[SCM] WebKit Debian packaging branch, debian/unstable, updated. debian/1.2.1-2-29-g5dbcb1c
Michael Gilbert
michael.s.gilbert at gmail.com
Tue Jun 29 04:11:30 UTC 2010
The following commit has been merged in the debian/unstable branch:
commit cc0b80728b7a5aba97539fb45033cede564183d7
Author: Michael Gilbert <michael.s.gilbert at gmail.com>
Date: Mon Jun 28 21:39:44 2010 -0400
fix cve-2010-1421
diff --git a/WebCore/editing/EditorCommand.cpp b/WebCore/editing/EditorCommand.cpp
index 34fa46d..4cb34ac 100644
--- a/WebCore/editing/EditorCommand.cpp
+++ b/WebCore/editing/EditorCommand.cpp
@@ -1069,6 +1069,21 @@ static bool supportedFromMenuOrKeyBinding(Frame*, EditorCommandSource source)
return source == CommandFromMenuOrKeyBinding;
}
+static bool supportedCopyCut(Frame* frame, EditorCommandSource source)
+{
+ switch (source) {
+ case CommandFromMenuOrKeyBinding:
+ return true;
+ case CommandFromDOM:
+ case CommandFromDOMWithUserInterface: {
+ Settings* settings = frame ? frame->settings() : 0;
+ return settings && settings->javaScriptCanAccessClipboard();
+ }
+ }
+ ASSERT_NOT_REACHED();
+ return false;
+}
+
static bool supportedPaste(Frame* frame, EditorCommandSource source)
{
switch (source) {
@@ -1077,7 +1092,7 @@ static bool supportedPaste(Frame* frame, EditorCommandSource source)
case CommandFromDOM:
case CommandFromDOMWithUserInterface: {
Settings* settings = frame ? frame->settings() : 0;
- return settings && settings->isDOMPasteAllowed();
+ return settings && (settings->javaScriptCanAccessClipboard() ? settings->isDOMPasteAllowed() : 0);
}
}
ASSERT_NOT_REACHED();
@@ -1304,9 +1319,9 @@ static const CommandMap& createCommandMap()
{ "BackColor", { executeBackColor, supported, enabledInRichlyEditableText, stateNone, valueBackColor, notTextInsertion, doNotAllowExecutionWhenDisabled } },
{ "BackwardDelete", { executeDeleteBackward, supportedFromMenuOrKeyBinding, enabledInEditableText, stateNone, valueNull, notTextInsertion, doNotAllowExecutionWhenDisabled } }, // FIXME: remove BackwardDelete when Safari for Windows stops using it.
{ "Bold", { executeToggleBold, supported, enabledInRichlyEditableText, stateBold, valueNull, notTextInsertion, doNotAllowExecutionWhenDisabled } },
- { "Copy", { executeCopy, supported, enabledCopy, stateNone, valueNull, notTextInsertion, allowExecutionWhenDisabled } },
+ { "Copy", { executeCopy, supportedCopyCut, enabledCopy, stateNone, valueNull, notTextInsertion, allowExecutionWhenDisabled } },
{ "CreateLink", { executeCreateLink, supported, enabledInRichlyEditableText, stateNone, valueNull, notTextInsertion, doNotAllowExecutionWhenDisabled } },
- { "Cut", { executeCut, supported, enabledCut, stateNone, valueNull, notTextInsertion, allowExecutionWhenDisabled } },
+ { "Cut", { executeCut, supportedCopyCut, enabledCut, stateNone, valueNull, notTextInsertion, allowExecutionWhenDisabled } },
{ "Delete", { executeDelete, supported, enabledDelete, stateNone, valueNull, notTextInsertion, doNotAllowExecutionWhenDisabled } },
{ "DeleteBackward", { executeDeleteBackward, supportedFromMenuOrKeyBinding, enabledInEditableText, stateNone, valueNull, notTextInsertion, doNotAllowExecutionWhenDisabled } },
{ "DeleteBackwardByDecomposingPreviousCharacter", { executeDeleteBackwardByDecomposingPreviousCharacter, supportedFromMenuOrKeyBinding, enabledInEditableText, stateNone, valueNull, notTextInsertion, doNotAllowExecutionWhenDisabled } },
diff --git a/WebCore/page/Settings.cpp b/WebCore/page/Settings.cpp
index a791f74..d60de12 100644
--- a/WebCore/page/Settings.cpp
+++ b/WebCore/page/Settings.cpp
@@ -79,6 +79,7 @@ Settings::Settings(Page* page)
, m_allowUniversalAccessFromFileURLs(true)
, m_allowFileAccessFromFileURLs(true)
, m_javaScriptCanOpenWindowsAutomatically(false)
+ , m_javaScriptCanAccessClipboard(false)
, m_shouldPrintBackgrounds(false)
, m_textAreasAreResizable(false)
#if ENABLE(DASHBOARD_SUPPORT)
@@ -291,6 +292,11 @@ void Settings::setJavaScriptCanOpenWindowsAutomatically(bool javaScriptCanOpenWi
m_javaScriptCanOpenWindowsAutomatically = javaScriptCanOpenWindowsAutomatically;
}
+void Settings::setJavaScriptCanAccessClipboard(bool javaScriptCanAccessClipboard)
+{
+ m_javaScriptCanAccessClipboard = javaScriptCanAccessClipboard;
+}
+
void Settings::setDefaultTextEncodingName(const String& defaultTextEncodingName)
{
m_defaultTextEncodingName = defaultTextEncodingName;
diff --git a/WebCore/page/Settings.h b/WebCore/page/Settings.h
index 70c3cbd..20cd847 100644
--- a/WebCore/page/Settings.h
+++ b/WebCore/page/Settings.h
@@ -122,6 +122,9 @@ namespace WebCore {
void setJavaScriptCanOpenWindowsAutomatically(bool);
bool javaScriptCanOpenWindowsAutomatically() const { return m_javaScriptCanOpenWindowsAutomatically; }
+ void setJavaScriptCanAccessClipboard(bool);
+ bool javaScriptCanAccessClipboard() const { return m_javaScriptCanAccessClipboard; }
+
void setSpatialNavigationEnabled(bool);
bool isSpatialNavigationEnabled() const { return m_isSpatialNavigationEnabled; }
@@ -330,6 +333,7 @@ namespace WebCore {
bool m_allowUniversalAccessFromFileURLs: 1;
bool m_allowFileAccessFromFileURLs: 1;
bool m_javaScriptCanOpenWindowsAutomatically : 1;
+ bool m_javaScriptCanAccessClipboard : 1;
bool m_shouldPrintBackgrounds : 1;
bool m_textAreasAreResizable : 1;
#if ENABLE(DASHBOARD_SUPPORT)
diff --git a/WebKit/gtk/webkit/webkitwebsettings.cpp b/WebKit/gtk/webkit/webkitwebsettings.cpp
index 7ec6154..19c4168 100644
--- a/WebKit/gtk/webkit/webkitwebsettings.cpp
+++ b/WebKit/gtk/webkit/webkitwebsettings.cpp
@@ -96,6 +96,7 @@ struct _WebKitWebSettingsPrivate {
gboolean enable_spatial_navigation;
gchar* user_agent;
gboolean javascript_can_open_windows_automatically;
+ gboolean javascript_can_access_clipboard;
gboolean enable_offline_web_application_cache;
WebKitEditingBehavior editing_behavior;
gboolean enable_universal_access_from_file_uris;
@@ -145,6 +146,7 @@ enum {
PROP_ENABLE_SPATIAL_NAVIGATION,
PROP_USER_AGENT,
PROP_JAVASCRIPT_CAN_OPEN_WINDOWS_AUTOMATICALLY,
+ PROP_JAVASCRIPT_CAN_ACCESS_CLIPBOARD,
PROP_ENABLE_OFFLINE_WEB_APPLICATION_CACHE,
PROP_EDITING_BEHAVIOR,
PROP_ENABLE_UNIVERSAL_ACCESS_FROM_FILE_URIS,
@@ -623,6 +625,22 @@ static void webkit_web_settings_class_init(WebKitWebSettingsClass* klass)
_("Whether JavaScript can open windows automatically"),
FALSE,
flags));
+
+ /**
+ * WebKitWebSettings:javascript-can-access-clipboard
+ *
+ * Whether JavaScript can access Clipboard.
+ *
+ * Since: 1.3.0
+ */
+ g_object_class_install_property(gobject_class,
+ PROP_JAVASCRIPT_CAN_ACCESS_CLIPBOARD,
+ g_param_spec_boolean("javascript-can-access-clipboard",
+ _("JavaScript can access Clipboard"),
+ _("Whether JavaScript can access Clipboard"),
+ FALSE,
+ flags));
+
/**
* WebKitWebSettings:enable-offline-web-application-cache
*
@@ -1023,6 +1041,9 @@ static void webkit_web_settings_set_property(GObject* object, guint prop_id, con
case PROP_JAVASCRIPT_CAN_OPEN_WINDOWS_AUTOMATICALLY:
priv->javascript_can_open_windows_automatically = g_value_get_boolean(value);
break;
+ case PROP_JAVASCRIPT_CAN_ACCESS_CLIPBOARD:
+ priv->javascript_can_access_clipboard = g_value_get_boolean(value);
+ break;
case PROP_ENABLE_OFFLINE_WEB_APPLICATION_CACHE:
priv->enable_offline_web_application_cache = g_value_get_boolean(value);
break;
@@ -1161,6 +1182,9 @@ static void webkit_web_settings_get_property(GObject* object, guint prop_id, GVa
case PROP_JAVASCRIPT_CAN_OPEN_WINDOWS_AUTOMATICALLY:
g_value_set_boolean(value, priv->javascript_can_open_windows_automatically);
break;
+ case PROP_JAVASCRIPT_CAN_ACCESS_CLIPBOARD:
+ g_value_set_boolean(value, priv->javascript_can_access_clipboard);
+ break;
case PROP_ENABLE_OFFLINE_WEB_APPLICATION_CACHE:
g_value_set_boolean(value, priv->enable_offline_web_application_cache);
break;
@@ -1255,6 +1279,7 @@ WebKitWebSettings* webkit_web_settings_copy(WebKitWebSettings* web_settings)
"enable-spatial-navigation", priv->enable_spatial_navigation,
"user-agent", webkit_web_settings_get_user_agent(web_settings),
"javascript-can-open-windows-automatically", priv->javascript_can_open_windows_automatically,
+ "javascript-can-access-clipboard", priv->javascript_can_access_clipboard,
"enable-offline-web-application-cache", priv->enable_offline_web_application_cache,
"editing-behavior", priv->editing_behavior,
"enable-universal-access-from-file-uris", priv->enable_universal_access_from_file_uris,
diff --git a/WebKit/gtk/webkit/webkitwebview.cpp b/WebKit/gtk/webkit/webkitwebview.cpp
index 903edba..a404e08 100644
--- a/WebKit/gtk/webkit/webkitwebview.cpp
+++ b/WebKit/gtk/webkit/webkitwebview.cpp
@@ -2677,7 +2677,8 @@ static void webkit_web_view_update_settings(WebKitWebView* webView)
gboolean autoLoadImages, autoShrinkImages, printBackgrounds,
enableScripts, enablePlugins, enableDeveloperExtras, resizableTextAreas,
enablePrivateBrowsing, enableCaretBrowsing, enableHTML5Database, enableHTML5LocalStorage,
- enableXSSAuditor, enableSpatialNavigation, javascriptCanOpenWindows, enableOfflineWebAppCache,
+ enableXSSAuditor, enableSpatialNavigation, javascriptCanOpenWindows,
+ javaScriptCanAccessClipboard, enableOfflineWebAppCache,
enableUniversalAccessFromFileURI, enableFileAccessFromFileURI,
enableDOMPaste, tabKeyCyclesThroughElements,
enableSiteSpecificQuirks, usePageCache, enableJavaApplet;
@@ -2707,6 +2708,7 @@ static void webkit_web_view_update_settings(WebKitWebView* webView)
"enable-xss-auditor", &enableXSSAuditor,
"enable-spatial-navigation", &enableSpatialNavigation,
"javascript-can-open-windows-automatically", &javascriptCanOpenWindows,
+ "javascript-can-access-clipboard", &javaScriptCanAccessClipboard,
"enable-offline-web-application-cache", &enableOfflineWebAppCache,
"editing-behavior", &editingBehavior,
"enable-universal-access-from-file-uris", &enableUniversalAccessFromFileURI,
@@ -2742,6 +2744,7 @@ static void webkit_web_view_update_settings(WebKitWebView* webView)
settings->setXSSAuditorEnabled(enableXSSAuditor);
settings->setSpatialNavigationEnabled(enableSpatialNavigation);
settings->setJavaScriptCanOpenWindowsAutomatically(javascriptCanOpenWindows);
+ settings->setJavaScriptCanAccessClipboard(javaScriptCanAccessClipboard);
settings->setOfflineWebApplicationCacheEnabled(enableOfflineWebAppCache);
settings->setEditingBehavior(core(editingBehavior));
settings->setAllowUniversalAccessFromFileURLs(enableUniversalAccessFromFileURI);
@@ -2839,6 +2842,8 @@ static void webkit_web_view_settings_notify(WebKitWebSettings* webSettings, GPar
settings->setSpatialNavigationEnabled(g_value_get_boolean(&value));
else if (name == g_intern_string("javascript-can-open-windows-automatically"))
settings->setJavaScriptCanOpenWindowsAutomatically(g_value_get_boolean(&value));
+ else if (name == g_intern_string("javascript-can-access-clipboard"))
+ settings->setJavaScriptCanAccessClipboard(g_value_get_boolean(&value));
else if (name == g_intern_string("enable-offline-web-application-cache"))
settings->setOfflineWebApplicationCacheEnabled(g_value_get_boolean(&value));
else if (name == g_intern_string("editing-behavior"))
diff --git a/WebKitTools/DumpRenderTree/LayoutTestController.cpp b/WebKitTools/DumpRenderTree/LayoutTestController.cpp
index a9ebe81..9d0f9d6 100644
--- a/WebKitTools/DumpRenderTree/LayoutTestController.cpp
+++ b/WebKitTools/DumpRenderTree/LayoutTestController.cpp
@@ -902,6 +902,18 @@ static JSValueRef setPrivateBrowsingEnabledCallback(JSContextRef context, JSObje
return JSValueMakeUndefined(context);
}
+static JSValueRef setJavaScriptCanAccessClipboardCallback(JSContextRef context, JSObjectRef function, JSObjectRef thisObject, size_t argumentCount, const JSValueRef arguments[], JSValueRef* exception)
+{
+ // Has mac & windows implementation
+ if (argumentCount < 1)
+ return JSValueMakeUndefined(context);
+
+ LayoutTestController* controller = static_cast<LayoutTestController*>(JSObjectGetPrivate(thisObject));
+ controller->setJavaScriptCanAccessClipboard(JSValueToBoolean(context, arguments[0]));
+
+ return JSValueMakeUndefined(context);
+}
+
static JSValueRef setXSSAuditorEnabledCallback(JSContextRef context, JSObjectRef function, JSObjectRef thisObject, size_t argumentCount, const JSValueRef arguments[], JSValueRef* exception)
{
// Has mac & windows implementation
@@ -1564,3 +1576,4 @@ void LayoutTestController::setPOSIXLocale(JSStringRef locale)
const unsigned LayoutTestController::maxViewWidth = 800;
const unsigned LayoutTestController::maxViewHeight = 600;
+ { "setJavaScriptCanAccessClipboard", setJavaScriptCanAccessClipboardCallback, kJSPropertyAttributeReadOnly | kJSPropertyAttributeDontDelete },
diff --git a/WebKitTools/DumpRenderTree/LayoutTestController.h b/WebKitTools/DumpRenderTree/LayoutTestController.h
index 72e10d2..cf84eb1 100644
--- a/WebKitTools/DumpRenderTree/LayoutTestController.h
+++ b/WebKitTools/DumpRenderTree/LayoutTestController.h
@@ -79,6 +79,7 @@ public:
void setDomainRelaxationForbiddenForURLScheme(bool forbidden, JSStringRef scheme);
void setIconDatabaseEnabled(bool iconDatabaseEnabled);
void setJavaScriptProfilingEnabled(bool profilingEnabled);
+ void setJavaScriptCanAccessClipboard(bool flag);
void setMainFrameIsFirstResponder(bool flag);
void setMockGeolocationError(int code, JSStringRef message);
void setMockGeolocationPosition(double latitude, double longitude, double accuracy);
diff --git a/WebKitTools/DumpRenderTree/gtk/DumpRenderTree.cpp b/WebKitTools/DumpRenderTree/gtk/DumpRenderTree.cpp
index 6aa4c3e..a0c2b21 100644
--- a/WebKitTools/DumpRenderTree/gtk/DumpRenderTree.cpp
+++ b/WebKitTools/DumpRenderTree/gtk/DumpRenderTree.cpp
@@ -320,6 +320,7 @@ static void resetDefaultsToConsistentValues()
"enable-html5-local-storage", TRUE,
"enable-xss-auditor", FALSE,
"enable-spatial-navigation", FALSE,
+ "javascript-can-access-clipboard", TRUE,
"javascript-can-open-windows-automatically", TRUE,
"enable-offline-web-application-cache", TRUE,
"enable-universal-access-from-file-uris", TRUE,
diff --git a/WebKitTools/DumpRenderTree/gtk/LayoutTestControllerGtk.cpp b/WebKitTools/DumpRenderTree/gtk/LayoutTestControllerGtk.cpp
index ff2ca58..6b3a46c 100644
--- a/WebKitTools/DumpRenderTree/gtk/LayoutTestControllerGtk.cpp
+++ b/WebKitTools/DumpRenderTree/gtk/LayoutTestControllerGtk.cpp
@@ -337,6 +337,15 @@ void LayoutTestController::setPrivateBrowsingEnabled(bool flag)
g_object_set(G_OBJECT(settings), "enable-private-browsing", flag, NULL);
}
+void LayoutTestController::setJavaScriptCanAccessClipboard(bool flag)
+{
+ WebKitWebView* view = webkit_web_frame_get_web_view(mainFrame);
+ ASSERT(view);
+
+ WebKitWebSettings* settings = webkit_web_view_get_settings(view);
+ g_object_set(G_OBJECT(settings), "javascript-can-access-clipboard", flag, NULL);
+}
+
void LayoutTestController::setXSSAuditorEnabled(bool flag)
{
WebKitWebView* view = webkit_web_frame_get_web_view(mainFrame);
diff --git a/debian/changelog b/debian/changelog
index e2c33c8..12ee926 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -10,6 +10,7 @@ webkit (1.2.1-3) UNRELEASED; urgency=low
* Fix cve-2010-1417: possible code execution in the css implementation (this
currently duplicated as cve-2010-1665 in the cve tracker).
* Fix cve-2010-1418: remote web script and/or html injection.
+ * Fix cve-2010-1421: remote modification of clipboard contents.
* Fix cve-2010-1422: keyboard focus hijack.
-- Michael Gilbert <michael.s.gilbert at gmail.com> Thu, 27 May 2010 20:36:41 -0400
diff --git a/debian/patches/cve-2010-1421.patch b/debian/patches/cve-2010-1421.patch
new file mode 100644
index 0000000..4c04ec0
--- /dev/null
+++ b/debian/patches/cve-2010-1421.patch
@@ -0,0 +1,278 @@
+description: fix cve-2010-1421
+author: Michael Gilbert <michael.s.gilbert at gmail.com>
+origin: http://trac.webkit.org/changeset/58703
+Index: webkit-1.2.1/WebKit/gtk/webkit/webkitwebsettings.cpp
+===================================================================
+--- webkit-1.2.1.orig/WebKit/gtk/webkit/webkitwebsettings.cpp 2010-05-13 16:31:30.000000000 -0400
++++ webkit-1.2.1/WebKit/gtk/webkit/webkitwebsettings.cpp 2010-06-28 21:36:35.000000000 -0400
+@@ -96,6 +96,7 @@
+ gboolean enable_spatial_navigation;
+ gchar* user_agent;
+ gboolean javascript_can_open_windows_automatically;
++ gboolean javascript_can_access_clipboard;
+ gboolean enable_offline_web_application_cache;
+ WebKitEditingBehavior editing_behavior;
+ gboolean enable_universal_access_from_file_uris;
+@@ -145,6 +146,7 @@
+ PROP_ENABLE_SPATIAL_NAVIGATION,
+ PROP_USER_AGENT,
+ PROP_JAVASCRIPT_CAN_OPEN_WINDOWS_AUTOMATICALLY,
++ PROP_JAVASCRIPT_CAN_ACCESS_CLIPBOARD,
+ PROP_ENABLE_OFFLINE_WEB_APPLICATION_CACHE,
+ PROP_EDITING_BEHAVIOR,
+ PROP_ENABLE_UNIVERSAL_ACCESS_FROM_FILE_URIS,
+@@ -623,6 +625,22 @@
+ _("Whether JavaScript can open windows automatically"),
+ FALSE,
+ flags));
++
++ /**
++ * WebKitWebSettings:javascript-can-access-clipboard
++ *
++ * Whether JavaScript can access Clipboard.
++ *
++ * Since: 1.3.0
++ */
++ g_object_class_install_property(gobject_class,
++ PROP_JAVASCRIPT_CAN_ACCESS_CLIPBOARD,
++ g_param_spec_boolean("javascript-can-access-clipboard",
++ _("JavaScript can access Clipboard"),
++ _("Whether JavaScript can access Clipboard"),
++ FALSE,
++ flags));
++
+ /**
+ * WebKitWebSettings:enable-offline-web-application-cache
+ *
+@@ -1023,6 +1041,9 @@
+ case PROP_JAVASCRIPT_CAN_OPEN_WINDOWS_AUTOMATICALLY:
+ priv->javascript_can_open_windows_automatically = g_value_get_boolean(value);
+ break;
++ case PROP_JAVASCRIPT_CAN_ACCESS_CLIPBOARD:
++ priv->javascript_can_access_clipboard = g_value_get_boolean(value);
++ break;
+ case PROP_ENABLE_OFFLINE_WEB_APPLICATION_CACHE:
+ priv->enable_offline_web_application_cache = g_value_get_boolean(value);
+ break;
+@@ -1161,6 +1182,9 @@
+ case PROP_JAVASCRIPT_CAN_OPEN_WINDOWS_AUTOMATICALLY:
+ g_value_set_boolean(value, priv->javascript_can_open_windows_automatically);
+ break;
++ case PROP_JAVASCRIPT_CAN_ACCESS_CLIPBOARD:
++ g_value_set_boolean(value, priv->javascript_can_access_clipboard);
++ break;
+ case PROP_ENABLE_OFFLINE_WEB_APPLICATION_CACHE:
+ g_value_set_boolean(value, priv->enable_offline_web_application_cache);
+ break;
+@@ -1255,6 +1279,7 @@
+ "enable-spatial-navigation", priv->enable_spatial_navigation,
+ "user-agent", webkit_web_settings_get_user_agent(web_settings),
+ "javascript-can-open-windows-automatically", priv->javascript_can_open_windows_automatically,
++ "javascript-can-access-clipboard", priv->javascript_can_access_clipboard,
+ "enable-offline-web-application-cache", priv->enable_offline_web_application_cache,
+ "editing-behavior", priv->editing_behavior,
+ "enable-universal-access-from-file-uris", priv->enable_universal_access_from_file_uris,
+Index: webkit-1.2.1/WebKit/gtk/webkit/webkitwebview.cpp
+===================================================================
+--- webkit-1.2.1.orig/WebKit/gtk/webkit/webkitwebview.cpp 2010-05-13 16:31:30.000000000 -0400
++++ webkit-1.2.1/WebKit/gtk/webkit/webkitwebview.cpp 2010-06-28 21:36:35.000000000 -0400
+@@ -2677,7 +2677,8 @@
+ gboolean autoLoadImages, autoShrinkImages, printBackgrounds,
+ enableScripts, enablePlugins, enableDeveloperExtras, resizableTextAreas,
+ enablePrivateBrowsing, enableCaretBrowsing, enableHTML5Database, enableHTML5LocalStorage,
+- enableXSSAuditor, enableSpatialNavigation, javascriptCanOpenWindows, enableOfflineWebAppCache,
++ enableXSSAuditor, enableSpatialNavigation, javascriptCanOpenWindows,
++ javaScriptCanAccessClipboard, enableOfflineWebAppCache,
+ enableUniversalAccessFromFileURI, enableFileAccessFromFileURI,
+ enableDOMPaste, tabKeyCyclesThroughElements,
+ enableSiteSpecificQuirks, usePageCache, enableJavaApplet;
+@@ -2707,6 +2708,7 @@
+ "enable-xss-auditor", &enableXSSAuditor,
+ "enable-spatial-navigation", &enableSpatialNavigation,
+ "javascript-can-open-windows-automatically", &javascriptCanOpenWindows,
++ "javascript-can-access-clipboard", &javaScriptCanAccessClipboard,
+ "enable-offline-web-application-cache", &enableOfflineWebAppCache,
+ "editing-behavior", &editingBehavior,
+ "enable-universal-access-from-file-uris", &enableUniversalAccessFromFileURI,
+@@ -2742,6 +2744,7 @@
+ settings->setXSSAuditorEnabled(enableXSSAuditor);
+ settings->setSpatialNavigationEnabled(enableSpatialNavigation);
+ settings->setJavaScriptCanOpenWindowsAutomatically(javascriptCanOpenWindows);
++ settings->setJavaScriptCanAccessClipboard(javaScriptCanAccessClipboard);
+ settings->setOfflineWebApplicationCacheEnabled(enableOfflineWebAppCache);
+ settings->setEditingBehavior(core(editingBehavior));
+ settings->setAllowUniversalAccessFromFileURLs(enableUniversalAccessFromFileURI);
+@@ -2839,6 +2842,8 @@
+ settings->setSpatialNavigationEnabled(g_value_get_boolean(&value));
+ else if (name == g_intern_string("javascript-can-open-windows-automatically"))
+ settings->setJavaScriptCanOpenWindowsAutomatically(g_value_get_boolean(&value));
++ else if (name == g_intern_string("javascript-can-access-clipboard"))
++ settings->setJavaScriptCanAccessClipboard(g_value_get_boolean(&value));
+ else if (name == g_intern_string("enable-offline-web-application-cache"))
+ settings->setOfflineWebApplicationCacheEnabled(g_value_get_boolean(&value));
+ else if (name == g_intern_string("editing-behavior"))
+Index: webkit-1.2.1/WebCore/editing/EditorCommand.cpp
+===================================================================
+--- webkit-1.2.1.orig/WebCore/editing/EditorCommand.cpp 2010-05-13 16:31:30.000000000 -0400
++++ webkit-1.2.1/WebCore/editing/EditorCommand.cpp 2010-06-28 21:36:35.000000000 -0400
+@@ -1069,6 +1069,21 @@
+ return source == CommandFromMenuOrKeyBinding;
+ }
+
++static bool supportedCopyCut(Frame* frame, EditorCommandSource source)
++{
++ switch (source) {
++ case CommandFromMenuOrKeyBinding:
++ return true;
++ case CommandFromDOM:
++ case CommandFromDOMWithUserInterface: {
++ Settings* settings = frame ? frame->settings() : 0;
++ return settings && settings->javaScriptCanAccessClipboard();
++ }
++ }
++ ASSERT_NOT_REACHED();
++ return false;
++}
++
+ static bool supportedPaste(Frame* frame, EditorCommandSource source)
+ {
+ switch (source) {
+@@ -1077,7 +1092,7 @@
+ case CommandFromDOM:
+ case CommandFromDOMWithUserInterface: {
+ Settings* settings = frame ? frame->settings() : 0;
+- return settings && settings->isDOMPasteAllowed();
++ return settings && (settings->javaScriptCanAccessClipboard() ? settings->isDOMPasteAllowed() : 0);
+ }
+ }
+ ASSERT_NOT_REACHED();
+@@ -1304,9 +1319,9 @@
+ { "BackColor", { executeBackColor, supported, enabledInRichlyEditableText, stateNone, valueBackColor, notTextInsertion, doNotAllowExecutionWhenDisabled } },
+ { "BackwardDelete", { executeDeleteBackward, supportedFromMenuOrKeyBinding, enabledInEditableText, stateNone, valueNull, notTextInsertion, doNotAllowExecutionWhenDisabled } }, // FIXME: remove BackwardDelete when Safari for Windows stops using it.
+ { "Bold", { executeToggleBold, supported, enabledInRichlyEditableText, stateBold, valueNull, notTextInsertion, doNotAllowExecutionWhenDisabled } },
+- { "Copy", { executeCopy, supported, enabledCopy, stateNone, valueNull, notTextInsertion, allowExecutionWhenDisabled } },
++ { "Copy", { executeCopy, supportedCopyCut, enabledCopy, stateNone, valueNull, notTextInsertion, allowExecutionWhenDisabled } },
+ { "CreateLink", { executeCreateLink, supported, enabledInRichlyEditableText, stateNone, valueNull, notTextInsertion, doNotAllowExecutionWhenDisabled } },
+- { "Cut", { executeCut, supported, enabledCut, stateNone, valueNull, notTextInsertion, allowExecutionWhenDisabled } },
++ { "Cut", { executeCut, supportedCopyCut, enabledCut, stateNone, valueNull, notTextInsertion, allowExecutionWhenDisabled } },
+ { "Delete", { executeDelete, supported, enabledDelete, stateNone, valueNull, notTextInsertion, doNotAllowExecutionWhenDisabled } },
+ { "DeleteBackward", { executeDeleteBackward, supportedFromMenuOrKeyBinding, enabledInEditableText, stateNone, valueNull, notTextInsertion, doNotAllowExecutionWhenDisabled } },
+ { "DeleteBackwardByDecomposingPreviousCharacter", { executeDeleteBackwardByDecomposingPreviousCharacter, supportedFromMenuOrKeyBinding, enabledInEditableText, stateNone, valueNull, notTextInsertion, doNotAllowExecutionWhenDisabled } },
+Index: webkit-1.2.1/WebCore/page/Settings.h
+===================================================================
+--- webkit-1.2.1.orig/WebCore/page/Settings.h 2010-05-13 16:31:30.000000000 -0400
++++ webkit-1.2.1/WebCore/page/Settings.h 2010-06-28 21:36:35.000000000 -0400
+@@ -122,6 +122,9 @@
+ void setJavaScriptCanOpenWindowsAutomatically(bool);
+ bool javaScriptCanOpenWindowsAutomatically() const { return m_javaScriptCanOpenWindowsAutomatically; }
+
++ void setJavaScriptCanAccessClipboard(bool);
++ bool javaScriptCanAccessClipboard() const { return m_javaScriptCanAccessClipboard; }
++
+ void setSpatialNavigationEnabled(bool);
+ bool isSpatialNavigationEnabled() const { return m_isSpatialNavigationEnabled; }
+
+@@ -330,6 +333,7 @@
+ bool m_allowUniversalAccessFromFileURLs: 1;
+ bool m_allowFileAccessFromFileURLs: 1;
+ bool m_javaScriptCanOpenWindowsAutomatically : 1;
++ bool m_javaScriptCanAccessClipboard : 1;
+ bool m_shouldPrintBackgrounds : 1;
+ bool m_textAreasAreResizable : 1;
+ #if ENABLE(DASHBOARD_SUPPORT)
+Index: webkit-1.2.1/WebCore/page/Settings.cpp
+===================================================================
+--- webkit-1.2.1.orig/WebCore/page/Settings.cpp 2010-05-13 16:31:30.000000000 -0400
++++ webkit-1.2.1/WebCore/page/Settings.cpp 2010-06-28 21:36:35.000000000 -0400
+@@ -79,6 +79,7 @@
+ , m_allowUniversalAccessFromFileURLs(true)
+ , m_allowFileAccessFromFileURLs(true)
+ , m_javaScriptCanOpenWindowsAutomatically(false)
++ , m_javaScriptCanAccessClipboard(false)
+ , m_shouldPrintBackgrounds(false)
+ , m_textAreasAreResizable(false)
+ #if ENABLE(DASHBOARD_SUPPORT)
+@@ -291,6 +292,11 @@
+ m_javaScriptCanOpenWindowsAutomatically = javaScriptCanOpenWindowsAutomatically;
+ }
+
++void Settings::setJavaScriptCanAccessClipboard(bool javaScriptCanAccessClipboard)
++{
++ m_javaScriptCanAccessClipboard = javaScriptCanAccessClipboard;
++}
++
+ void Settings::setDefaultTextEncodingName(const String& defaultTextEncodingName)
+ {
+ m_defaultTextEncodingName = defaultTextEncodingName;
+Index: webkit-1.2.1/WebKitTools/DumpRenderTree/gtk/DumpRenderTree.cpp
+===================================================================
+--- webkit-1.2.1.orig/WebKitTools/DumpRenderTree/gtk/DumpRenderTree.cpp 2010-05-13 16:31:30.000000000 -0400
++++ webkit-1.2.1/WebKitTools/DumpRenderTree/gtk/DumpRenderTree.cpp 2010-06-28 21:36:35.000000000 -0400
+@@ -320,6 +320,7 @@
+ "enable-html5-local-storage", TRUE,
+ "enable-xss-auditor", FALSE,
+ "enable-spatial-navigation", FALSE,
++ "javascript-can-access-clipboard", TRUE,
+ "javascript-can-open-windows-automatically", TRUE,
+ "enable-offline-web-application-cache", TRUE,
+ "enable-universal-access-from-file-uris", TRUE,
+Index: webkit-1.2.1/WebKitTools/DumpRenderTree/gtk/LayoutTestControllerGtk.cpp
+===================================================================
+--- webkit-1.2.1.orig/WebKitTools/DumpRenderTree/gtk/LayoutTestControllerGtk.cpp 2010-05-13 16:31:30.000000000 -0400
++++ webkit-1.2.1/WebKitTools/DumpRenderTree/gtk/LayoutTestControllerGtk.cpp 2010-06-28 21:36:35.000000000 -0400
+@@ -337,6 +337,15 @@
+ g_object_set(G_OBJECT(settings), "enable-private-browsing", flag, NULL);
+ }
+
++void LayoutTestController::setJavaScriptCanAccessClipboard(bool flag)
++{
++ WebKitWebView* view = webkit_web_frame_get_web_view(mainFrame);
++ ASSERT(view);
++
++ WebKitWebSettings* settings = webkit_web_view_get_settings(view);
++ g_object_set(G_OBJECT(settings), "javascript-can-access-clipboard", flag, NULL);
++}
++
+ void LayoutTestController::setXSSAuditorEnabled(bool flag)
+ {
+ WebKitWebView* view = webkit_web_frame_get_web_view(mainFrame);
+Index: webkit-1.2.1/WebKitTools/DumpRenderTree/LayoutTestController.cpp
+===================================================================
+--- webkit-1.2.1.orig/WebKitTools/DumpRenderTree/LayoutTestController.cpp 2010-05-13 16:31:30.000000000 -0400
++++ webkit-1.2.1/WebKitTools/DumpRenderTree/LayoutTestController.cpp 2010-06-28 21:36:35.000000000 -0400
+@@ -902,6 +902,18 @@
+ return JSValueMakeUndefined(context);
+ }
+
++static JSValueRef setJavaScriptCanAccessClipboardCallback(JSContextRef context, JSObjectRef function, JSObjectRef thisObject, size_t argumentCount, const JSValueRef arguments[], JSValueRef* exception)
++{
++ // Has mac & windows implementation
++ if (argumentCount < 1)
++ return JSValueMakeUndefined(context);
++
++ LayoutTestController* controller = static_cast<LayoutTestController*>(JSObjectGetPrivate(thisObject));
++ controller->setJavaScriptCanAccessClipboard(JSValueToBoolean(context, arguments[0]));
++
++ return JSValueMakeUndefined(context);
++}
++
+ static JSValueRef setXSSAuditorEnabledCallback(JSContextRef context, JSObjectRef function, JSObjectRef thisObject, size_t argumentCount, const JSValueRef arguments[], JSValueRef* exception)
+ {
+ // Has mac & windows implementation
+@@ -1564,3 +1576,4 @@
+
+ const unsigned LayoutTestController::maxViewWidth = 800;
+ const unsigned LayoutTestController::maxViewHeight = 600;
++ { "setJavaScriptCanAccessClipboard", setJavaScriptCanAccessClipboardCallback, kJSPropertyAttributeReadOnly | kJSPropertyAttributeDontDelete },
+Index: webkit-1.2.1/WebKitTools/DumpRenderTree/LayoutTestController.h
+===================================================================
+--- webkit-1.2.1.orig/WebKitTools/DumpRenderTree/LayoutTestController.h 2010-05-13 16:31:30.000000000 -0400
++++ webkit-1.2.1/WebKitTools/DumpRenderTree/LayoutTestController.h 2010-06-28 21:36:35.000000000 -0400
+@@ -79,6 +79,7 @@
+ void setDomainRelaxationForbiddenForURLScheme(bool forbidden, JSStringRef scheme);
+ void setIconDatabaseEnabled(bool iconDatabaseEnabled);
+ void setJavaScriptProfilingEnabled(bool profilingEnabled);
++ void setJavaScriptCanAccessClipboard(bool flag);
+ void setMainFrameIsFirstResponder(bool flag);
+ void setMockGeolocationError(int code, JSStringRef message);
+ void setMockGeolocationPosition(double latitude, double longitude, double accuracy);
diff --git a/debian/patches/series b/debian/patches/series
index 4bf25a5..a8257ea 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -13,3 +13,4 @@ cve-2010-1418-part1.patch
cve-2010-1418-part2.patch
cve-2010-1418-part3.patch
cve-2010-1422.patch
+cve-2010-1421.patch
--
WebKit Debian packaging
More information about the Pkg-webkit-commits
mailing list