[SCM] WebKit Debian packaging branch, webkit-1.1, updated. upstream/1.1.19-706-ge5415e9

hausmann at webkit.org hausmann at webkit.org
Thu Feb 4 21:27:52 UTC 2010 

The following commit has been merged in the webkit-1.1 branch:
commit f6a6b3c23cb95dfbdbdafdc3b83e8f93226c1ae3
Author: hausmann at webkit.org <hausmann at webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date:   Tue Jan 26 10:04:15 2010 +0000

    REGRESSION(r53835): Fix editing/pasteboard/paste-noscript-xhtml.xhtml
    https://bugs.webkit.org/show_bug.cgi?id=34157
    
    Reviewed by Holger Freyther.
    
    WebCore:
    
    Pass the FragmentScriptingPermission correctly through to the DOM
    and disallow scripting elements in parseEndElement(), similar to
    the libxml tokenizer change in r53835.
    
    * dom/XMLTokenizerQt.cpp:
    (WebCore::handleElementNamespaces):
    (WebCore::handleElementAttributes):
    (WebCore::XMLTokenizer::parseStartElement):
    (WebCore::XMLTokenizer::parseEndElement):
    
    LayoutTests:
    
    Add Qt specific result for this test that differs from the cross-platform
    result in only one character: In htmlcontent.html the href attribute value
    is http://www.cnn.com, which somehow becomes http://www.cnn.com/ in the cross
    platform result. With the Qt xml parser that attribute is somehow preserved
    and so our result does not have the trailing slash.
    
    * platform/qt/editing/pasteboard/paste-noscript-xhtml-expected.txt: Added.
    
    git-svn-id: http://svn.webkit.org/repository/webkit/trunk@53845 268f45cc-cd09-0410-ab3c-d52691b4dbfc

diff --git a/LayoutTests/ChangeLog b/LayoutTests/ChangeLog
index bc80e2c..443d438 100644
--- a/LayoutTests/ChangeLog
+++ b/LayoutTests/ChangeLog
@@ -1,3 +1,18 @@
+2010-01-26  Simon Hausmann  <simon.hausmann at nokia.com>
+
+        Reviewed by Holger Freyther.
+
+        REGRESSION(r53835): Fix editing/pasteboard/paste-noscript-xhtml.xhtml
+        https://bugs.webkit.org/show_bug.cgi?id=34157
+
+        Add Qt specific result for this test that differs from the cross-platform
+        result in only one character: In htmlcontent.html the href attribute value
+        is http://www.cnn.com, which somehow becomes http://www.cnn.com/ in the cross
+        platform result. With the Qt xml parser that attribute is somehow preserved
+        and so our result does not have the trailing slash.
+
+        * platform/qt/editing/pasteboard/paste-noscript-xhtml-expected.txt: Added.
+
 2010-01-26  Kent Tamura  <tkent at chromium.org>
 
         Reviewed by Shinichiro Hamaji.
diff --git a/LayoutTests/platform/qt/editing/pasteboard/paste-noscript-xhtml-expected.txt b/LayoutTests/platform/qt/editing/pasteboard/paste-noscript-xhtml-expected.txt
new file mode 100644
index 0000000..d756ac1
--- /dev/null
+++ b/LayoutTests/platform/qt/editing/pasteboard/paste-noscript-xhtml-expected.txt
@@ -0,0 +1,7 @@
+ALERT: hello
+CONSOLE MESSAGE: line 1: ReferenceError: Can't find variable: sayHello
+This test copies the content of an iframe and pastes it in an editable area in an xhtml document and verifies that no script, handlers or javascript urls are copied.
+
+HelloCNNHello
+This is a form
+<button xmlns="http://www.w3.org/1999/xhtml" id="button1" style="width: 100px; ">Hello</button><a xmlns="http://www.w3.org/1999/xhtml" id="anchor1" href="http://www.cnn.com">CNN</a><a xmlns="http://www.w3.org/1999/xhtml" id="anchor2">Hello</a><iframe xmlns="http://www.w3.org/1999/xhtml" id="iframe1" style="width: 200px; height: 100px; background-color: rgb(204, 238, 238); "></iframe><form xmlns="http://www.w3.org/1999/xhtml" id="form1" style="width: 200px; height: 150px; background-color: rgb(204, 238, 238); ">This is a form</form>
diff --git a/WebCore/ChangeLog b/WebCore/ChangeLog
index 6b41e3a..d7bdcc9 100644
--- a/WebCore/ChangeLog
+++ b/WebCore/ChangeLog
@@ -1,3 +1,20 @@
+2010-01-26  Simon Hausmann  <simon.hausmann at nokia.com>
+
+        Reviewed by Holger Freyther.
+
+        REGRESSION(r53835): Fix editing/pasteboard/paste-noscript-xhtml.xhtml
+        https://bugs.webkit.org/show_bug.cgi?id=34157
+
+        Pass the FragmentScriptingPermission correctly through to the DOM
+        and disallow scripting elements in parseEndElement(), similar to
+        the libxml tokenizer change in r53835.
+
+        * dom/XMLTokenizerQt.cpp:
+        (WebCore::handleElementNamespaces):
+        (WebCore::handleElementAttributes):
+        (WebCore::XMLTokenizer::parseStartElement):
+        (WebCore::XMLTokenizer::parseEndElement):
+
 2010-01-26  Garret Kelly  <gdk at chromium.org>
 
         Reviewed by Eric Seidel.
diff --git a/WebCore/dom/XMLTokenizerQt.cpp b/WebCore/dom/XMLTokenizerQt.cpp
index 05648f8..5335b07 100644
--- a/WebCore/dom/XMLTokenizerQt.cpp
+++ b/WebCore/dom/XMLTokenizerQt.cpp
@@ -324,19 +324,20 @@ static inline String prefixFromQName(const QString& qName)
 }
 
 static inline void handleElementNamespaces(Element* newElement, const QXmlStreamNamespaceDeclarations &ns,
-                                           ExceptionCode& ec)
+                                           ExceptionCode& ec, FragmentScriptingPermission scriptingPermission)
 {
     for (int i = 0; i < ns.count(); ++i) {
         const QXmlStreamNamespaceDeclaration &decl = ns[i];
         String namespaceURI = decl.namespaceUri();
         String namespaceQName = decl.prefix().isEmpty() ? String("xmlns") : String("xmlns:") + decl.prefix();
-        newElement->setAttributeNS("http://www.w3.org/2000/xmlns/", namespaceQName, namespaceURI, ec);
+        newElement->setAttributeNS("http://www.w3.org/2000/xmlns/", namespaceQName, namespaceURI, ec, scriptingPermission);
         if (ec) // exception setting attributes
             return;
     }
 }
 
-static inline void handleElementAttributes(Element* newElement, const QXmlStreamAttributes &attrs, ExceptionCode& ec)
+static inline void handleElementAttributes(Element* newElement, const QXmlStreamAttributes &attrs, ExceptionCode& ec,
+                                           FragmentScriptingPermission scriptingPermission)
 {
     for (int i = 0; i < attrs.count(); ++i) {
         const QXmlStreamAttribute &attr = attrs[i];
@@ -344,7 +345,7 @@ static inline void handleElementAttributes(Element* newElement, const QXmlStream
         String attrValue     = attr.value();
         String attrURI       = attr.namespaceUri().isEmpty() ? String() : String(attr.namespaceUri());
         String attrQName     = attr.qualifiedName();
-        newElement->setAttributeNS(attrURI, attrQName, attrValue, ec);
+        newElement->setAttributeNS(attrURI, attrQName, attrValue, ec, scriptingPermission);
         if (ec) // exception setting attributes
             return;
     }
@@ -504,13 +505,13 @@ void XMLTokenizer::parseStartElement()
     m_sawFirstElement = true;
 
     ExceptionCode ec = 0;
-    handleElementNamespaces(newElement.get(), m_stream.namespaceDeclarations(), ec);
+    handleElementNamespaces(newElement.get(), m_stream.namespaceDeclarations(), ec, m_scriptingPermission);
     if (ec) {
         stopParsing();
         return;
     }
 
-    handleElementAttributes(newElement.get(), m_stream.attributes(), ec);
+    handleElementAttributes(newElement.get(), m_stream.attributes(), ec, m_scriptingPermission);
     if (ec) {
         stopParsing();
         return;
@@ -540,6 +541,13 @@ void XMLTokenizer::parseEndElement()
     Node* n = m_currentNode;
     n->finishParsingChildren();
 
+    if (m_scriptingPermission == FragmentScriptingNotAllowed && n->isElementNode() && toScriptElement(static_cast<Element*>(n))) {
+        popCurrentNode();
+        ExceptionCode ec;
+        n->remove(ec);
+        return;
+    }
+
     if (!n->isElementNode() || !m_view) {
         if (!m_currentNodeStack.isEmpty())
             popCurrentNode();

-- 
WebKit Debian packaging

More information about the Pkg-webkit-commits mailing list