Schuh <jschuh at chromium.org>
+
+ Reviewed by Adam Barth.
+
+ Make history state methods validate against document URL
+ https://bugs.webkit.org/show_bug.cgi?id=42858
+
+ Test: fast/history/history-replace-illegal.html
+
+ * page/History.cpp:
+ (WebCore::History::urlForState):
+
2010-07-22 Andy Estes <aestes at apple.com>
Reviewed by Maciej Stachowiak.
diff --git a/WebCore/page/History.cpp b/WebCore/page/History.cpp
index 78e8ea6..0a9b9a1 100644
--- a/WebCore/page/History.cpp
+++ b/WebCore/page/History.cpp
@@ -82,7 +82,7 @@ void History::go(int distance)
KURL History::urlForState(const String& urlString)
{
- KURL baseURL = m_frame->loader()->baseURL();
+ KURL baseURL = m_frame->document()->url();
if (urlString.isEmpty())
return baseURL;
--
WebKit Debian packaging
More information about the Pkg-webkit-commits
mailing list