Changeset 100203 in webkit

Timestamp:

Nov 14, 2011, 4:00:00 PM (14 years ago)

Author:

abarth@webkit.org

Message:

Source/WebCore: Don't special-case "data" URLs in drag-and-drop logic
​https://bugs.webkit.org/show_bug.cgi?id=72322

Reviewed by Eric Seidel.

See the bug for more details.

Test: editing/pasteboard/drag-drop-to-data-url.html

• page/SecurityOrigin.cpp:

(WebCore::SecurityOrigin::canReceiveDragData):

LayoutTests: Cross-origin drag-and-drop prevention ineffective
​https://bugs.webkit.org/show_bug.cgi?id=72322

Reviewed by Eric Seidel.

Split drag-drop-dead-frame.html into two tests: one that tests for the
previous crash and one that tests out data URL drag-and-drop behavior.

• editing/pasteboard/drag-drop-dead-frame.html:
• editing/pasteboard/drag-drop-to-data-url-expected.txt: Added.
• editing/pasteboard/drag-drop-to-data-url.html: Added.

Location:

trunk

Files:

• LayoutTests/ChangeLog (modified) (1 diff)
• LayoutTests/editing/pasteboard/drag-drop-dead-frame.html (modified) (1 diff)
• LayoutTests/editing/pasteboard/drag-drop-to-data-url-expected.txt (added)
• LayoutTests/editing/pasteboard/drag-drop-to-data-url.html (added)
• LayoutTests/editing/pasteboard/resources/editable-iframe.html (added)
• Source/WebCore/ChangeLog (modified) (1 diff)
• Source/WebCore/page/SecurityOrigin.cpp (modified) (1 diff)

trunk/LayoutTests/ChangeLog

@@ +1 @@
+2011-11-14  Adam Barth  <abarth@webkit.org>
+
+        Cross-origin drag-and-drop prevention ineffective
+        https://bugs.webkit.org/show_bug.cgi?id=72322
+
+        Reviewed by Eric Seidel.
+
+        Split drag-drop-dead-frame.html into two tests: one that tests for the
+        previous crash and one that tests out data URL drag-and-drop behavior.
+
+        * editing/pasteboard/drag-drop-dead-frame.html:
+        * editing/pasteboard/drag-drop-to-data-url-expected.txt: Added.
+        * editing/pasteboard/drag-drop-to-data-url.html: Added.
+
 2011-11-14  Tony Chang  <tony@chromium.org>
 

trunk/LayoutTests/editing/pasteboard/drag-drop-dead-frame.html

@@ -75 +75 @@
 <p>Check you don't crash when your previous drag target frame is deleted &lt;rdar://problem/5049842&gt;</p>
 <div><span id="dragme">hello</span></div>
-<iframe id=targetframe src="data:text/html;charset=utf-8,%3Cbody%20contentEditable%3Dtrue%3E%0D%0A"></iframe>
+<iframe id=targetframe src="resources/editable-iframe.html"></iframe>
 <script>runEditingTest();</script>
 </body>

trunk/Source/WebCore/ChangeLog

@@ +1 @@
+2011-11-14  Adam Barth  <abarth@webkit.org>
+
+        Don't special-case "data" URLs in drag-and-drop logic
+        https://bugs.webkit.org/show_bug.cgi?id=72322
+
+        Reviewed by Eric Seidel.
+
+        See the bug for more details.
+
+        Test: editing/pasteboard/drag-drop-to-data-url.html
+
+        * page/SecurityOrigin.cpp:
+        (WebCore::SecurityOrigin::canReceiveDragData):
+
 2011-11-14  Adrienne Walker  <enne@google.com>
 

trunk/Source/WebCore/page/SecurityOrigin.cpp

@@ -262 +262 @@
 {
     if (this == dragInitiator)
-        return true;
-
-    // FIXME: Currently we treat data URLs as having a unique origin, contrary to the
-    // current (9/19/2009) draft of the HTML5 specification. We still want to allow
-    // drop across data URLs, so we special case data URLs below. If we change to
-    // match HTML5 w.r.t. data URL security, then we can remove this check.
-    if (m_protocol == "data")
         return true;