[SCM] WebKit Debian packaging branch, debian/experimental, updated. upstream/1.3.3-9427-gc2be6fc

[jschuh at chromium.org]

The following commit has been merged in the debian/experimental branch:
commit 6dd676d77672cf29e3754cc25fedb58297e68ddf
Author: jschuh at chromium.org <jschuh at chromium.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date:   Tue Aug 31 17:04:18 2010 +0000

    2010-08-31  Justin Schuh  <jschuh at chromium.org>
    
            Reviewed by Nate Chapin.
    
            Local frame loads should check against origin (not referrer)
            https://bugs.webkit.org/show_bug.cgi?id=44888
    
            Test: fast/frames/iframe-no-src-local-origin-allow.html
    
            * loader/SubframeLoader.cpp:
            (WebCore::SubframeLoader::loadSubframe):
    2010-08-31  Justin Schuh  <jschuh at chromium.org>
    
            Reviewed by Nate Chapin.
    
            Local frame loads should check against origin (not referrer)
            https://bugs.webkit.org/show_bug.cgi?id=44888
    
            * fast/frames/iframe-no-src-local-origin-allow-expected.txt: Added.
            * fast/frames/iframe-no-src-local-origin-allow.html: Added.
    
    
    git-svn-id: http://svn.webkit.org/repository/webkit/trunk@66496 268f45cc-cd09-0410-ab3c-d52691b4dbfc

diff --git a/LayoutTests/ChangeLog b/LayoutTests/ChangeLog
index 497a116..feb5ed0 100644
--- a/LayoutTests/ChangeLog
+++ b/LayoutTests/ChangeLog
@@ -1,3 +1,13 @@
+2010-08-31  Justin Schuh  <jschuh at chromium.org>
+
+        Reviewed by Nate Chapin.
+
+        Local frame loads should check against origin (not referrer)
+        https://bugs.webkit.org/show_bug.cgi?id=44888
+
+        * fast/frames/iframe-no-src-local-origin-allow-expected.txt: Added.
+        * fast/frames/iframe-no-src-local-origin-allow.html: Added.
+
 2010-08-25  Zhenyao Mo  <zmo at google.com>
 
         Reviewed by Kenneth Russell.
diff --git a/LayoutTests/fast/frames/iframe-no-src-local-origin-allow-expected.txt b/LayoutTests/fast/frames/iframe-no-src-local-origin-allow-expected.txt
new file mode 100644
index 0000000..18e2967
--- /dev/null
+++ b/LayoutTests/fast/frames/iframe-no-src-local-origin-allow-expected.txt
@@ -0,0 +1,11 @@
+This tests that an iframe with no src attribute uses the parent document's origin when resolving links inserted into the frame via JavaScript.
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+PASS document.getElementById('theFrame').contentDocument.baseURI is 'about:blank'
+PASS document.getElementById('theFrame').contentDocument.getElementById('innerFrame').contentDocument.body.innerHTML is 'PASS\n'
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
diff --git a/LayoutTests/fast/frames/iframe-no-src-local-origin-allow.html b/LayoutTests/fast/frames/iframe-no-src-local-origin-allow.html
new file mode 100644
index 0000000..3e35398
--- /dev/null
+++ b/LayoutTests/fast/frames/iframe-no-src-local-origin-allow.html
@@ -0,0 +1,41 @@
+<html>
+<head>
+<link rel="stylesheet" href="../js/resources/js-test-style.css">
+<script src="../js/resources/js-test-pre.js"></script>
+<script src="../js/resources/js-test-post-function.js"></script>
+<script>
+if (window.layoutTestController) {
+    layoutTestController.dumpAsText();
+    layoutTestController.waitUntilDone();
+}
+
+var iframeHasLoadedFirstPage = false;
+
+function runTest()
+{
+    shouldBe("document.getElementById('theFrame').contentDocument.baseURI", "'about:blank'");
+    var frameDoc = document.getElementById('theFrame').contentWindow.document;
+    var innerFrame = frameDoc.createElement("iframe");
+    innerFrame.src = "resources/iframe-no-src-set-location-pass.html";
+    innerFrame.id = "innerFrame";
+    innerFrame.onload = function() {
+        shouldBe("document.getElementById('theFrame').contentDocument.getElementById('innerFrame').contentDocument.body.innerHTML", "'PASS\\n'");
+        isSuccessfullyParsed();
+        if (window.layoutTestController)
+            layoutTestController.notifyDone();
+    }
+    frameDoc.body.appendChild(innerFrame);
+}
+
+</script>
+</head>
+<body>
+<p id="description"></p>
+<div id="console"></div>
+<script>
+description("This tests that an iframe with no src attribute uses the parent document's origin when resolving links inserted into the frame via JavaScript.");
+var successfullyParsed = true;
+</script>
+<iframe id="theFrame" onload="runTest()"></iframe>
+</body>
+</html>
diff --git a/WebCore/ChangeLog b/WebCore/ChangeLog
index 591bf78..547317c 100644
--- a/WebCore/ChangeLog
+++ b/WebCore/ChangeLog
@@ -1,3 +1,15 @@
+2010-08-31  Justin Schuh  <jschuh at chromium.org>
+
+        Reviewed by Nate Chapin.
+
+        Local frame loads should check against origin (not referrer)
+        https://bugs.webkit.org/show_bug.cgi?id=44888
+
+        Test: fast/frames/iframe-no-src-local-origin-allow.html
+
+        * loader/SubframeLoader.cpp:
+        (WebCore::SubframeLoader::loadSubframe):
+
 2010-08-25  Zhenyao Mo  <zmo at google.com>
 
         Reviewed by Kenneth Russell.
diff --git a/WebCore/loader/SubframeLoader.cpp b/WebCore/loader/SubframeLoader.cpp
index f56ebf1..089e783 100644
--- a/WebCore/loader/SubframeLoader.cpp
+++ b/WebCore/loader/SubframeLoader.cpp
@@ -252,7 +252,7 @@ Frame* SubframeLoader::loadSubframe(HTMLFrameOwnerElement* ownerElement, const K
         marginHeight = o->getMarginHeight();
     }
 
-    if (!SecurityOrigin::canLoad(url, referrer, 0)) {
+    if (!SecurityOrigin::canLoad(url, String(), ownerElement->document())) {
         FrameLoader::reportLocalLoadFailed(m_frame, url.string());
         return 0;
     }

-- 
WebKit Debian packaging