[SCM] WebKit Debian packaging branch, webkit-1.1, updated. upstream/1.1.17-1283-gcf603cf
eric at webkit.org
eric at webkit.org
Tue Jan 5 23:53:24 UTC 2010
The following commit has been merged in the webkit-1.1 branch:
commit b0fadd0e470654702220de0b13354a03e4b02e22
Author: eric at webkit.org <eric at webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date: Fri Dec 18 06:39:50 2009 +0000
2009-12-17 Dirk Pranke <dpranke at chromium.org>
Reviewed by Adam Barth.
Upstreaming an XSS test from chromium.org.
https://bugs.webkit.org/show_bug.cgi?id=32685
* http/tests/security/xss-DENIED-assign-location-href-javascript-expected.txt: Added.
* http/tests/security/xss-DENIED-assign-location-href-javascript.html: Added.
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@52301 268f45cc-cd09-0410-ab3c-d52691b4dbfc
diff --git a/LayoutTests/ChangeLog b/LayoutTests/ChangeLog
index ac94ce7..8f3693f 100644
--- a/LayoutTests/ChangeLog
+++ b/LayoutTests/ChangeLog
@@ -1,3 +1,13 @@
+2009-12-17 Dirk Pranke <dpranke at chromium.org>
+
+ Reviewed by Adam Barth.
+
+ Upstreaming an XSS test from chromium.org.
+ https://bugs.webkit.org/show_bug.cgi?id=32685
+
+ * http/tests/security/xss-DENIED-assign-location-href-javascript-expected.txt: Added.
+ * http/tests/security/xss-DENIED-assign-location-href-javascript.html: Added.
+
2009-12-17 Justin Schuh <jschuh at chromium.org>
Reviewed by Dan Bernstein.
diff --git a/LayoutTests/http/tests/security/xss-DENIED-assign-location-href-javascript-expected.txt b/LayoutTests/http/tests/security/xss-DENIED-assign-location-href-javascript-expected.txt
new file mode 100644
index 0000000..4717cb8
--- /dev/null
+++ b/LayoutTests/http/tests/security/xss-DENIED-assign-location-href-javascript-expected.txt
@@ -0,0 +1,10 @@
+CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/localPage.html from frame with URL http://127.0.0.1:8000/security/xss-DENIED-assign-location-href-javascript.html. Domains, protocols and ports must match.
+
+CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/localPage.html from frame with URL http://127.0.0.1:8000/security/xss-DENIED-assign-location-href-javascript.html. Domains, protocols and ports must match.
+
+
+
+--------
+Frame: '<!--framePath //<!--frame0-->-->'
+--------
+You can see the contents of this file.
diff --git a/LayoutTests/http/tests/security/xss-DENIED-assign-location-href-javascript.html b/LayoutTests/http/tests/security/xss-DENIED-assign-location-href-javascript.html
new file mode 100644
index 0000000..559282e
--- /dev/null
+++ b/LayoutTests/http/tests/security/xss-DENIED-assign-location-href-javascript.html
@@ -0,0 +1,16 @@
+<html>
+<script>
+if (window.layoutTestController) {
+ layoutTestController.dumpAsText();
+ layoutTestController.dumpChildFramesAsText();
+}
+
+function runTest() {
+ frames[0].location.href = 'javascript:3';
+}
+
+</script>
+<body onload="runTest()">
+<iframe src="http://localhost:8000/security/resources/localPage.html"></iframe>
+</body>
+</html>
--
WebKit Debian packaging
More information about the Pkg-webkit-commits
mailing list