Changeset 188062 in webkit


Ignore:
Timestamp:
Aug 6, 2015 2:36:00 PM (9 years ago)
Author:
eric.carlson@apple.com
Message:

Do not enforce "content-disposition: attachment" sandbox restrictions on a MediaDocument
https://bugs.webkit.org/show_bug.cgi?id=147734
rdar://problem/22028179

Reviewed by Andy Estes.

Test to follow, see https://bugs.webkit.org/show_bug.cgi?id=147735

  • dom/Document.cpp:

(WebCore::Document::initSecurityContext): Use applyContentDispositionAttachmentSandbox

instead of setting sandbox flags directly.

(WebCore::Document::shouldEnforceContentDispositionAttachmentSandbox): Don't special

case MediaDocument.

(WebCore::Document::applyContentDispositionAttachmentSandbox): Apply sandbox flags

according to document type.

  • dom/Document.h:
Location:
trunk/Source/WebCore
Files:
3 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/WebCore/ChangeLog

    r188061 r188062  
     12015-08-06  Eric Carlson  <eric.carlson@apple.com>
     2
     3        Do not enforce "content-disposition: attachment" sandbox restrictions on a MediaDocument
     4        https://bugs.webkit.org/show_bug.cgi?id=147734
     5        rdar://problem/22028179
     6
     7        Reviewed by Andy Estes.
     8
     9        Test to follow, see https://bugs.webkit.org/show_bug.cgi?id=147735
     10
     11        * dom/Document.cpp:
     12        (WebCore::Document::initSecurityContext): Use applyContentDispositionAttachmentSandbox
     13          instead of setting sandbox flags directly.
     14        (WebCore::Document::shouldEnforceContentDispositionAttachmentSandbox): Don't special
     15          case MediaDocument.
     16        (WebCore::Document::applyContentDispositionAttachmentSandbox): Apply sandbox flags
     17          according to document type.
     18        * dom/Document.h:
     19
    1202015-08-06  Anders Carlsson  <andersca@apple.com>
    221

  • trunk/Source/WebCore/dom/Document.cpp

    r188051 r188062  
    49374937
    49384938    if (shouldEnforceContentDispositionAttachmentSandbox())
    4939         enforceSandboxFlags(SandboxAll);
     4939        applyContentDispositionAttachmentSandbox();
    49404940
    49414941    setSecurityOriginPolicy(SecurityOriginPolicy::create(isSandboxed(SandboxOrigin) ? SecurityOrigin::createUnique() : SecurityOrigin::create(m_url)));
     
    67186718        return false;
    67196719
    6720     if (isMediaDocument())
    6721         return false;
    6722 
    67236720    bool contentDispositionAttachmentSandboxEnabled = settings() && settings()->contentDispositionAttachmentSandboxEnabled();
    67246721    bool responseIsAttachment = false;
     
    67296726}
    67306727
     6728void Document::applyContentDispositionAttachmentSandbox()
     6729{
     6730    ASSERT(shouldEnforceContentDispositionAttachmentSandbox());
     6731
     6732    if (!isMediaDocument())
     6733        enforceSandboxFlags(SandboxAll);
     6734    else
     6735        enforceSandboxFlags(SandboxOrigin);
     6736}
     6737
    67316738} // namespace WebCore

  • trunk/Source/WebCore/dom/Document.h

    r188041 r188062  
    12801280    ShouldOpenExternalURLsPolicy shouldOpenExternalURLsPolicyToPropagate() const;
    12811281    bool shouldEnforceContentDispositionAttachmentSandbox() const;
     1282    void applyContentDispositionAttachmentSandbox();
    12821283
    12831284protected:
Note: See TracChangeset for help on using the changeset viewer.