Changeset 140839 in webkit
- Timestamp:
- Jan 25, 2013 9:48:54 AM (11 years ago)
- Location:
- trunk
- Files:
-
- 2 added
- 3 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/LayoutTests/ChangeLog
r140838 r140839 1 2013-01-25 Mike West <mkwst@chromium.org> 2 3 Merge isViewSource checks in ScriptController::executeIfJavaScriptURL and ScriptController::canExecuteScripts. 4 https://bugs.webkit.org/show_bug.cgi?id=101683 5 6 Reviewed by Adam Barth. 7 8 * http/tests/security/view-source-javascript-url-in-document-expected.txt: Added. 9 * http/tests/security/view-source-javascript-url-in-document.html: Added. 10 1 11 2013-01-25 Erik Arvidsson <arv@chromium.org> 2 12 -
trunk/Source/WebCore/ChangeLog
r140836 r140839 1 2013-01-25 Mike West <mkwst@chromium.org> 2 3 ScriptController::executeIfJavaScriptURL incorrectly checks viewsource mode. 4 incorrectly blocks execution based on the frame's viewsource state. 5 https://bugs.webkit.org/show_bug.cgi?id=101683 6 7 Reviewed by Adam Barth. 8 9 ScriptController::executeIfJavaScriptURL currently checks whether the 10 frame in which a 'javascript:' URL might be executed is in viewsource 11 mode. This incorrectly handles the case where the viewsource attribute 12 is added after a document loads: the _frame_ is in viewsource mode, the 13 _document_ is not. The latter should control execution, not the former. 14 15 This patch drops the inViewSourceMode check from executeIfJavaScriptURL 16 entirely, as the document's viewsource state is checked in 17 canExecuteScripts, which is already called when the 'javascript:' URL is 18 passed to executeScript. The checks should remain centralized there. 19 20 Test: http/tests/security/view-source-javascript-url-in-document.html 21 22 * bindings/ScriptControllerBase.cpp: 23 (WebCore::ScriptController::executeIfJavaScriptURL): 24 Drop the incorrect check against the Frame's viewsource mode. The 25 correct check against the Document's viewsource mode is performed 26 in canExecuteScripts (which is called via executeScript). 27 1 28 2013-01-25 Gustavo Noronha Silva <gns@gnome.org> 2 29 -
trunk/Source/WebCore/bindings/ScriptControllerBase.cpp
r137318 r140839 80 80 81 81 if (!m_frame->page() 82 || !m_frame->document()->contentSecurityPolicy()->allowJavaScriptURLs(m_frame->document()->url(), eventHandlerPosition().m_line) 83 || m_frame->inViewSourceMode()) 82 || !m_frame->document()->contentSecurityPolicy()->allowJavaScriptURLs(m_frame->document()->url(), eventHandlerPosition().m_line)) 84 83 return true; 85 84
Note: See TracChangeset
for help on using the changeset viewer.