Changeset 195493 in webkit


Ignore:
Timestamp:
Jan 22, 2016 4:19:02 PM (8 years ago)
Author:
dbates@webkit.org
Message:

LayoutTest http/tests/security/xssAuditor/embed-tag-in-path-unterminated.html crashing
https://bugs.webkit.org/show_bug.cgi?id=153250
<rdar://problem/12172843>
And
<rdar://problem/24248040>

Reviewed by Alexey Proskuryakov.

Source/WebCore:

Remove an incorrect assertion that the absolute URL associated with a protection space cannot
contain consecutive forward slash (/) characters. A URL can contain consecutive forward slashes.
This also makes the invariants for CredentialStorage::findDefaultProtectionSpaceForURL() symmetric
with the invariants for WebCore::protectionSpaceMapKeyFromURL().

Tests: http/tests/loading/basic-auth-load-URL-with-consecutive-slashes.html

http/tests/xmlhttprequest/basic-auth-load-URL-with-consecutive-slashes.html

  • platform/network/CredentialStorage.cpp:

(WebCore::CredentialStorage::findDefaultProtectionSpaceForURL):

LayoutTests:

The test case http/tests/xmlhttprequest/basic-auth-load-URL-with-consecutive-slashes.html was derived
from a test case written by Yongjun Zhang in <https://bugs.webkit.org/attachment.cgi?id=65189> (bug #44461).

  • http/tests/loading/basic-auth-load-URL-with-consecutive-slashes-expected.txt: Added.
  • http/tests/loading/basic-auth-load-URL-with-consecutive-slashes.html: Added.
  • http/tests/xmlhttprequest/basic-auth-load-URL-with-consecutive-slashes-expected.txt: Added.
  • http/tests/xmlhttprequest/basic-auth-load-URL-with-consecutive-slashes.html: Added.
  • platform/wk2/http/tests/loading/basic-auth-load-URL-with-consecutive-slashes-expected.txt: Added.
Location:
trunk
Files:
5 added
3 edited

Legend:

Unmodified
Added
Removed
  • trunk/LayoutTests/ChangeLog

    r195492 r195493  
     12016-01-22  Daniel Bates  <dabates@apple.com>
     2
     3        LayoutTest http/tests/security/xssAuditor/embed-tag-in-path-unterminated.html crashing
     4        https://bugs.webkit.org/show_bug.cgi?id=153250
     5        <rdar://problem/12172843>
     6        And
     7        <rdar://problem/24248040>
     8
     9        Reviewed by Alexey Proskuryakov.
     10
     11        The test case http/tests/xmlhttprequest/basic-auth-load-URL-with-consecutive-slashes.html was derived
     12        from a test case written by Yongjun Zhang in <https://bugs.webkit.org/attachment.cgi?id=65189> (bug #44461).
     13
     14        * http/tests/loading/basic-auth-load-URL-with-consecutive-slashes-expected.txt: Added.
     15        * http/tests/loading/basic-auth-load-URL-with-consecutive-slashes.html: Added.
     16        * http/tests/xmlhttprequest/basic-auth-load-URL-with-consecutive-slashes-expected.txt: Added.
     17        * http/tests/xmlhttprequest/basic-auth-load-URL-with-consecutive-slashes.html: Added.
     18        * platform/wk2/http/tests/loading/basic-auth-load-URL-with-consecutive-slashes-expected.txt: Added.
     19
    1202016-01-22  Ryan Haddad  <ryanhaddad@apple.com>
    221
  • trunk/Source/WebCore/ChangeLog

    r195491 r195493  
     12016-01-22  Daniel Bates  <dabates@apple.com>
     2
     3        LayoutTest http/tests/security/xssAuditor/embed-tag-in-path-unterminated.html crashing
     4        https://bugs.webkit.org/show_bug.cgi?id=153250
     5        <rdar://problem/12172843>
     6        And
     7        <rdar://problem/24248040>
     8
     9        Reviewed by Alexey Proskuryakov.
     10
     11        Remove an incorrect assertion that the absolute URL associated with a protection space cannot
     12        contain consecutive forward slash (/) characters. A URL can contain consecutive forward slashes.
     13        This also makes the invariants for CredentialStorage::findDefaultProtectionSpaceForURL() symmetric
     14        with the invariants for WebCore::protectionSpaceMapKeyFromURL().
     15
     16        Tests: http/tests/loading/basic-auth-load-URL-with-consecutive-slashes.html
     17               http/tests/xmlhttprequest/basic-auth-load-URL-with-consecutive-slashes.html
     18
     19        * platform/network/CredentialStorage.cpp:
     20        (WebCore::CredentialStorage::findDefaultProtectionSpaceForURL):
     21
    1222016-01-22  Chris Dumez  <cdumez@apple.com>
    223
  • trunk/Source/WebCore/platform/network/CredentialStorage.cpp

    r186476 r195493  
    124124        directoryURL = directoryURL.substring(0, (index == directoryURLPathStart) ? index + 1 : index);
    125125        ASSERT(directoryURL.length() > directoryURLPathStart);
    126         ASSERT(directoryURL.length() == directoryURLPathStart + 1 || directoryURL[directoryURL.length() - 1] != '/');
    127126    }
    128127}
Note: See TracChangeset for help on using the changeset viewer.