[SCM] WebKit Debian packaging branch, debian/experimental, updated. upstream/1.3.3-9427-gc2be6fc
weinig at apple.com
weinig at apple.com
Wed Dec 22 12:28:44 UTC 2010
The following commit has been merged in the debian/experimental branch:
commit 7c5d7d58733b3dc3546dd3d44d0a08548cbdebc0
Author: weinig at apple.com <weinig at apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date: Tue Aug 24 14:59:26 2010 +0000
Fix for <rdar://problem/8153271> and <rdar://problem/8153288>
Change behavior of javascript: urls in <embed> and <object> back to
how they behaved before r50698.
Reviewed by Adam Barth.
WebCore:
Tests: fast/loader/javascript-url-in-embed.html
fast/loader/javascript-url-in-object.html
* loader/SubframeLoader.cpp:
(WebCore::SubframeLoader::requestFrame):
(WebCore::SubframeLoader::requestObject):
(WebCore::SubframeLoader::loadOrRedirectSubframe):
* loader/SubframeLoader.h:
LayoutTests:
* fast/loader/javascript-url-in-embed-expected.txt: Added.
* fast/loader/javascript-url-in-embed.html: Added.
* fast/loader/javascript-url-in-object-expected.txt: Added.
* fast/loader/javascript-url-in-object.html: Added.
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@65900 268f45cc-cd09-0410-ab3c-d52691b4dbfc
diff --git a/LayoutTests/ChangeLog b/LayoutTests/ChangeLog
index 6bb5daa..070c99a 100644
--- a/LayoutTests/ChangeLog
+++ b/LayoutTests/ChangeLog
@@ -1,3 +1,16 @@
+2010-08-24 Sam Weinig <sam at webkit.org>
+
+ Reviewed by Adam Barth.
+
+ Fix for <rdar://problem/8153271> and <rdar://problem/8153288>
+ Change behavior of javascript: urls in <embed> and <object> back to
+ how they behaved before r50698.
+
+ * fast/loader/javascript-url-in-embed-expected.txt: Added.
+ * fast/loader/javascript-url-in-embed.html: Added.
+ * fast/loader/javascript-url-in-object-expected.txt: Added.
+ * fast/loader/javascript-url-in-object.html: Added.
+
2010-08-24 Kent Tamura <tkent at chromium.org>
Unreviewed, test expectation update.
diff --git a/LayoutTests/fast/loader/javascript-url-in-embed-expected.txt b/LayoutTests/fast/loader/javascript-url-in-embed-expected.txt
new file mode 100644
index 0000000..62fcde1
--- /dev/null
+++ b/LayoutTests/fast/loader/javascript-url-in-embed-expected.txt
@@ -0,0 +1,3 @@
+This tests that javascript: urls in an embed tag do not get executed.
+
+
diff --git a/LayoutTests/fast/loader/javascript-url-in-embed.html b/LayoutTests/fast/loader/javascript-url-in-embed.html
new file mode 100644
index 0000000..e97d103
--- /dev/null
+++ b/LayoutTests/fast/loader/javascript-url-in-embed.html
@@ -0,0 +1,6 @@
+<script>
+ if (window.layoutTestController)
+ layoutTestController.dumpAsText();
+</script>
+<p>This tests that javascript: urls in an embed tag do not get executed.</p>
+<embed src="javascript:alert('FAIL - javascript: url url was executed.');"></embed>
diff --git a/LayoutTests/fast/loader/javascript-url-in-object-expected.txt b/LayoutTests/fast/loader/javascript-url-in-object-expected.txt
new file mode 100644
index 0000000..e3a0dac
--- /dev/null
+++ b/LayoutTests/fast/loader/javascript-url-in-object-expected.txt
@@ -0,0 +1,3 @@
+This tests that javascript: urls in an object tag do not get executed.
+
+
diff --git a/LayoutTests/fast/loader/javascript-url-in-object.html b/LayoutTests/fast/loader/javascript-url-in-object.html
new file mode 100644
index 0000000..8a78e19
--- /dev/null
+++ b/LayoutTests/fast/loader/javascript-url-in-object.html
@@ -0,0 +1,6 @@
+<script>
+ if (window.layoutTestController)
+ layoutTestController.dumpAsText();
+</script>
+<p>This tests that javascript: urls in an object tag do not get executed.</p>
+<object data="javascript:alert('FAIL - javascript: url was executed.');"></object>
diff --git a/WebCore/ChangeLog b/WebCore/ChangeLog
index 86f6776..4b02273 100644
--- a/WebCore/ChangeLog
+++ b/WebCore/ChangeLog
@@ -1,3 +1,20 @@
+2010-08-23 Sam Weinig <sam at webkit.org>
+
+ Reviewed by Adam Barth.
+
+ Fix for <rdar://problem/8153271> and <rdar://problem/8153288>
+ Change behavior of javascript: urls in <embed> and <object> back to
+ how they behaved before r50698.
+
+ Tests: fast/loader/javascript-url-in-embed.html
+ fast/loader/javascript-url-in-object.html
+
+ * loader/SubframeLoader.cpp:
+ (WebCore::SubframeLoader::requestFrame):
+ (WebCore::SubframeLoader::requestObject):
+ (WebCore::SubframeLoader::loadOrRedirectSubframe):
+ * loader/SubframeLoader.h:
+
2010-08-24 Xan Lopez <xlopez at igalia.com>
Reviewed by Gustavo Noronha.
diff --git a/WebCore/loader/SubframeLoader.cpp b/WebCore/loader/SubframeLoader.cpp
index e7dafa1..f56ebf1 100644
--- a/WebCore/loader/SubframeLoader.cpp
+++ b/WebCore/loader/SubframeLoader.cpp
@@ -37,9 +37,6 @@
#include "FrameLoaderClient.h"
#include "HTMLAppletElement.h"
#include "HTMLFrameElementBase.h"
-#if ENABLE(PLUGIN_PROXY_FOR_VIDEO)
-#include "HTMLMediaElement.h"
-#endif
#include "HTMLNames.h"
#include "HTMLPlugInElement.h"
#include "MIMETypeRegistry.h"
@@ -47,13 +44,15 @@
#include "Page.h"
#include "PluginData.h"
#include "RenderEmbeddedObject.h"
-#if ENABLE(PLUGIN_PROXY_FOR_VIDEO)
-#include "RenderVideo.h"
-#endif
#include "RenderView.h"
#include "Settings.h"
#include "XSSAuditor.h"
+#if ENABLE(PLUGIN_PROXY_FOR_VIDEO)
+#include "HTMLMediaElement.h"
+#include "RenderVideo.h"
+#endif
+
namespace WebCore {
using namespace HTMLNames;
@@ -90,12 +89,7 @@ bool SubframeLoader::requestFrame(HTMLFrameOwnerElement* ownerElement, const Str
} else
url = completeURL(urlString);
- Frame* frame = ownerElement->contentFrame();
- if (frame)
- frame->redirectScheduler()->scheduleLocationChange(url.string(), m_frame->loader()->outgoingReferrer(), lockHistory, lockBackForwardList, m_frame->loader()->isProcessingUserGesture());
- else
- frame = loadSubframe(ownerElement, url, frameName, m_frame->loader()->outgoingReferrer());
-
+ Frame* frame = loadOrRedirectSubframe(ownerElement, url, frameName, lockHistory, lockBackForwardList);
if (!frame)
return false;
@@ -138,10 +132,10 @@ bool SubframeLoader::requestObject(RenderEmbeddedObject* renderer, const String&
ASSERT(renderer->node()->hasTagName(objectTag) || renderer->node()->hasTagName(embedTag));
HTMLPlugInElement* element = static_cast<HTMLPlugInElement*>(renderer->node());
- // If the plug-in element already contains a subframe, requestFrame will re-use it. Otherwise,
+ // If the plug-in element already contains a subframe, loadOrRedirectSubframe will re-use it. Otherwise,
// it will create a new frame and set it as the RenderPart's widget, causing what was previously
// in the widget to be torn down.
- return requestFrame(element, completedURL, frameName);
+ return loadOrRedirectSubframe(element, completedURL, frameName, true, true);
}
@@ -236,6 +230,16 @@ PassRefPtr<Widget> SubframeLoader::createJavaAppletWidget(const IntSize& size, H
return widget;
}
+Frame* SubframeLoader::loadOrRedirectSubframe(HTMLFrameOwnerElement* ownerElement, const KURL& url, const AtomicString& frameName, bool lockHistory, bool lockBackForwardList)
+{
+ Frame* frame = ownerElement->contentFrame();
+ if (frame)
+ frame->redirectScheduler()->scheduleLocationChange(url.string(), m_frame->loader()->outgoingReferrer(), lockHistory, lockBackForwardList, m_frame->loader()->isProcessingUserGesture());
+ else
+ frame = loadSubframe(ownerElement, url, frameName, m_frame->loader()->outgoingReferrer());
+ return frame;
+}
+
Frame* SubframeLoader::loadSubframe(HTMLFrameOwnerElement* ownerElement, const KURL& url, const String& name, const String& referrer)
{
bool allowsScrolling = true;
diff --git a/WebCore/loader/SubframeLoader.h b/WebCore/loader/SubframeLoader.h
index df08870..d42ef2c 100644
--- a/WebCore/loader/SubframeLoader.h
+++ b/WebCore/loader/SubframeLoader.h
@@ -74,6 +74,7 @@ public:
bool containsPlugins() const { return m_containsPlugins; }
private:
+ Frame* loadOrRedirectSubframe(HTMLFrameOwnerElement*, const KURL&, const AtomicString& frameName, bool lockHistory, bool lockBackForwardList);
Frame* loadSubframe(HTMLFrameOwnerElement*, const KURL&, const String& name, const String& referrer);
bool loadPlugin(RenderEmbeddedObject*, const KURL&, const String& mimeType,
const Vector<String>& paramNames, const Vector<String>& paramValues, bool useFallback);
--
WebKit Debian packaging
More information about the Pkg-webkit-commits
mailing list