Changeset 100203 in webkit
- Timestamp:
- Nov 14, 2011, 4:00:00 PM (14 years ago)
- Location:
- trunk
- Files:
-
- 3 added
- 4 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/LayoutTests/ChangeLog
r100198 r100203 1 2011-11-14 Adam Barth <abarth@webkit.org> 2 3 Cross-origin drag-and-drop prevention ineffective 4 https://bugs.webkit.org/show_bug.cgi?id=72322 5 6 Reviewed by Eric Seidel. 7 8 Split drag-drop-dead-frame.html into two tests: one that tests for the 9 previous crash and one that tests out data URL drag-and-drop behavior. 10 11 * editing/pasteboard/drag-drop-dead-frame.html: 12 * editing/pasteboard/drag-drop-to-data-url-expected.txt: Added. 13 * editing/pasteboard/drag-drop-to-data-url.html: Added. 14 1 15 2011-11-14 Tony Chang <tony@chromium.org> 2 16 -
trunk/LayoutTests/editing/pasteboard/drag-drop-dead-frame.html
r20490 r100203 75 75 <p>Check you don't crash when your previous drag target frame is deleted <rdar://problem/5049842></p> 76 76 <div><span id="dragme">hello</span></div> 77 <iframe id=targetframe src=" data:text/html;charset=utf-8,%3Cbody%20contentEditable%3Dtrue%3E%0D%0A"></iframe>77 <iframe id=targetframe src="resources/editable-iframe.html"></iframe> 78 78 <script>runEditingTest();</script> 79 79 </body> -
trunk/Source/WebCore/ChangeLog
r100199 r100203 1 2011-11-14 Adam Barth <abarth@webkit.org> 2 3 Don't special-case "data" URLs in drag-and-drop logic 4 https://bugs.webkit.org/show_bug.cgi?id=72322 5 6 Reviewed by Eric Seidel. 7 8 See the bug for more details. 9 10 Test: editing/pasteboard/drag-drop-to-data-url.html 11 12 * page/SecurityOrigin.cpp: 13 (WebCore::SecurityOrigin::canReceiveDragData): 14 1 15 2011-11-14 Adrienne Walker <enne@google.com> 2 16 -
trunk/Source/WebCore/page/SecurityOrigin.cpp
r100182 r100203 262 262 { 263 263 if (this == dragInitiator) 264 return true;265 266 // FIXME: Currently we treat data URLs as having a unique origin, contrary to the267 // current (9/19/2009) draft of the HTML5 specification. We still want to allow268 // drop across data URLs, so we special case data URLs below. If we change to269 // match HTML5 w.r.t. data URL security, then we can remove this check.270 if (m_protocol == "data")271 264 return true; 272 265
Note:
See TracChangeset
for help on using the changeset viewer.