Changeset 147526 in webkit
- Timestamp:
- Apr 3, 2013 1:31:07 AM (11 years ago)
- Location:
- trunk/Source/WebCore
- Files:
-
- 4 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/Source/WebCore/ChangeLog
r147523 r147526 1 2013-04-03 Mike West <mkwst@chromium.org> 2 3 Extract URL that doesn't inherit a parent's SecurityOrigin out into a constant. 4 https://bugs.webkit.org/show_bug.cgi?id=113780 5 6 Reviewed by Jochen Eisinger. 7 8 We're scheduling navigations to 'data:text/html,' in XSSAuditor in 9 order to end up on a page that doesn't inherit its parent's 10 SecurityOrigin. We'll be reusing this mechainsm to solve 11 http://wkbug.com/112903 12 13 This patch makes us more explicit about what we're doing and why. 14 It doesn't change any behavior: XSSAuditor tests should still pass. 15 16 * html/parser/XSSAuditorDelegate.cpp: 17 (WebCore::XSSAuditorDelegate::didBlockScript): 18 Use SecurityOrigin::urlWithUniqueSecurityOrigin rather than a 19 literal string to make our intentions clear. 20 * page/SecurityOrigin.cpp: 21 (WebCore::SecurityOrigin::urlWithUniqueSecurityOrigin): 22 * page/SecurityOrigin.h: 23 Add the new static method. 24 1 25 2013-04-02 Chris Fleizach <cfleizach@apple.com> 2 26 -
trunk/Source/WebCore/html/parser/XSSAuditorDelegate.cpp
r145801 r147526 112 112 113 113 if (xssInfo.m_didBlockEntirePage) 114 m_document->frame()->navigationScheduler()->scheduleLocationChange(m_document->securityOrigin(), S tring("data:text/html,<p></p>"), blankURL());114 m_document->frame()->navigationScheduler()->scheduleLocationChange(m_document->securityOrigin(), SecurityOrigin::urlWithUniqueSecurityOrigin(), String()); 115 115 } 116 116 -
trunk/Source/WebCore/page/SecurityOrigin.cpp
r146580 r147526 593 593 } 594 594 595 String SecurityOrigin::urlWithUniqueSecurityOrigin() 596 { 597 ASSERT(isMainThread()); 598 DEFINE_STATIC_LOCAL(const String, uniqueSecurityOriginURL, (ASCIILiteral("data:,"))); 599 return uniqueSecurityOriginURL; 600 } 601 595 602 } // namespace WebCore -
trunk/Source/WebCore/page/SecurityOrigin.h
r146115 r147526 211 211 bool isSameSchemeHostPort(const SecurityOrigin*) const; 212 212 213 static String urlWithUniqueSecurityOrigin(); 214 213 215 private: 214 216 SecurityOrigin();
Note: See TracChangeset
for help on using the changeset viewer.