[SCM] WebKit Debian packaging branch, webkit-1.2, updated. upstream/1.2.2-27-g91dab87

Gustavo Noronha Silva gns at gnome.org
Thu Jul 15 21:13:20 UTC 2010 

The following commit has been merged in the webkit-1.2 branch:
commit ae1760b5e8058cfbc4751f7dd7433b84dd2d04d4
Author: ap at apple.com <ap at apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date:   Wed May 5 23:24:39 2010 +0000

            Reviewed by Darin Adler.
    
            https://bugs.webkit.org/show_bug.cgi?id=38260
            <rdar://problem/7917548> Fix whitespace removing in deprecatedParseURL().
    
            Broken all the way since r4 (yes, that's a revision number).
    
            Test: http/tests/security/xss-DENIED-javascript-with-spaces.html
    
            * css/CSSHelper.cpp: (WebCore::deprecatedParseURL): Fixed loop conditions for remaining length.
    
    git-svn-id: http://svn.webkit.org/repository/webkit/trunk@58844 268f45cc-cd09-0410-ab3c-d52691b4dbfc

diff --git a/LayoutTests/ChangeLog b/LayoutTests/ChangeLog
index 87b32c5..0aad425 100644
--- a/LayoutTests/ChangeLog
+++ b/LayoutTests/ChangeLog
@@ -1,3 +1,13 @@
+2010-05-05  Alexey Proskuryakov  <ap at apple.com>
+
+        Reviewed by Darin Adler.
+
+        https://bugs.webkit.org/show_bug.cgi?id=38260
+        <rdar://problem/7917548> Fix whitespace removing in deprecatedParseURL().
+
+        * http/tests/security/xss-DENIED-javascript-with-spaces-expected.txt: Added.
+        * http/tests/security/xss-DENIED-javascript-with-spaces.html: Added.
+
 2010-04-14  Justin Schuh  <jschuh at chromium.org>
 
         Reviewed by Adam Barth.
diff --git a/LayoutTests/http/tests/security/xss-DENIED-javascript-with-spaces-expected.txt b/LayoutTests/http/tests/security/xss-DENIED-javascript-with-spaces-expected.txt
new file mode 100644
index 0000000..297f7b3
--- /dev/null
+++ b/LayoutTests/http/tests/security/xss-DENIED-javascript-with-spaces-expected.txt
@@ -0,0 +1,4 @@
+CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/innocent-victim-with-notify.html from frame with URL http://127.0.0.1:8000/security/xss-DENIED-javascript-with-spaces.html. Domains, protocols and ports must match.
+
+
+There should be no alert displayed.
diff --git a/LayoutTests/http/tests/security/xss-DENIED-javascript-with-spaces.html b/LayoutTests/http/tests/security/xss-DENIED-javascript-with-spaces.html
new file mode 100644
index 0000000..0af03c8
--- /dev/null
+++ b/LayoutTests/http/tests/security/xss-DENIED-javascript-with-spaces.html
@@ -0,0 +1,20 @@
+<body onload="test()">
+<iframe src="http://localhost:8000/security/resources/innocent-victim-with-notify.html"></iframe>
+<p>There should be no alert displayed.</p>
+<script>
+if (window.layoutTestController) {
+    layoutTestController.dumpAsText();
+    layoutTestController.waitUntilDone();
+}
+
+function test()
+{
+    var i = document.getElementsByTagName("iframe")[0];
+    i.src = new Array(100).join('\x20') + 'javascript:alert(document.body.innerHTML)';
+    setTimeout(function() {
+        if (window.layoutTestController)
+            layoutTestController.notifyDone();
+    }, 0);
+}
+</script>
+</body>
diff --git a/WebCore/ChangeLog b/WebCore/ChangeLog
index 53d6e82..69d200b 100644
--- a/WebCore/ChangeLog
+++ b/WebCore/ChangeLog
@@ -1,3 +1,16 @@
+2010-05-05  Alexey Proskuryakov  <ap at apple.com>
+
+        Reviewed by Darin Adler.
+
+        https://bugs.webkit.org/show_bug.cgi?id=38260
+        <rdar://problem/7917548> Fix whitespace removing in deprecatedParseURL().
+
+        Broken all the way since r4 (yes, that's a revision number).
+
+        Test: http/tests/security/xss-DENIED-javascript-with-spaces.html
+
+        * css/CSSHelper.cpp: (WebCore::deprecatedParseURL): Fixed loop conditions for remaining length.
+
 2010-04-14  Justin Schuh  <jschuh at chromium.org>
 
         Reviewed by Adam Barth.
diff --git a/WebCore/css/CSSHelper.cpp b/WebCore/css/CSSHelper.cpp
index 8e6f3a0..c3418b4 100644
--- a/WebCore/css/CSSHelper.cpp
+++ b/WebCore/css/CSSHelper.cpp
@@ -36,7 +36,7 @@ String deprecatedParseURL(const String& url)
     int o = 0;
     int l = i->length();
 
-    while (o < l && (*i)[o] <= ' ') {
+    while (0 < l && (*i)[o] <= ' ') {
         ++o;
         --l;
     }
@@ -53,7 +53,7 @@ String deprecatedParseURL(const String& url)
         l -= 5;
     }
 
-    while (o < l && (*i)[o] <= ' ') {
+    while (0 < l && (*i)[o] <= ' ') {
         ++o;
         --l;
     }
@@ -65,7 +65,7 @@ String deprecatedParseURL(const String& url)
         l -= 2;
     }
 
-    while (o < l && (*i)[o] <= ' ') {
+    while (0 < l && (*i)[o] <= ' ') {
         ++o;
         --l;
     }

-- 
WebKit Debian packaging

More information about the Pkg-webkit-commits mailing list