Context Navigation

← Previous Changeset
Next Changeset →

Changeset 197858 in webkit

Timestamp:

Mar 9, 2016 9:06:56 AM (8 years ago)

Author:

Brent Fulgham

Message:

Local HTML should be blocked from localStorage access unless "Disable Local File Restrictions" is checked..
https://bugs.webkit.org/show_bug.cgi?id=155185
<rdar://problem/11101440>

Reviewed by Zalan Bujtas.

Source/WebCore:

Tested by storage/domstorage/localstorage/blocked-file-access.html.

page/SecurityOrigin.cpp:

(WebCore::SecurityOrigin::canAccessStorage): If the origin is a local file, and we have not been granted
universal file access, prevent access to DOM localStorage.

LayoutTests:

storage/domstorage/localstorage/blocked-file-access-expected.txt: Added.
storage/domstorage/localstorage/blocked-file-access.html: Added.
storage/domstorage/localstorage/resources/blocked-example.html: Added.

Location:

trunk

Files:

: 3 added
: 3 edited

LayoutTests/ChangeLog (modified) (1 diff)
LayoutTests/storage/domstorage/localstorage/blocked-file-access-expected.txt (added)
LayoutTests/storage/domstorage/localstorage/blocked-file-access.html (added)
LayoutTests/storage/domstorage/localstorage/resources/blocked-example.html (added)
Source/WebCore/ChangeLog (modified) (1 diff)
Source/WebCore/page/SecurityOrigin.cpp (modified) (1 diff)

Legend:

: Unmodified
: Added
: Removed

trunk/LayoutTests/ChangeLog

-                      r197857
+                      r197858
+-03-08  Brent Fulgham  <bfulgham@apple.com>
+        Local HTML should be blocked from localStorage access unless "Disable Local File Restrictions" is checked..
+        https://bugs.webkit.org/show_bug.cgi?id=155185
+        <rdar://problem/11101440>
+        Reviewed by Zalan Bujtas.
+        * storage/domstorage/localstorage/blocked-file-access-expected.txt: Added.
+        * storage/domstorage/localstorage/blocked-file-access.html: Added.
+        * storage/domstorage/localstorage/resources/blocked-example.html: Added.
 -03-09  Manuel Rego Casasnovas  <rego@igalia.com>

trunk/Source/WebCore/ChangeLog

-                      r197857
+                      r197858
+-03-08  Brent Fulgham  <bfulgham@apple.com>
+        Local HTML should be blocked from localStorage access unless "Disable Local File Restrictions" is checked..
+        https://bugs.webkit.org/show_bug.cgi?id=155185
+        <rdar://problem/11101440>
+        Reviewed by Zalan Bujtas.
+        Tested by storage/domstorage/localstorage/blocked-file-access.html.
+        * page/SecurityOrigin.cpp:
+        (WebCore::SecurityOrigin::canAccessStorage): If the origin is a local file, and we have not been granted
+        universal file access, prevent access to DOM localStorage.
 -03-09  Manuel Rego Casasnovas  <rego@igalia.com>

trunk/Source/WebCore/page/SecurityOrigin.cpp

-                      r197706
+                      r197858
         return false;
+    if (isLocal() && !m_universalAccess)
+        return false;
     // FIXME: This check should be replaced with an ASSERT once we can guarantee that topOrigin is not null.
     if (!topOrigin)

Note: See TracChangeset for help on using the changeset viewer.