[SCM] WebKit Debian packaging branch, webkit-1.3, updated. upstream/1.3.7-4207-g178b198

robert at webkit.org robert at webkit.org
Sun Feb 20 23:38:17 UTC 2011 

The following commit has been merged in the webkit-1.3 branch:
commit d31455da7066c7fce11597c1fee209d9f18c8d2c
Author: robert at webkit.org <robert at webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date:   Sat Jan 22 14:13:57 2011 +0000

    2011-01-22  Robert Hogan  <robert at webkit.org>
    
            Reviewed by Kenneth Rohde Christiansen.
    
            [Qt] REGRESSION (r72360): http/tests/security/aboutBlank/xss-DENIED-* tests fail
            https://bugs.webkit.org/show_bug.cgi?id=49802
    
            * platform/qt/Skipped:
            * platform/qt/http/tests/security/aboutBlank/xss-DENIED-navigate-opener-document-write-expected.txt: Added.
            * platform/qt/http/tests/security/aboutBlank/xss-DENIED-navigate-opener-javascript-url-expected.txt: Added.
            * platform/qt/http/tests/security/aboutBlank/xss-DENIED-set-opener-expected.txt: Added.
    2011-01-22  Robert Hogan  <robert at webkit.org>
    
            Reviewed by Kenneth Rohde Christiansen.
    
            [Qt] REGRESSION (r72360): http/tests/security/aboutBlank/xss-DENIED-* tests fail
            https://bugs.webkit.org/show_bug.cgi?id=49802
    
            * DumpRenderTree/qt/DumpRenderTreeQt.cpp:
            (WebCore::DumpRenderTree::resetToConsistentStateBeforeTesting):
            (WebCore::DumpRenderTree::open):
    
    git-svn-id: http://svn.webkit.org/repository/webkit/trunk@76446 268f45cc-cd09-0410-ab3c-d52691b4dbfc

diff --git a/LayoutTests/ChangeLog b/LayoutTests/ChangeLog
index cc11d36..50f5134 100644
--- a/LayoutTests/ChangeLog
+++ b/LayoutTests/ChangeLog
@@ -1,3 +1,15 @@
+2011-01-22  Robert Hogan  <robert at webkit.org>
+
+        Reviewed by Kenneth Rohde Christiansen.
+
+        [Qt] REGRESSION (r72360): http/tests/security/aboutBlank/xss-DENIED-* tests fail
+        https://bugs.webkit.org/show_bug.cgi?id=49802
+
+        * platform/qt/Skipped:
+        * platform/qt/http/tests/security/aboutBlank/xss-DENIED-navigate-opener-document-write-expected.txt: Added.
+        * platform/qt/http/tests/security/aboutBlank/xss-DENIED-navigate-opener-javascript-url-expected.txt: Added.
+        * platform/qt/http/tests/security/aboutBlank/xss-DENIED-set-opener-expected.txt: Added.
+
 2011-01-22  Andreas Kling  <kling at webkit.org>
 
         Unreviewed, add Qt-specific result for test added in r76414.
diff --git a/LayoutTests/platform/qt/Skipped b/LayoutTests/platform/qt/Skipped
index 0128617..da14d71 100644
--- a/LayoutTests/platform/qt/Skipped
+++ b/LayoutTests/platform/qt/Skipped
@@ -5055,12 +5055,6 @@ editing/pasteboard/paste-4039777-fix.html
 # https://bugs.webkit.org/show_bug.cgi?id=49749
 plugins/refcount-leaks.html
 
-# [Qt] REGRESSION (r72360): http/tests/security/aboutBlank/xss-DENIED-* tests fail
-# https://bugs.webkit.org/show_bug.cgi?id=49802
-http/tests/security/aboutBlank/xss-DENIED-navigate-opener-document-write.html
-http/tests/security/aboutBlank/xss-DENIED-navigate-opener-javascript-url.html
-http/tests/security/aboutBlank/xss-DENIED-set-opener.html
-
 # REGRESSION(r72861): editing/selection/click-left-of-rtl-wrapping-text.html and modify-up-on-rtl-wrapping-text.html fail on all but Mac platform
 # https://bugs.webkit.org/show_bug.cgi?id=50204
 editing/selection/click-left-of-rtl-wrapping-text.html
diff --git a/LayoutTests/platform/qt/http/tests/security/aboutBlank/xss-DENIED-navigate-opener-document-write-expected.txt b/LayoutTests/platform/qt/http/tests/security/aboutBlank/xss-DENIED-navigate-opener-document-write-expected.txt
new file mode 100644
index 0000000..6150b15
--- /dev/null
+++ b/LayoutTests/platform/qt/http/tests/security/aboutBlank/xss-DENIED-navigate-opener-document-write-expected.txt
@@ -0,0 +1,17 @@
+CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/innocent-victim-with-notify.html from frame with URL about:blank. Domains, protocols and ports must match.
+
+CONSOLE MESSAGE: line 0: TypeError: 'undefined' is not an object
+This page opens a window to "", injects malicious code, and then navigates its opener to the victim. The opened window then tries to scripts its opener after document.writeing a new document.
+Code injected into window:
+<script>document.write('<script>function write(target, message) { target.document.body.innerHTML = message; }setTimeout(function() {write(window.opener, \'FAIL: XSS was allowed.\');}, 100);setTimeout(function() {write(window.opener.top.frames[1], \'SUCCESS: Window remained in original SecurityOrigin.\');}, 200);setTimeout(function() { if (window.layoutTestController) layoutTestController.globalFlag = true; }, 300);<\/script>');</script>
+ 
+
+--------
+Frame: '<!--framePath //<!--frame0-->-->'
+--------
+This page doesn't do anything special (except signal that it has finished loading).
+
+--------
+Frame: '<!--framePath //<!--frame1-->-->'
+--------
+SUCCESS: Window remained in original SecurityOrigin.
diff --git a/LayoutTests/platform/qt/http/tests/security/aboutBlank/xss-DENIED-navigate-opener-javascript-url-expected.txt b/LayoutTests/platform/qt/http/tests/security/aboutBlank/xss-DENIED-navigate-opener-javascript-url-expected.txt
new file mode 100644
index 0000000..9c4f801
--- /dev/null
+++ b/LayoutTests/platform/qt/http/tests/security/aboutBlank/xss-DENIED-navigate-opener-javascript-url-expected.txt
@@ -0,0 +1,17 @@
+CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/innocent-victim-with-notify.html from frame with URL http://127.0.0.1:8000/security/aboutBlank/xss-DENIED-navigate-opener-javascript-url.html. Domains, protocols and ports must match.
+
+CONSOLE MESSAGE: line 0: TypeError: 'undefined' is not an object
+This page opens a window to "", injects malicious code, and then navigates its opener to the victim. The opened window then tries to scripts its opener after reloading itself as a javascript URL.
+Code injected into window:
+<script>window.location = 'javascript:\'<script>function write(target, message) { target.document.body.innerHTML = message; }setTimeout(function() {write(window.opener, \\\'FAIL: XSS was allowed.\\\');}, 100);setTimeout(function() {write(window.opener.top.frames[1], \\\'SUCCESS: Window remained in original SecurityOrigin.\\\');}, 200);setTimeout(function() { if (window.layoutTestController) layoutTestController.globalFlag = true; }, 300);<\\\/script>\''</script>
+ 
+
+--------
+Frame: '<!--framePath //<!--frame0-->-->'
+--------
+This page doesn't do anything special (except signal that it has finished loading).
+
+--------
+Frame: '<!--framePath //<!--frame1-->-->'
+--------
+SUCCESS: Window remained in original SecurityOrigin.
diff --git a/LayoutTests/platform/qt/http/tests/security/aboutBlank/xss-DENIED-set-opener-expected.txt b/LayoutTests/platform/qt/http/tests/security/aboutBlank/xss-DENIED-set-opener-expected.txt
new file mode 100644
index 0000000..203e5e7
--- /dev/null
+++ b/LayoutTests/platform/qt/http/tests/security/aboutBlank/xss-DENIED-set-opener-expected.txt
@@ -0,0 +1,22 @@
+CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/innocent-victim.html from frame with URL http://127.0.0.1:8000/security/aboutBlank/xss-DENIED-set-opener.html. Domains, protocols and ports must match.
+
+CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/innocent-victim.html from frame with URL about:blank. Domains, protocols and ports must match.
+
+CONSOLE MESSAGE: line 0: TypeError: 'undefined' is not an object
+This page opens a window to "", injects malicious code, and then uses window.open.call to set its opener to the victim. The opened window then tries to scripts its opener.
+Code injected into window:
+<script>function write(target, message) { target.document.body.innerHTML = message; }
+setTimeout(function() {write(window.opener.top.frames[0], 'FAIL: XSS was allowed.');}, 100);
+setTimeout(function() {write(window.opener.top.frames[1], 'SUCCESS: Window remained in original SecurityOrigin.');}, 200);
+setTimeout(function() { if (window.layoutTestController) layoutTestController.globalFlag = true; }, 300);</script>
+ 
+
+--------
+Frame: '<!--framePath //<!--frame0-->-->'
+--------
+This page doesn't do anything special.
+
+--------
+Frame: '<!--framePath //<!--frame1-->-->'
+--------
+SUCCESS: Window remained in original SecurityOrigin.
diff --git a/Tools/ChangeLog b/Tools/ChangeLog
index ac15ac7..bdf5d86 100644
--- a/Tools/ChangeLog
+++ b/Tools/ChangeLog
@@ -1,3 +1,14 @@
+2011-01-22  Robert Hogan  <robert at webkit.org>
+
+        Reviewed by Kenneth Rohde Christiansen.
+
+        [Qt] REGRESSION (r72360): http/tests/security/aboutBlank/xss-DENIED-* tests fail
+        https://bugs.webkit.org/show_bug.cgi?id=49802
+
+        * DumpRenderTree/qt/DumpRenderTreeQt.cpp:
+        (WebCore::DumpRenderTree::resetToConsistentStateBeforeTesting):
+        (WebCore::DumpRenderTree::open):
+
 2011-01-21  Adam Barth  <abarth at webkit.org>
 
         Reviewed by Maciej Stachowiak.
diff --git a/Tools/DumpRenderTree/qt/DumpRenderTreeQt.cpp b/Tools/DumpRenderTree/qt/DumpRenderTreeQt.cpp
index ce608cc..8d2ed59 100644
--- a/Tools/DumpRenderTree/qt/DumpRenderTreeQt.cpp
+++ b/Tools/DumpRenderTree/qt/DumpRenderTreeQt.cpp
@@ -560,6 +560,7 @@ void DumpRenderTree::resetToConsistentStateBeforeTesting()
 
     QLocale::setDefault(QLocale::c());
 
+    layoutTestController()->setDeveloperExtrasEnabled(true);
 #ifndef Q_OS_WINCE
     setlocale(LC_ALL, "");
 #endif
@@ -579,26 +580,16 @@ static bool isWebInspectorTest(const QUrl& url)
     return false;
 }
 
-static bool shouldEnableDeveloperExtras(const QUrl& url)
-{
-    return true;
-}
-
 void DumpRenderTree::open(const QUrl& url)
 {
     DumpRenderTreeSupportQt::dumpResourceLoadCallbacksPath(QFileInfo(url.toString()).path());
     resetToConsistentStateBeforeTesting();
 
-    if (shouldEnableDeveloperExtras(m_page->mainFrame()->url())) {
+    if (isWebInspectorTest(m_page->mainFrame()->url()))
         layoutTestController()->closeWebInspector();
-        layoutTestController()->setDeveloperExtrasEnabled(false);
-    }
 
-    if (shouldEnableDeveloperExtras(url)) {
-        layoutTestController()->setDeveloperExtrasEnabled(true);
-        if (isWebInspectorTest(url))
-            layoutTestController()->showWebInspector();
-    }
+    if (isWebInspectorTest(url))
+        layoutTestController()->showWebInspector();
 
     if (isGlobalHistoryTest(url))
         layoutTestController()->dumpHistoryCallbacks();

-- 
WebKit Debian packaging

More information about the Pkg-webkit-commits mailing list