Changeset 120145 in webkit
- Timestamp:
- Jun 12, 2012 5:33:03 PM (12 years ago)
- Location:
- trunk
- Files:
-
- 8 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/LayoutTests/ChangeLog
r120144 r120145 1 2012-06-12 Christophe Dumez <christophe.dumez@intel.com> 2 3 [soup] Prevent setting or editing httpOnly cookies from JavaScript 4 https://bugs.webkit.org/show_bug.cgi?id=88760 5 6 Reviewed by Gustavo Noronha Silva. 7 8 Unskip http/tests/cookies/js-get-and-set-http-only-cookie.html for 9 both GTK and EFL ports now that that we don't allow overwriting 10 httpOnly cookies from JavaScript anymore. 11 12 * platform/efl/TestExpectations: 13 * platform/gtk/TestExpectations: 14 1 15 2012-06-12 Christophe Dumez <christophe.dumez@intel.com> 2 16 -
trunk/LayoutTests/platform/efl/TestExpectations
r120144 r120145 698 698 BUGWK86637 : editing/spelling/spelling-marker-description.html = TEXT 699 699 700 // New test added in r119947 which fails on almost all ports701 BUGWK87208 : http/tests/cookies/js-get-and-set-http-only-cookie.html = TEXT702 703 700 // It is unclear whether a new baseline is needed or it is a JSC failure 704 701 BUGWK77413 : fast/parser/nested-fragment-parser-crash.html = TEXT -
trunk/LayoutTests/platform/gtk/TestExpectations
r120104 r120145 1249 1249 BUGWK88727 : http/tests/xmlhttprequest/origin-exact-matching.html = TEXT 1250 1250 1251 // New test introduced in r119947 failing on GTK port1252 BUGWK88760 : http/tests/cookies/js-get-and-set-http-only-cookie.html = TEXT1253 1254 1251 // Started failing after it was added in r116473 1255 1252 BUGWK85969 : http/tests/loading/post-in-iframe-with-back-navigation.html = TEXT -
trunk/Source/WebCore/ChangeLog
r120144 r120145 1 2012-06-12 Christophe Dumez <christophe.dumez@intel.com> 2 3 [soup] Prevent setting or editing httpOnly cookies from JavaScript 4 https://bugs.webkit.org/show_bug.cgi?id=88760 5 6 Reviewed by Gustavo Noronha Silva. 7 8 Prevent setting or overwriting httpOnly cookies from JavaScript. 9 Fix setCookies() so that it parses all the cookies and not just 10 the first one. 11 12 Test: http/tests/cookies/js-get-and-set-http-only-cookie.html 13 14 * platform/network/soup/CookieJarSoup.cpp: 15 (WebCore::httpOnlyCookieExists): 16 (WebCore): 17 (WebCore::setCookies): 18 1 19 2012-06-12 Christophe Dumez <christophe.dumez@intel.com> 2 20 -
trunk/Source/WebCore/platform/network/soup/CookieJarSoup.cpp
r112234 r120145 73 73 } 74 74 75 static inline bool httpOnlyCookieExists(const GSList* cookies, const gchar* name, const gchar* path) 76 { 77 for (const GSList* iter = cookies; iter; iter = g_slist_next(iter)) { 78 SoupCookie* cookie = static_cast<SoupCookie*>(iter->data); 79 if (!strcmp(soup_cookie_get_name(cookie), name) 80 && !g_strcmp0(soup_cookie_get_path(cookie), path)) { 81 if (soup_cookie_get_http_only(cookie)) 82 return true; 83 break; 84 } 85 } 86 return false; 87 } 88 75 89 void setCookies(Document* document, const KURL& url, const String& value) 76 90 { … … 81 95 GOwnPtr<SoupURI> origin(soup_uri_new(url.string().utf8().data())); 82 96 GOwnPtr<SoupURI> firstParty(soup_uri_new(document->firstPartyForCookies().string().utf8().data())); 83 soup_cookie_jar_set_cookie_with_first_party(jar, origin.get(), firstParty.get(), value.utf8().data()); 97 98 // Get existing cookies for this origin. 99 GSList* existingCookies = soup_cookie_jar_get_cookie_list(jar, origin.get(), TRUE); 100 101 Vector<String> cookies; 102 value.split('\n', cookies); 103 const size_t cookiesCount = cookies.size(); 104 for (size_t i = 0; i < cookiesCount; ++i) { 105 GOwnPtr<SoupCookie> cookie(soup_cookie_parse(cookies[i].utf8().data(), origin.get())); 106 if (!cookie) 107 continue; 108 109 // Make sure the cookie is not httpOnly since such cookies should not be set from JavaScript. 110 if (soup_cookie_get_http_only(cookie.get())) 111 continue; 112 113 // Make sure we do not overwrite httpOnly cookies from JavaScript. 114 if (httpOnlyCookieExists(existingCookies, soup_cookie_get_name(cookie.get()), soup_cookie_get_path(cookie.get()))) 115 continue; 116 117 soup_cookie_jar_add_cookie_with_first_party(jar, firstParty.get(), cookie.release()); 118 } 119 120 soup_cookies_free(existingCookies); 84 121 } 85 122 -
trunk/Tools/ChangeLog
r120144 r120145 1 2012-06-12 Christophe Dumez <christophe.dumez@intel.com> 2 3 [soup] Prevent setting or editing httpOnly cookies from JavaScript 4 https://bugs.webkit.org/show_bug.cgi?id=88760 5 6 Reviewed by Gustavo Noronha Silva. 7 8 Update libsoup to v2.39.2, glib to v2.33.2 and glib-networking 9 to v2.33.2 for both GTK and EFL ports. 10 11 * efl/jhbuild.modules: 12 * gtk/jhbuild.modules: 13 1 14 2012-06-12 Christophe Dumez <christophe.dumez@intel.com> 2 15 -
trunk/Tools/efl/jhbuild.modules
r117378 r120145 111 111 <dep package="libffi"/> 112 112 </dependencies> 113 <branch module="/pub/GNOME/sources/glib/2.3 2/glib-2.32.2.tar.xz" version="2.32.2"113 <branch module="/pub/GNOME/sources/glib/2.33/glib-2.33.2.tar.xz" version="2.33.2" 114 114 repo="ftp.gnome.org" 115 hash="sha256:b 1764abf00bac96e0e93e29fb9715ce75f3583579acac40648e18771d43d6136"116 md5sum=" 5bfdb6197afb90e4dbc7b1bb98f0eae0"/>115 hash="sha256:b7163e9f159775d13ecfb433d67c3f0883e0e518e85b2e970d4ad9773d7cd0b4" 116 md5sum="06ef0099fed22afcf34ade39ddff9a5b"/> 117 117 </autotools> 118 118 … … 121 121 <dep package="gnutls"/> 122 122 </dependencies> 123 <branch module="/pub/GNOME/sources/glib-networking/2.3 1/glib-networking-2.31.2.tar.xz" version="2.31.2"123 <branch module="/pub/GNOME/sources/glib-networking/2.33/glib-networking-2.33.2.tar.xz" version="2.33.2" 124 124 repo="ftp.gnome.org" 125 hash=" sha256:03e3a2881d2626d1206e72972531661037fe0d32e745bf9b2f63c0d6f5e32a9c"126 md5sum=" b649b457bd9fd5e0e9b9c4dcb1a74a37"/>125 hash="e298cff3935eb752be290bbf734e457f1870bdb5370ee292606e6040a82074e7" 126 md5sum="5abb364f2a0babe2ec1e3a6d59f69043"/> 127 127 </autotools> 128 128 … … 144 144 <dep package="glib-networking"/> 145 145 </dependencies> 146 <branch module="libsoup" version="2.3 8.1"146 <branch module="libsoup" version="2.39.2" 147 147 repo="git.gnome.org" 148 tag="LIBSOUP_2_3 8_1"/>148 tag="LIBSOUP_2_39_2"/> 149 149 </autotools> 150 150 -
trunk/Tools/gtk/jhbuild.modules
r116778 r120145 132 132 <dep package="libffi"/> 133 133 </dependencies> 134 <branch module="/pub/GNOME/sources/glib/2.3 2/glib-2.32.0.tar.xz" version="2.32.0"135 repo="ftp.gnome.org" 136 hash="sha256: cde9d9f25ed648069c547e323897ad9379974e1f936b4477fa51bcf1bb261ae4"137 md5sum=" c5fa76fbf9184d20dfb04af66b598190"/>134 <branch module="/pub/GNOME/sources/glib/2.33/glib-2.33.2.tar.xz" version="2.33.2" 135 repo="ftp.gnome.org" 136 hash="sha256:b7163e9f159775d13ecfb433d67c3f0883e0e518e85b2e970d4ad9773d7cd0b4" 137 md5sum="06ef0099fed22afcf34ade39ddff9a5b"/> 138 138 </autotools> 139 139 … … 143 143 <dep package="gnutls"/> 144 144 </dependencies> 145 <branch module="/pub/GNOME/sources/glib-networking/2.3 1/glib-networking-2.31.2.tar.xz" version="2.31.2"146 repo="ftp.gnome.org" 147 hash="sha256: 03e3a2881d2626d1206e72972531661037fe0d32e745bf9b2f63c0d6f5e32a9c"148 md5sum=" b649b457bd9fd5e0e9b9c4dcb1a74a37"/>145 <branch module="/pub/GNOME/sources/glib-networking/2.33/glib-networking-2.33.2.tar.xz" version="2.33.2" 146 repo="ftp.gnome.org" 147 hash="sha256:e298cff3935eb752be290bbf734e457f1870bdb5370ee292606e6040a82074e7" 148 md5sum="5abb364f2a0babe2ec1e3a6d59f69043"/> 149 149 </autotools> 150 150 … … 162 162 <dep package="glib-networking"/> 163 163 </dependencies> 164 <branch module="libsoup" version="2.3 8.1"164 <branch module="libsoup" version="2.39.2" 165 165 repo="git.gnome.org" 166 tag="LIBSOUP_2_3 8_1"/>166 tag="LIBSOUP_2_39_2"/> 167 167 </autotools> 168 168
Note: See TracChangeset
for help on using the changeset viewer.