Changeset 140839 in webkit

Timestamp:

Jan 25, 2013 9:48:54 AM (11 years ago)

Author:

mkwst@chromium.org

Message:

Source/WebCore: ScriptController::executeIfJavaScriptURL incorrectly checks viewsource mode.
incorrectly blocks execution based on the frame's viewsource state.
​https://bugs.webkit.org/show_bug.cgi?id=101683

Reviewed by Adam Barth.

ScriptController::executeIfJavaScriptURL currently checks whether the
frame in which a 'javascript:' URL might be executed is in viewsource
mode. This incorrectly handles the case where the viewsource attribute
is added after a document loads: the _frame_ is in viewsource mode, the
_document_ is not. The latter should control execution, not the former.

This patch drops the inViewSourceMode check from executeIfJavaScriptURL
entirely, as the document's viewsource state is checked in
canExecuteScripts, which is already called when the 'javascript:' URL is
passed to executeScript. The checks should remain centralized there.

Test: http/tests/security/view-source-javascript-url-in-document.html

• bindings/ScriptControllerBase.cpp:

(WebCore::ScriptController::executeIfJavaScriptURL):

Drop the incorrect check against the Frame's viewsource mode. The
correct check against the Document's viewsource mode is performed
in canExecuteScripts (which is called via executeScript).

LayoutTests: Merge isViewSource checks in ScriptController::executeIfJavaScriptURL and ScriptController::canExecuteScripts.
​https://bugs.webkit.org/show_bug.cgi?id=101683

Reviewed by Adam Barth.

• http/tests/security/view-source-javascript-url-in-document-expected.txt: Added.
• http/tests/security/view-source-javascript-url-in-document.html: Added.

Location:

trunk

Files:

• LayoutTests/ChangeLog (modified) (1 diff)
• LayoutTests/http/tests/security/view-source-javascript-url-in-document-expected.txt (added)
• LayoutTests/http/tests/security/view-source-javascript-url-in-document.html (added)
• Source/WebCore/ChangeLog (modified) (1 diff)
• Source/WebCore/bindings/ScriptControllerBase.cpp (modified) (1 diff)

trunk/LayoutTests/ChangeLog

@@ +1 @@
+2013-01-25  Mike West  <mkwst@chromium.org>
+
+        Merge isViewSource checks in ScriptController::executeIfJavaScriptURL and ScriptController::canExecuteScripts.
+        https://bugs.webkit.org/show_bug.cgi?id=101683
+
+        Reviewed by Adam Barth.
+
+        * http/tests/security/view-source-javascript-url-in-document-expected.txt: Added.
+        * http/tests/security/view-source-javascript-url-in-document.html: Added.
+
 2013-01-25  Erik Arvidsson  <arv@chromium.org>
 

trunk/Source/WebCore/ChangeLog

@@ +1 @@
+2013-01-25  Mike West  <mkwst@chromium.org>
+
+        ScriptController::executeIfJavaScriptURL incorrectly checks viewsource mode.
+        incorrectly blocks execution based on the frame's viewsource state.
+        https://bugs.webkit.org/show_bug.cgi?id=101683
+
+        Reviewed by Adam Barth.
+
+        ScriptController::executeIfJavaScriptURL currently checks whether the
+        frame in which a 'javascript:' URL might be executed is in viewsource
+        mode. This incorrectly handles the case where the viewsource attribute
+        is added after a document loads: the _frame_ is in viewsource mode, the
+        _document_ is not. The latter should control execution, not the former.
+
+        This patch drops the inViewSourceMode check from executeIfJavaScriptURL
+        entirely, as the document's viewsource state is checked in
+        canExecuteScripts, which is already called when the 'javascript:' URL is
+        passed to executeScript. The checks should remain centralized there.
+
+        Test: http/tests/security/view-source-javascript-url-in-document.html
+
+        * bindings/ScriptControllerBase.cpp:
+        (WebCore::ScriptController::executeIfJavaScriptURL):
+            Drop the incorrect check against the Frame's viewsource mode. The
+            correct check against the Document's viewsource mode is performed
+            in canExecuteScripts (which is called via executeScript).
+
 2013-01-25  Gustavo Noronha Silva  <gns@gnome.org>
 

trunk/Source/WebCore/bindings/ScriptControllerBase.cpp

@@ -80 +80 @@
 
     if (!m_frame->page()
-        || !m_frame->document()->contentSecurityPolicy()->allowJavaScriptURLs(m_frame->document()->url(), eventHandlerPosition().m_line)
-        || m_frame->inViewSourceMode())
+        || !m_frame->document()->contentSecurityPolicy()->allowJavaScriptURLs(m_frame->document()->url(), eventHandlerPosition().m_line))
         return true;