[SCM] WebKit Debian packaging branch, debian/unstable, updated. debian/1.1.18-1-697-g2f78b87

Wed Jan 20 22:20:31 UTC 2010

The following commit has been merged in the debian/unstable branch:
commit 9b2fc9fde045f25f1913e4d74183739b50feefa4
Author: abarth at webkit.org <abarth at webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date:   Tue Jan 12 10:42:06 2010 +0000

    2010-01-12  Jakub Wieczorek  <faw217 at gmail.com>
    
            Reviewed by Adam Barth.
    
            [Qt] XSL stylesheets can load documents from a different origin
    
            https://bugs.webkit.org/show_bug.cgi?id=33423
    
            Add two expected results for Qt:
            QXmlQuery has a different behaviour with regard to loading failures
            comparing to libxslt.
    
            * platform/qt/http/tests/security/xss-DENIED-xsl-document-expected.txt:
            * platform/qt/http/tests/security/xss-DENIED-xsl-document-redirect-expected.txt:
    2010-01-12  Jakub Wieczorek  <faw217 at gmail.com>
    
            Reviewed by Adam Barth.
    
            [Qt] XSL stylesheets can load documents from a different origin
    
            https://bugs.webkit.org/show_bug.cgi?id=33423
    
            * xml/XSLTProcessorQt.cpp:
            (WebCore::XSLTUriResolver::XSLTUriResolver):
            (WebCore::XSLTUriResolver::resolve):
            (WebCore::XSLTProcessor::transformToString):
    
    git-svn-id: http://svn.webkit.org/repository/webkit/trunk@53127 268f45cc-cd09-0410-ab3c-d52691b4dbfc

diff --git a/LayoutTests/ChangeLog b/LayoutTests/ChangeLog
index 7ef7f92..4defd6d 100644
--- a/LayoutTests/ChangeLog
+++ b/LayoutTests/ChangeLog
@@ -1,3 +1,18 @@
+2010-01-12  Jakub Wieczorek  <faw217 at gmail.com>
+
+        Reviewed by Adam Barth.
+
+        [Qt] XSL stylesheets can load documents from a different origin
+
+        https://bugs.webkit.org/show_bug.cgi?id=33423
+
+        Add two expected results for Qt:
+        QXmlQuery has a different behaviour with regard to loading failures
+        comparing to libxslt.
+
+        * platform/qt/http/tests/security/xss-DENIED-xsl-document-expected.txt:
+        * platform/qt/http/tests/security/xss-DENIED-xsl-document-redirect-expected.txt:
+
 2010-01-12  Simon Hausmann  <simon.hausmann at nokia.com>
 
         Reviewed by Adam Barth.
diff --git a/LayoutTests/platform/gtk/dom/xhtml/level3/core/canonicalform08-expected.txt b/LayoutTests/platform/qt/http/tests/security/xss-DENIED-xsl-document-expected.txt
similarity index 100%
copy from LayoutTests/platform/gtk/dom/xhtml/level3/core/canonicalform08-expected.txt
copy to LayoutTests/platform/qt/http/tests/security/xss-DENIED-xsl-document-expected.txt
diff --git a/LayoutTests/platform/gtk/dom/xhtml/level3/core/canonicalform08-expected.txt b/LayoutTests/platform/qt/http/tests/security/xss-DENIED-xsl-document-redirect-expected.txt
similarity index 100%
copy from LayoutTests/platform/gtk/dom/xhtml/level3/core/canonicalform08-expected.txt
copy to LayoutTests/platform/qt/http/tests/security/xss-DENIED-xsl-document-redirect-expected.txt
diff --git a/WebCore/ChangeLog b/WebCore/ChangeLog
index 7bc6ca0..67f2275 100644
--- a/WebCore/ChangeLog
+++ b/WebCore/ChangeLog
@@ -1,3 +1,16 @@
+2010-01-12  Jakub Wieczorek  <faw217 at gmail.com>
+
+        Reviewed by Adam Barth.
+
+        [Qt] XSL stylesheets can load documents from a different origin
+
+        https://bugs.webkit.org/show_bug.cgi?id=33423
+
+        * xml/XSLTProcessorQt.cpp:
+        (WebCore::XSLTUriResolver::XSLTUriResolver):
+        (WebCore::XSLTUriResolver::resolve):
+        (WebCore::XSLTProcessor::transformToString):
+
 2010-01-12  Joanmarie Diggs  <joanmarie.diggs at gmail.com>
 
         Reviewed by Gustavo Noronha Silva.
diff --git a/WebCore/xml/XSLTProcessorQt.cpp b/WebCore/xml/XSLTProcessorQt.cpp
index 50ee427..3e05ca0 100644
--- a/WebCore/xml/XSLTProcessorQt.cpp
+++ b/WebCore/xml/XSLTProcessorQt.cpp
@@ -36,6 +36,7 @@
 #include <wtf/Vector.h>
 
 #include <qabstractmessagehandler.h>
+#include <qabstracturiresolver.h>
 #include <qbuffer.h>
 #include <qsourcelocation.h>
 #include <qxmlquery.h>
@@ -87,6 +88,31 @@ void XSLTMessageHandler::handleMessage(QtMsgType type, const QString& descriptio
                         sourceLocation.line(), sourceLocation.uri().toString());
 }
 
+class XSLTUriResolver : public QAbstractUriResolver {
+
+public:
+    XSLTUriResolver(Document* document);
+    virtual QUrl resolve(const QUrl& relative, const QUrl& baseURI) const;
+
+private:
+    Document* m_document;
+};
+
+XSLTUriResolver::XSLTUriResolver(Document* document)
+    : QAbstractUriResolver()
+    , m_document(document)
+{
+}
+
+QUrl XSLTUriResolver::resolve(const QUrl& relative, const QUrl& baseURI) const
+{
+    QUrl url = baseURI.resolved(relative);
+
+    if (!m_document->frame() || !m_document->securityOrigin()->canRequest(url))
+        return QUrl();
+    return url;
+}
+
 bool XSLTProcessor::transformToString(Node* sourceNode, String&, String& resultString, String&)
 {
     bool success = false;
@@ -107,6 +133,7 @@ bool XSLTProcessor::transformToString(Node* sourceNode, String&, String& resultS
     QXmlQuery query(QXmlQuery::XSLT20);
 
     XSLTMessageHandler messageHandler(ownerDocument.get());
+    XSLTUriResolver uriResolver(ownerDocument.get());
     query.setMessageHandler(&messageHandler);
 
     XSLTProcessor::ParameterMap::iterator end = m_parameters.end();
@@ -132,6 +159,9 @@ bool XSLTProcessor::transformToString(Node* sourceNode, String&, String& resultS
 
     query.setFocus(&inputBuffer);
     query.setQuery(&styleSheetBuffer, QUrl(stylesheet->href()));
+
+    query.setUriResolver(&uriResolver);
+
     success = query.evaluateTo(&outputBuffer);
     outputBuffer.reset();
     resultString = QString::fromUtf8(outputBuffer.readAll()).trimmed();

-- 
WebKit Debian packaging

