[SCM] WebKit Debian packaging branch, webkit-1.3, updated. upstream/1.3.7-4207-g178b198
robert at webkit.org
robert at webkit.org
Sun Feb 20 23:38:17 UTC 2011
The following commit has been merged in the webkit-1.3 branch:
commit d31455da7066c7fce11597c1fee209d9f18c8d2c
Author: robert at webkit.org <robert at webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date: Sat Jan 22 14:13:57 2011 +0000
2011-01-22 Robert Hogan <robert at webkit.org>
Reviewed by Kenneth Rohde Christiansen.
[Qt] REGRESSION (r72360): http/tests/security/aboutBlank/xss-DENIED-* tests fail
https://bugs.webkit.org/show_bug.cgi?id=49802
* platform/qt/Skipped:
* platform/qt/http/tests/security/aboutBlank/xss-DENIED-navigate-opener-document-write-expected.txt: Added.
* platform/qt/http/tests/security/aboutBlank/xss-DENIED-navigate-opener-javascript-url-expected.txt: Added.
* platform/qt/http/tests/security/aboutBlank/xss-DENIED-set-opener-expected.txt: Added.
2011-01-22 Robert Hogan <robert at webkit.org>
Reviewed by Kenneth Rohde Christiansen.
[Qt] REGRESSION (r72360): http/tests/security/aboutBlank/xss-DENIED-* tests fail
https://bugs.webkit.org/show_bug.cgi?id=49802
* DumpRenderTree/qt/DumpRenderTreeQt.cpp:
(WebCore::DumpRenderTree::resetToConsistentStateBeforeTesting):
(WebCore::DumpRenderTree::open):
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@76446 268f45cc-cd09-0410-ab3c-d52691b4dbfc
diff --git a/LayoutTests/ChangeLog b/LayoutTests/ChangeLog
index cc11d36..50f5134 100644
--- a/LayoutTests/ChangeLog
+++ b/LayoutTests/ChangeLog
@@ -1,3 +1,15 @@
+2011-01-22 Robert Hogan <robert at webkit.org>
+
+ Reviewed by Kenneth Rohde Christiansen.
+
+ [Qt] REGRESSION (r72360): http/tests/security/aboutBlank/xss-DENIED-* tests fail
+ https://bugs.webkit.org/show_bug.cgi?id=49802
+
+ * platform/qt/Skipped:
+ * platform/qt/http/tests/security/aboutBlank/xss-DENIED-navigate-opener-document-write-expected.txt: Added.
+ * platform/qt/http/tests/security/aboutBlank/xss-DENIED-navigate-opener-javascript-url-expected.txt: Added.
+ * platform/qt/http/tests/security/aboutBlank/xss-DENIED-set-opener-expected.txt: Added.
+
2011-01-22 Andreas Kling <kling at webkit.org>
Unreviewed, add Qt-specific result for test added in r76414.
diff --git a/LayoutTests/platform/qt/Skipped b/LayoutTests/platform/qt/Skipped
index 0128617..da14d71 100644
--- a/LayoutTests/platform/qt/Skipped
+++ b/LayoutTests/platform/qt/Skipped
@@ -5055,12 +5055,6 @@ editing/pasteboard/paste-4039777-fix.html
# https://bugs.webkit.org/show_bug.cgi?id=49749
plugins/refcount-leaks.html
-# [Qt] REGRESSION (r72360): http/tests/security/aboutBlank/xss-DENIED-* tests fail
-# https://bugs.webkit.org/show_bug.cgi?id=49802
-http/tests/security/aboutBlank/xss-DENIED-navigate-opener-document-write.html
-http/tests/security/aboutBlank/xss-DENIED-navigate-opener-javascript-url.html
-http/tests/security/aboutBlank/xss-DENIED-set-opener.html
-
# REGRESSION(r72861): editing/selection/click-left-of-rtl-wrapping-text.html and modify-up-on-rtl-wrapping-text.html fail on all but Mac platform
# https://bugs.webkit.org/show_bug.cgi?id=50204
editing/selection/click-left-of-rtl-wrapping-text.html
diff --git a/LayoutTests/platform/qt/http/tests/security/aboutBlank/xss-DENIED-navigate-opener-document-write-expected.txt b/LayoutTests/platform/qt/http/tests/security/aboutBlank/xss-DENIED-navigate-opener-document-write-expected.txt
new file mode 100644
index 0000000..6150b15
--- /dev/null
+++ b/LayoutTests/platform/qt/http/tests/security/aboutBlank/xss-DENIED-navigate-opener-document-write-expected.txt
@@ -0,0 +1,17 @@
+CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/innocent-victim-with-notify.html from frame with URL about:blank. Domains, protocols and ports must match.
+
+CONSOLE MESSAGE: line 0: TypeError: 'undefined' is not an object
+This page opens a window to "", injects malicious code, and then navigates its opener to the victim. The opened window then tries to scripts its opener after document.writeing a new document.
+Code injected into window:
+<script>document.write('<script>function write(target, message) { target.document.body.innerHTML = message; }setTimeout(function() {write(window.opener, \'FAIL: XSS was allowed.\');}, 100);setTimeout(function() {write(window.opener.top.frames[1], \'SUCCESS: Window remained in original SecurityOrigin.\');}, 200);setTimeout(function() { if (window.layoutTestController) layoutTestController.globalFlag = true; }, 300);<\/script>');</script>
+
+
+--------
+Frame: '<!--framePath //<!--frame0-->-->'
+--------
+This page doesn't do anything special (except signal that it has finished loading).
+
+--------
+Frame: '<!--framePath //<!--frame1-->-->'
+--------
+SUCCESS: Window remained in original SecurityOrigin.
diff --git a/LayoutTests/platform/qt/http/tests/security/aboutBlank/xss-DENIED-navigate-opener-javascript-url-expected.txt b/LayoutTests/platform/qt/http/tests/security/aboutBlank/xss-DENIED-navigate-opener-javascript-url-expected.txt
new file mode 100644
index 0000000..9c4f801
--- /dev/null
+++ b/LayoutTests/platform/qt/http/tests/security/aboutBlank/xss-DENIED-navigate-opener-javascript-url-expected.txt
@@ -0,0 +1,17 @@
+CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/innocent-victim-with-notify.html from frame with URL http://127.0.0.1:8000/security/aboutBlank/xss-DENIED-navigate-opener-javascript-url.html. Domains, protocols and ports must match.
+
+CONSOLE MESSAGE: line 0: TypeError: 'undefined' is not an object
+This page opens a window to "", injects malicious code, and then navigates its opener to the victim. The opened window then tries to scripts its opener after reloading itself as a javascript URL.
+Code injected into window:
+<script>window.location = 'javascript:\'<script>function write(target, message) { target.document.body.innerHTML = message; }setTimeout(function() {write(window.opener, \\\'FAIL: XSS was allowed.\\\');}, 100);setTimeout(function() {write(window.opener.top.frames[1], \\\'SUCCESS: Window remained in original SecurityOrigin.\\\');}, 200);setTimeout(function() { if (window.layoutTestController) layoutTestController.globalFlag = true; }, 300);<\\\/script>\''</script>
+
+
+--------
+Frame: '<!--framePath //<!--frame0-->-->'
+--------
+This page doesn't do anything special (except signal that it has finished loading).
+
+--------
+Frame: '<!--framePath //<!--frame1-->-->'
+--------
+SUCCESS: Window remained in original SecurityOrigin.
diff --git a/LayoutTests/platform/qt/http/tests/security/aboutBlank/xss-DENIED-set-opener-expected.txt b/LayoutTests/platform/qt/http/tests/security/aboutBlank/xss-DENIED-set-opener-expected.txt
new file mode 100644
index 0000000..203e5e7
--- /dev/null
+++ b/LayoutTests/platform/qt/http/tests/security/aboutBlank/xss-DENIED-set-opener-expected.txt
@@ -0,0 +1,22 @@
+CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/innocent-victim.html from frame with URL http://127.0.0.1:8000/security/aboutBlank/xss-DENIED-set-opener.html. Domains, protocols and ports must match.
+
+CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/innocent-victim.html from frame with URL about:blank. Domains, protocols and ports must match.
+
+CONSOLE MESSAGE: line 0: TypeError: 'undefined' is not an object
+This page opens a window to "", injects malicious code, and then uses window.open.call to set its opener to the victim. The opened window then tries to scripts its opener.
+Code injected into window:
+<script>function write(target, message) { target.document.body.innerHTML = message; }
+setTimeout(function() {write(window.opener.top.frames[0], 'FAIL: XSS was allowed.');}, 100);
+setTimeout(function() {write(window.opener.top.frames[1], 'SUCCESS: Window remained in original SecurityOrigin.');}, 200);
+setTimeout(function() { if (window.layoutTestController) layoutTestController.globalFlag = true; }, 300);</script>
+
+
+--------
+Frame: '<!--framePath //<!--frame0-->-->'
+--------
+This page doesn't do anything special.
+
+--------
+Frame: '<!--framePath //<!--frame1-->-->'
+--------
+SUCCESS: Window remained in original SecurityOrigin.
diff --git a/Tools/ChangeLog b/Tools/ChangeLog
index ac15ac7..bdf5d86 100644
--- a/Tools/ChangeLog
+++ b/Tools/ChangeLog
@@ -1,3 +1,14 @@
+2011-01-22 Robert Hogan <robert at webkit.org>
+
+ Reviewed by Kenneth Rohde Christiansen.
+
+ [Qt] REGRESSION (r72360): http/tests/security/aboutBlank/xss-DENIED-* tests fail
+ https://bugs.webkit.org/show_bug.cgi?id=49802
+
+ * DumpRenderTree/qt/DumpRenderTreeQt.cpp:
+ (WebCore::DumpRenderTree::resetToConsistentStateBeforeTesting):
+ (WebCore::DumpRenderTree::open):
+
2011-01-21 Adam Barth <abarth at webkit.org>
Reviewed by Maciej Stachowiak.
diff --git a/Tools/DumpRenderTree/qt/DumpRenderTreeQt.cpp b/Tools/DumpRenderTree/qt/DumpRenderTreeQt.cpp
index ce608cc..8d2ed59 100644
--- a/Tools/DumpRenderTree/qt/DumpRenderTreeQt.cpp
+++ b/Tools/DumpRenderTree/qt/DumpRenderTreeQt.cpp
@@ -560,6 +560,7 @@ void DumpRenderTree::resetToConsistentStateBeforeTesting()
QLocale::setDefault(QLocale::c());
+ layoutTestController()->setDeveloperExtrasEnabled(true);
#ifndef Q_OS_WINCE
setlocale(LC_ALL, "");
#endif
@@ -579,26 +580,16 @@ static bool isWebInspectorTest(const QUrl& url)
return false;
}
-static bool shouldEnableDeveloperExtras(const QUrl& url)
-{
- return true;
-}
-
void DumpRenderTree::open(const QUrl& url)
{
DumpRenderTreeSupportQt::dumpResourceLoadCallbacksPath(QFileInfo(url.toString()).path());
resetToConsistentStateBeforeTesting();
- if (shouldEnableDeveloperExtras(m_page->mainFrame()->url())) {
+ if (isWebInspectorTest(m_page->mainFrame()->url()))
layoutTestController()->closeWebInspector();
- layoutTestController()->setDeveloperExtrasEnabled(false);
- }
- if (shouldEnableDeveloperExtras(url)) {
- layoutTestController()->setDeveloperExtrasEnabled(true);
- if (isWebInspectorTest(url))
- layoutTestController()->showWebInspector();
- }
+ if (isWebInspectorTest(url))
+ layoutTestController()->showWebInspector();
if (isGlobalHistoryTest(url))
layoutTestController()->dumpHistoryCallbacks();
--
WebKit Debian packaging
More information about the Pkg-webkit-commits
mailing list