[SCM] WebKit Debian packaging branch, webkit-1.1, updated. upstream/1.1.17-1283-gcf603cf
abarth at webkit.org
abarth at webkit.org
Tue Jan 5 23:59:33 UTC 2010
The following commit has been merged in the webkit-1.1 branch:
commit 2c8a9e909f89c8c11ab282920d20b315a3aa5267
Author: abarth at webkit.org <abarth at webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date: Wed Dec 23 23:22:34 2009 +0000
2009-12-23 Adam Barth <abarth at webkit.org>
Reviewed by Eric Seidel.
"Refused to execute a JavaScript script" error when embedding SWF with
a URL that is also a query parameter
https://bugs.webkit.org/show_bug.cgi?id=32908
Update expected results to show that we don't raise an alarm in this case.
* http/tests/security/xssAuditor/object-src-inject-expected.txt:
2009-12-23 Adam Barth <abarth at webkit.org>
Reviewed by Eric Seidel.
"Refused to execute a JavaScript script" error when embedding SWF with
a URL that is also a query parameter
https://bugs.webkit.org/show_bug.cgi?id=32908
Don't block direct injections into the object src attribute unless
there's an illegal character (like < or ") in the URL. This change
lets some very unusual vulnerabilities through the filter but removes a
false positive that we've seen several times.
* page/XSSAuditor.cpp:
(WebCore::XSSAuditor::canLoadObject):
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@52532 268f45cc-cd09-0410-ab3c-d52691b4dbfc
diff --git a/LayoutTests/ChangeLog b/LayoutTests/ChangeLog
index 838e3ac..7d1805d 100644
--- a/LayoutTests/ChangeLog
+++ b/LayoutTests/ChangeLog
@@ -1,3 +1,15 @@
+2009-12-23 Adam Barth <abarth at webkit.org>
+
+ Reviewed by Eric Seidel.
+
+ "Refused to execute a JavaScript script" error when embedding SWF with
+ a URL that is also a query parameter
+ https://bugs.webkit.org/show_bug.cgi?id=32908
+
+ Update expected results to show that we don't raise an alarm in this case.
+
+ * http/tests/security/xssAuditor/object-src-inject-expected.txt:
+
2009-12-23 Dan Bernstein <mitz at apple.com>
Reviewed by Darin Adler.
diff --git a/LayoutTests/http/tests/security/xssAuditor/object-src-inject-expected.txt b/LayoutTests/http/tests/security/xssAuditor/object-src-inject-expected.txt
index 0be2156..8b13789 100644
--- a/LayoutTests/http/tests/security/xssAuditor/object-src-inject-expected.txt
+++ b/LayoutTests/http/tests/security/xssAuditor/object-src-inject-expected.txt
@@ -1,3 +1 @@
-CONSOLE MESSAGE: line 1: Refused to load an object. URL found within request: "http://127.0.0.1:8000/security/xssAuditor/resources/dummy.swf".
-
diff --git a/WebCore/ChangeLog b/WebCore/ChangeLog
index 7f6627c..3655295 100644
--- a/WebCore/ChangeLog
+++ b/WebCore/ChangeLog
@@ -1,3 +1,19 @@
+2009-12-23 Adam Barth <abarth at webkit.org>
+
+ Reviewed by Eric Seidel.
+
+ "Refused to execute a JavaScript script" error when embedding SWF with
+ a URL that is also a query parameter
+ https://bugs.webkit.org/show_bug.cgi?id=32908
+
+ Don't block direct injections into the object src attribute unless
+ there's an illegal character (like < or ") in the URL. This change
+ lets some very unusual vulnerabilities through the filter but removes a
+ false positive that we've seen several times.
+
+ * page/XSSAuditor.cpp:
+ (WebCore::XSSAuditor::canLoadObject):
+
2009-12-23 Dumitru Daniliuc <dumi at chromium.org>
Reviewed by Dmitry Titov.
diff --git a/WebCore/page/XSSAuditor.cpp b/WebCore/page/XSSAuditor.cpp
index 72c2591..4845145 100644
--- a/WebCore/page/XSSAuditor.cpp
+++ b/WebCore/page/XSSAuditor.cpp
@@ -163,7 +163,7 @@ bool XSSAuditor::canLoadObject(const String& url) const
if (isSameOriginResource(url))
return true;
- if (findInRequest(url)) {
+ if (findInRequest(url, true, true)) {
String consoleMessage = String::format("Refused to load an object. URL found within request: \"%s\".\n", url.utf8().data());
m_frame->domWindow()->console()->addMessage(JSMessageSource, LogMessageType, ErrorMessageLevel, consoleMessage, 1, String());
return false;
--
WebKit Debian packaging
More information about the Pkg-webkit-commits
mailing list